Class: Passwordless::SessionsController

Inherits:

ApplicationController

• Object
• ApplicationController
• ApplicationController
• Passwordless::SessionsController

Includes:

ControllerHelpers

Defined in:

app/controllers/passwordless/sessions_controller.rb

Overview

Controller for managing Passwordless sessions

Instance Method Summary

• #create ⇒ Object

  post ‘/sign_in’ Creates a new Session record then sends the magic link redirects to sign in page with generic flash message.

• #destroy ⇒ Object

  match ‘/sign_out’, via: %i[get delete].

• #new ⇒ Object

  get ‘/sign_in’ Assigns an email_field and new Session to be used by new view.

• #show ⇒ Object

  get ‘/sign_in/:token’ Looks up session record by provided token.

Methods included from ControllerHelpers

#authenticate_by_cookie, #authenticate_by_session, #build_passwordless_session, #find_passwordless_session_for, #redirect_session_key, #reset_passwordless_redirect_location!, #save_passwordless_redirect_location!, #session_key, #sign_in, #sign_out, #upgrade_passwordless_cookie

Methods inherited from ApplicationController

#passwordless_controller?

Instance Method Details

#create ⇒ Object

post ‘/sign_in’

Creates a new Session record then sends the magic link
redirects to sign in page with generic flash message.

See Also:

• Mailer#magic_link

# File 'app/controllers/passwordless/sessions_controller.rb', line 22

def create
  @resource = find_authenticatable
  session = build_passwordless_session(@resource)

  if session.save
    if Passwordless.after_session_save.arity == 2
      Passwordless.after_session_save.call(session, request)
    else
      Passwordless.after_session_save.call(session)
    end
  end

  flash[:notice] = I18n.t('passwordless.sessions.create.email_sent_if_record_found')
  redirect_to(sign_in_path)
end

#destroy ⇒ Object

match ‘/sign_out’, via: %i[get delete].

Signs user out. Redirects to root_path

See Also:

• ControllerHelpers#sign_out

# File 'app/controllers/passwordless/sessions_controller.rb', line 62

def destroy
  sign_out(authenticatable_class)
  redirect_to(passwordless_sign_out_redirect_path, Passwordless.redirect_to_response_options.dup)
end

#new ⇒ Object

get ‘/sign_in’

Assigns an email_field and new Session to be used by new view.
renders sessions/new.html.erb.

# File 'app/controllers/passwordless/sessions_controller.rb', line 13

def new
  @email_field = email_field
  @session = Session.new
end

#show ⇒ Object

get ‘/sign_in/:token’

Looks up session record by provided token. Signs in user if a match
is found. Redirects to either the user's original destination
or _root_path_

See Also:

• ControllerHelpers#sign_in
• ControllerHelpers#save_passwordless_redirect_location!

# File 'app/controllers/passwordless/sessions_controller.rb', line 44

def show
  # Make it "slow" on purpose to make brute-force attacks more of a hassle
  redirect_to_options = Passwordless.redirect_to_response_options.dup
  BCrypt::Password.create(params[:token])
  sign_in(passwordless_session)

  redirect_to(passwordless_success_redirect_path, redirect_to_options)
rescue Errors::TokenAlreadyClaimedError
  flash[:error] = I18n.t(".passwordless.sessions.create.token_claimed")
  redirect_to(passwordless_failure_redirect_path, redirect_to_options)
rescue Errors::SessionTimedOutError
  flash[:error] = I18n.t(".passwordless.sessions.create.session_expired")
  redirect_to(passwordless_failure_redirect_path, redirect_to_options)
end