Files
fizzy/app/controllers/join_codes_controller.rb
T
2025-12-12 17:21:57 +01:00

56 lines
1.5 KiB
Ruby

class JoinCodesController < ApplicationController
allow_unauthenticated_access
rate_limit to: 10, within: 3.minutes, only: :create, with: -> { head :too_many_requests }
before_action :set_join_code
before_action :ensure_join_code_is_valid
before_action :set_identity, only: :create
layout "public"
def new
end
def create
@join_code.redeem_if { |account| @identity.join(account) }
user = User.active.find_by!(account: @join_code.account, identity: @identity)
if @identity == Current.identity && user.setup?
redirect_to landing_url(script_name: @join_code.account.slug)
elsif @identity == Current.identity
redirect_to new_users_verification_url(script_name: @join_code.account.slug)
else
terminate_session if Current.identity
redirect_to_session_magic_link \
@identity.send_magic_link,
return_to: new_users_verification_url(script_name: @join_code.account.slug)
end
end
private
def set_identity
@identity = Identity.find_or_initialize_by(email_address: params.expect(:email_address))
if @identity.new_record?
if @identity.invalid?
head :unprocessable_entity
else
@identity.save!
end
end
end
def set_join_code
@join_code ||= Account::JoinCode.find_by(code: params.expect(:code), account: Current.account)
end
def ensure_join_code_is_valid
if @join_code.nil?
head :not_found
elsif !@join_code.active?
render :inactive, status: :gone
end
end
end