0160f215f2
Avoid Sentry exceptions when attackers try to stuff invalid emails. The browser performs form field validation that should normally prevent this from occurring, so we just return 422 without validation error messages. Also: - extract redirect_to_session_magic_link helper - some controller refactoring and cleanup
44 lines
1.2 KiB
Ruby
44 lines
1.2 KiB
Ruby
class JoinCodesController < ApplicationController
|
|
allow_unauthenticated_access
|
|
|
|
before_action :set_join_code
|
|
before_action :ensure_join_code_is_valid
|
|
|
|
layout "public"
|
|
|
|
def new
|
|
end
|
|
|
|
def create
|
|
identity = Identity.find_or_create_by!(email_address: params.expect(:email_address))
|
|
|
|
@join_code.redeem_if { |account| identity.join(account) }
|
|
user = User.active.find_by!(account: @join_code.account, identity: identity)
|
|
|
|
if identity == Current.identity && user.setup?
|
|
redirect_to landing_url(script_name: @join_code.account.slug)
|
|
elsif identity == Current.identity
|
|
redirect_to new_users_verification_url(script_name: @join_code.account.slug)
|
|
else
|
|
terminate_session if Current.identity
|
|
|
|
redirect_to_session_magic_link \
|
|
identity.send_magic_link,
|
|
return_to: new_users_verification_url(script_name: @join_code.account.slug)
|
|
end
|
|
end
|
|
|
|
private
|
|
def set_join_code
|
|
@join_code ||= Account::JoinCode.find_by(code: params.expect(:code), account: Current.account)
|
|
end
|
|
|
|
def ensure_join_code_is_valid
|
|
if @join_code.nil?
|
|
head :not_found
|
|
elsif !@join_code.active?
|
|
render :inactive, status: :gone
|
|
end
|
|
end
|
|
end
|