Class: Passwordless::SessionsController
- Inherits:
-
Object
- Object
- Passwordless::SessionsController
- Includes:
- ControllerHelpers
- Defined in:
- app/controllers/passwordless/sessions_controller.rb
Overview
Controller for managing Passwordless sessions
Instance Method Summary collapse
-
#confirm ⇒ Object
get “/:resource/sign_in/:id/:token” User visits the link sent to them via email.
-
#create ⇒ Object
post ‘/:resource/sign_in’ Creates a new Session record then sends the magic link redirects to sign in page with generic flash message.
-
#destroy ⇒ Object
match ‘/:resource/sign_out’, via: %i[get delete].
-
#new ⇒ Object
get ‘/:resource/sign_in’ Assigns an email_field and new Session to be used by new view.
-
#show ⇒ Object
get “/:resource/sign_in/:id” Shows the form for confirming a Session record.
-
#update ⇒ Object
patch “/:resource/sign_in/:id” User submits the form for confirming a Session record.
Methods included from ControllerHelpers
#authenticate_by_session, #build_passwordless_session, #create_passwordless_session, #create_passwordless_session!, #find_passwordless_session_for, #redirect_session_key, #reset_passwordless_redirect_location!, #save_passwordless_redirect_location!, #session_key, #sign_in, #sign_out
Instance Method Details
#confirm ⇒ Object
get “/:resource/sign_in/:id/:token”
User visits the link sent to them via email.
Looks up session record by provided token. Signs in user if a match
is found. Redirects to either the user's original destination
or _Passwordless.config.success_redirect_path_.
81 82 83 84 85 86 87 88 89 90 91 |
# File 'app/controllers/passwordless/sessions_controller.rb', line 81 def confirm # Some email clients will visit links in emails to check if they are # safe. We don't want to sign in the user in that case. return head(:ok) if request.head? @session = passwordless_session artificially_slow_down_brute_force_attacks(params[:token]) authenticate_and_sign_in(@session, params[:token]) end |
#create ⇒ Object
post ‘/:resource/sign_in’
Creates a new Session record then sends the magic link
redirects to sign in page with generic flash message.
22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 |
# File 'app/controllers/passwordless/sessions_controller.rb', line 22 def create handle_resource_not_found unless @resource = find_authenticatable @session = build_passwordless_session(@resource) if @session.save call_after_session_save redirect_to( Passwordless.context.path_for( @session, id: @session.to_param, action: "show", ** ), flash: {notice: I18n.t("passwordless.sessions.create.email_sent")} ) else flash.alert = I18n.t("passwordless.sessions.create.error") render(:new, status: :unprocessable_entity) end rescue ActiveRecord::RecordNotFound @session = Session.new flash.alert = I18n.t("passwordless.sessions.create.not_found") render(:new, status: :not_found) end |
#destroy ⇒ Object
match ‘/:resource/sign_out’, via: %i[get delete].
Signs user out. Redirects to root_path
96 97 98 99 100 101 102 103 104 |
# File 'app/controllers/passwordless/sessions_controller.rb', line 96 def destroy sign_out(authenticatable_class) redirect_to( passwordless_sign_out_redirect_path, notice: I18n.t("passwordless.sessions.destroy.signed_out"), ** ) end |
#new ⇒ Object
get ‘/:resource/sign_in’
Assigns an email_field and new Session to be used by new view.
renders sessions/new.html.erb.
15 16 17 |
# File 'app/controllers/passwordless/sessions_controller.rb', line 15 def new @session = Session.new end |
#show ⇒ Object
get “/:resource/sign_in/:id”
Shows the form for confirming a Session record.
renders sessions/show.html.erb.
53 54 55 |
# File 'app/controllers/passwordless/sessions_controller.rb', line 53 def show @session = passwordless_session end |
#update ⇒ Object
patch “/:resource/sign_in/:id”
User submits the form for confirming a Session record.
Looks up session record by provided token. Signs in user if a match
is found. Redirects to either the user's original destination
or _Passwordless.config.success_redirect_path_.
65 66 67 68 69 70 71 |
# File 'app/controllers/passwordless/sessions_controller.rb', line 65 def update @session = passwordless_session artificially_slow_down_brute_force_attacks(passwordless_session_params[:token]) authenticate_and_sign_in(@session, passwordless_session_params[:token]) end |