Class: Passwordless::SessionsController

Inherits:
ApplicationController show all
Includes:
ControllerHelpers
Defined in:
app/controllers/passwordless/sessions_controller.rb

Overview

Controller for managing Passwordless sessions

Instance Method Summary collapse

Methods included from ControllerHelpers

#authenticate_by_cookie, #authenticate_by_session, #build_passwordless_session, #find_passwordless_session_for, #redirect_session_key, #reset_passwordless_redirect_location!, #save_passwordless_redirect_location!, #session_key, #sign_in, #sign_out, #upgrade_passwordless_cookie

Methods inherited from ApplicationController

#passwordless_controller?

Instance Method Details

#createObject

post ‘/sign_in’

Creates a new Session record then sends the magic link
redirects to sign in page with generic flash message.

See Also:



22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
# File 'app/controllers/passwordless/sessions_controller.rb', line 22

def create
  @resource = find_authenticatable
  session = build_passwordless_session(@resource)

  if session.save
    if Passwordless.after_session_save.arity == 2
      Passwordless.after_session_save.call(session, request)
    else
      Passwordless.after_session_save.call(session)
    end
  end

  flash[:notice] = I18n.t('passwordless.sessions.create.email_sent_if_record_found')
  redirect_to()
end

#destroyObject

match ‘/sign_out’, via: %i[get delete].

Signs user out. Redirects to root_path


62
63
64
65
# File 'app/controllers/passwordless/sessions_controller.rb', line 62

def destroy
  sign_out(authenticatable_class)
  redirect_to(passwordless_sign_out_redirect_path, Passwordless.redirect_to_response_options.dup)
end

#newObject

get ‘/sign_in’

Assigns an email_field and new Session to be used by new view.
renders sessions/new.html.erb.


13
14
15
16
# File 'app/controllers/passwordless/sessions_controller.rb', line 13

def new
  @email_field = email_field
  @session = Session.new
end

#showObject

get ‘/sign_in/:token’

Looks up session record by provided token. Signs in user if a match
is found. Redirects to either the user's original destination
or _root_path_


44
45
46
47
48
49
50
51
52
53
54
55
56
57
# File 'app/controllers/passwordless/sessions_controller.rb', line 44

def show
  # Make it "slow" on purpose to make brute-force attacks more of a hassle
  redirect_to_options = Passwordless.redirect_to_response_options.dup
  BCrypt::Password.create(params[:token])
  (passwordless_session)

  redirect_to(passwordless_success_redirect_path, redirect_to_options)
rescue Errors::TokenAlreadyClaimedError
  flash[:error] = I18n.t(".passwordless.sessions.create.token_claimed")
  redirect_to(passwordless_failure_redirect_path, redirect_to_options)
rescue Errors::SessionTimedOutError
  flash[:error] = I18n.t(".passwordless.sessions.create.session_expired")
  redirect_to(passwordless_failure_redirect_path, redirect_to_options)
end