Module: VerifiesWithEmail
- Extended by:
- ActiveSupport::Concern
- Includes:
- ActionView::Helpers::DateHelper
- Included in:
- SessionsController
- Defined in:
- app/controllers/concerns/verifies_with_email.rb
Overview
VerifiesWithEmail
Controller concern to handle verification by email
Instance Method Summary collapse
-
#resend_verification_code ⇒ Object
rubocop:enable Metrics/PerceivedComplexity.
- #successful_verification ⇒ Object
- #update_email ⇒ Object
-
#verify_with_email ⇒ Object
rubocop:disable Metrics/PerceivedComplexity.
Instance Method Details
#resend_verification_code ⇒ Object
rubocop:enable Metrics/PerceivedComplexity
45 46 47 48 49 50 51 52 53 54 55 56 57 58 |
# File 'app/controllers/concerns/verifies_with_email.rb', line 45 def resend_verification_code return unless user = find_verification_user if send_rate_limited?(user) = format( s_("IdentityVerification|You've reached the maximum amount of resends. Wait %{interval} and try again."), interval: rate_limit_interval(:email_verification_code_send) ) render json: { status: :failure, message: } else send_verification_instructions(user) render json: { status: :success } end end |
#successful_verification ⇒ Object
75 76 77 78 79 80 |
# File 'app/controllers/concerns/verifies_with_email.rb', line 75 def successful_verification session.delete(:verification_user_id) @redirect_url = after_sign_in_path_for(current_user) # rubocop:disable Gitlab/ModuleWithInstanceVariables render layout: 'minimal' end |
#update_email ⇒ Object
60 61 62 63 64 65 66 67 68 69 70 71 72 73 |
# File 'app/controllers/concerns/verifies_with_email.rb', line 60 def update_email return unless user = find_verification_user log_verification(user, :email_update_requested) result = Users::EmailVerification::UpdateEmailService.new(user: user).execute(email: email_params[:email]) if result[:status] == :success send_verification_instructions(user) else handle_verification_failure(user, result[:reason], result[:message]) end render json: result end |
#verify_with_email ⇒ Object
rubocop:disable Metrics/PerceivedComplexity
15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 |
# File 'app/controllers/concerns/verifies_with_email.rb', line 15 def verify_with_email return unless user = find_user || find_verification_user if session[:verification_user_id] && token = verification_params[:verification_token].presence # The verification token is submitted, verify it verify_token(user, token) elsif require_email_verification_enabled?(user) # Limit the amount of password guesses, since we now display the email verification page # when the password is correct, which could be a giveaway when brute-forced. return render_sign_in_rate_limited if check_rate_limit!(:user_sign_in, scope: user) { true } if user.valid_password?(user_params[:password]) # The user has logged in successfully. if user.unlock_token # Prompt for the token if it already has been set prompt_for_email_verification(user) elsif user.access_locked? || !trusted_ip_address?(user) # require email verification if: # - their account has been locked because of too many failed login attempts, or # - they have logged in before, but never from the current ip address reason = 'sign in from untrusted IP address' unless user.access_locked? send_verification_instructions(user, reason: reason) unless send_rate_limited?(user) prompt_for_email_verification(user) end end end end |