Validate email before creating identity during sign-up and sign-in
Avoid Sentry exceptions when attackers try to stuff invalid emails. The browser performs form field validation that should normally prevent this from occurring, so we just return 422 without validation error messages. Also: - extract redirect_to_session_magic_link helper - some controller refactoring and cleanup
This commit is contained in:
@@ -20,8 +20,11 @@ class JoinCodesController < ApplicationController
|
||||
elsif identity == Current.identity
|
||||
redirect_to new_users_verification_url(script_name: @join_code.account.slug)
|
||||
else
|
||||
logout_and_send_new_magic_link(identity)
|
||||
redirect_to session_magic_link_url(script_name: nil)
|
||||
terminate_session if Current.identity
|
||||
|
||||
redirect_to_session_magic_link \
|
||||
identity.send_magic_link,
|
||||
return_to: new_users_verification_url(script_name: @join_code.account.slug)
|
||||
end
|
||||
end
|
||||
|
||||
@@ -37,13 +40,4 @@ class JoinCodesController < ApplicationController
|
||||
render :inactive, status: :gone
|
||||
end
|
||||
end
|
||||
|
||||
def logout_and_send_new_magic_link(identity)
|
||||
terminate_session if Current.identity
|
||||
|
||||
magic_link = identity.send_magic_link
|
||||
serve_development_magic_link(magic_link)
|
||||
|
||||
session[:return_to_after_authenticating] = new_users_verification_url(script_name: @join_code.account.slug)
|
||||
end
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user