Pass a server token when creating a magic link via API

This commit is contained in:
Fernando Olivares
2025-12-12 12:27:05 -06:00
committed by Stanko K.R.
parent a75a939289
commit 877f82c0cc
2 changed files with 14 additions and 2 deletions
+13 -1
View File
@@ -118,7 +118,19 @@ module Authentication
end
def email_address_pending_authentication
session[:email_address_pending_authentication]
if request.format.json?
verified_pending_authentication_token
else
session[:email_address_pending_authentication]
end
end
def pending_authentication_token_for(email_address)
Rails.application.message_verifier(:pending_authentication).generate(email_address, expires_in: 10.minutes)
end
def verified_pending_authentication_token
Rails.application.message_verifier(:pending_authentication).verified(params[:pending_authentication_token])
end
def redirect_to_session_magic_link(magic_link, return_to: nil)
+1 -1
View File
@@ -14,7 +14,7 @@ class SessionsController < ApplicationController
respond_to do |format|
format.html { redirect_to_session_magic_link magic_link }
format.json { head :created }
format.json { render json: { pending_authentication_token: pending_authentication_token_for(email_address) }, status: :created }
end
else
head :unprocessable_entity