diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index a111ef051..d4813d631 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -1,7 +1,7 @@ class SessionsController < ApplicationController disallow_account_scope require_unauthenticated_access except: :destroy - rate_limit to: 10, within: 3.minutes, only: :create, with: :rate_limit_exceeded + rate_limit to: 10, within: 3.minutes, only: :create, with: :rate_limit_exceeded layout "public" @@ -9,25 +9,15 @@ class SessionsController < ApplicationController end def create - if identity = Identity.find_by_email_address(email_address) - magic_link = identity.send_magic_link + if magic_link = magic_link_from_sign_in_or_sign_up + serve_development_magic_link magic_link + + respond_to do |format| + format.html { redirect_to_session_magic_link magic_link } + format.json { head :created } + end else - signup = Signup.new(email_address: email_address) - if signup.valid?(:identity_creation) - magic_link = signup.create_identity if Account.accepting_signups? - else - head :unprocessable_entity - return - end - end - - serve_development_magic_link magic_link - - respond_to do |format| - format.html { redirect_to_session_magic_link magic_link } - format.json do - head :created - end + head :unprocessable_entity end end @@ -37,6 +27,17 @@ class SessionsController < ApplicationController end private + def magic_link_from_sign_in_or_sign_up + if identity = Identity.find_by_email_address(email_address) + identity.send_magic_link + else + signup = Signup.new(email_address: email_address) + if signup.valid?(:identity_creation) + signup.create_identity if Account.accepting_signups? + end + end + end + def email_address params.expect(:email_address) end