Module: VerifiesWithEmail

Extended by:
ActiveSupport::Concern
Includes:
ActionView::Helpers::DateHelper
Included in:
SessionsController
Defined in:
app/controllers/concerns/verifies_with_email.rb

Overview

VerifiesWithEmail

Controller concern to handle verification by email

Instance Method Summary collapse

Instance Method Details

#resend_verification_codeObject

rubocop:enable Metrics/PerceivedComplexity



45
46
47
48
49
50
51
52
53
54
55
56
57
58
 
# File 'app/controllers/concerns/verifies_with_email.rb', line 45

def resend_verification_code
  return unless user = find_verification_user

  if send_rate_limited?(user)
    message = format(
      s_("IdentityVerification|You've reached the maximum amount of resends. Wait %{interval} and try again."),
      interval: rate_limit_interval(:email_verification_code_send)
    )
    render json: { status: :failure, message: message }
  else
    send_verification_instructions(user)
    render json: { status: :success }
  end
end

#successful_verificationObject 



75
76
77
78
79
80
 
# File 'app/controllers/concerns/verifies_with_email.rb', line 75

def successful_verification
  session.delete(:verification_user_id)
  @redirect_url = (current_user) # rubocop:disable Gitlab/ModuleWithInstanceVariables

  render layout: 'minimal'
end

#update_emailObject 



60
61
62
63
64
65
66
67
68
69
70
71
72
73
 
# File 'app/controllers/concerns/verifies_with_email.rb', line 60

def update_email
  return unless user = find_verification_user

  log_verification(user, :email_update_requested)
  result = Users::EmailVerification::UpdateEmailService.new(user: user).execute(email: email_params[:email])

  if result[:status] == :success
    send_verification_instructions(user)
  else
    handle_verification_failure(user, result[:reason], result[:message])
  end

  render json: result
end

#verify_with_emailObject

rubocop:disable Metrics/PerceivedComplexity



15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'app/controllers/concerns/verifies_with_email.rb', line 15

def verify_with_email
  return unless user = find_user || find_verification_user

  if session[:verification_user_id] && token = verification_params[:verification_token].presence
    # The verification token is submitted, verify it
    verify_token(user, token)
  elsif require_email_verification_enabled?(user)
    # Limit the amount of password guesses, since we now display the email verification page
    # when the password is correct, which could be a giveaway when brute-forced.
    return  if check_rate_limit!(:user_sign_in, scope: user) { true }

    if user.valid_password?(user_params[:password])
      # The user has logged in successfully.

      if user.unlock_token
        # Prompt for the token if it already has been set
        prompt_for_email_verification(user)
      elsif user.access_locked? || !trusted_ip_address?(user)
        # require email verification if:
        # - their account has been locked because of too many failed login attempts, or
        # - they have logged in before, but never from the current ip address
        reason = 'sign in from untrusted IP address' unless user.access_locked?
        send_verification_instructions(user, reason: reason) unless send_rate_limited?(user)
        prompt_for_email_verification(user)
      end
    end
  end
end