class Sessions::MagicLinksController < ApplicationController disallow_account_scope require_unauthenticated_access rate_limit to: 10, within: 15.minutes, only: :create, with: -> { redirect_to session_magic_link_path, alert: "Try again in 15 minutes." } layout "public" def show end def create if magic_link = MagicLink.consume(code) start_new_session_for magic_link.identity redirect_to after_sign_in_url(magic_link) else redirect_to session_magic_link_path, alert: "Try another code." end end private def code params.expect(:code) end def after_sign_in_url(magic_link) if magic_link.for_sign_up? new_signup_completion_path else after_authentication_url end end end