Fix authentication on "untenanted" controllers
trying out the name "disallow_account_scope" for this, but I don't think it's quite right yet.
This commit is contained in:
@@ -4,7 +4,7 @@ class SessionsController < ApplicationController
|
||||
SIGNUP_PASSWORD = Rails.env.local? ? "testpassword" : Rails.application.credentials.account_signup_http_basic_auth.password
|
||||
http_basic_authenticate_with name: SIGNUP_USERNAME, password: SIGNUP_PASSWORD, realm: "Fizzy Signup", only: :create, unless: -> { Identity.exists?(email_address: email_address) }
|
||||
|
||||
require_untenanted_access
|
||||
disallow_account_scope
|
||||
require_unauthenticated_access except: :destroy
|
||||
rate_limit to: 10, within: 3.minutes, only: :create, with: -> { redirect_to new_session_path, alert: "Try again later." }
|
||||
|
||||
|
||||
Reference in New Issue
Block a user