2311efd03e
Previously if someone started signing in on their phone, but finished it on their laptop, they'd end up on the menu screen with no account. Bu tracking the purpose of a Magic Link we can always direct the user to sign up if they requested a magic link through sign up. This also makes the logic for changing the copy in the email more robust.
33 lines
775 B
Ruby
33 lines
775 B
Ruby
class Sessions::MagicLinksController < ApplicationController
|
|
disallow_account_scope
|
|
require_unauthenticated_access
|
|
rate_limit to: 10, within: 15.minutes, only: :create, with: -> { redirect_to session_magic_link_path, alert: "Try again in 15 minutes." }
|
|
|
|
layout "public"
|
|
|
|
def show
|
|
end
|
|
|
|
def create
|
|
if magic_link = MagicLink.consume(code)
|
|
start_new_session_for magic_link.identity
|
|
redirect_to after_sign_in_url(magic_link)
|
|
else
|
|
redirect_to session_magic_link_path, alert: "Try another code."
|
|
end
|
|
end
|
|
|
|
private
|
|
def code
|
|
params.expect(:code)
|
|
end
|
|
|
|
def after_sign_in_url(magic_link)
|
|
if magic_link.for_sign_up?
|
|
new_signup_completion_path
|
|
else
|
|
after_authentication_url
|
|
end
|
|
end
|
|
end
|