Files
fizzy/app/controllers/join_codes_controller.rb
T
Mike Dalessio 4602cd3cdd Add verified_at timestamp to use for spam prevention
User are marked as verified after a join code is redeemed. The user is
redirected to Users::VerificationsController, either:

- after submitting a valid magic link code,
- or immediately after redeeming the join code (if they're already
  authenticated with the correct identity)

Account owners are automatically verified when the account is
created (because they have already provided a magic link code at that
point).

This sets up for later commits that will backfill existing users and
require verification before sending notification emails.

Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-05 21:51:44 -05:00

50 lines
1.4 KiB
Ruby

class JoinCodesController < ApplicationController
allow_unauthenticated_access
before_action :set_join_code
before_action :ensure_join_code_is_valid
layout "public"
def new
end
def create
identity = Identity.find_or_create_by!(email_address: params.expect(:email_address))
@join_code.redeem_if { |account| identity.join(account) }
user = User.active.find_by!(account: @join_code.account, identity: identity)
if identity == Current.identity && user.setup?
redirect_to landing_url(script_name: @join_code.account.slug)
elsif identity == Current.identity
redirect_to new_users_verification_url(script_name: @join_code.account.slug)
else
logout_and_send_new_magic_link(identity)
redirect_to session_magic_link_url(script_name: nil)
end
end
private
def set_join_code
@join_code ||= Account::JoinCode.find_by(code: params.expect(:code), account: Current.account)
end
def ensure_join_code_is_valid
if @join_code.nil?
head :not_found
elsif !@join_code.active?
render :inactive, status: :gone
end
end
def logout_and_send_new_magic_link(identity)
terminate_session if Current.identity
magic_link = identity.send_magic_link
serve_development_magic_link(magic_link)
session[:return_to_after_authenticating] = new_users_verification_url(script_name: @join_code.account.slug)
end
end