0160f215f2
Avoid Sentry exceptions when attackers try to stuff invalid emails. The browser performs form field validation that should normally prevent this from occurring, so we just return 422 without validation error messages. Also: - extract redirect_to_session_magic_link helper - some controller refactoring and cleanup
31 lines
739 B
Ruby
31 lines
739 B
Ruby
class SignupsController < ApplicationController
|
|
disallow_account_scope
|
|
allow_unauthenticated_access
|
|
rate_limit to: 10, within: 3.minutes, only: :create, with: -> { redirect_to new_signup_path, alert: "Try again later." }
|
|
before_action :redirect_authenticated_user
|
|
|
|
layout "public"
|
|
|
|
def new
|
|
@signup = Signup.new
|
|
end
|
|
|
|
def create
|
|
signup = Signup.new(signup_params)
|
|
if signup.valid?(:identity_creation)
|
|
redirect_to_session_magic_link signup.create_identity
|
|
else
|
|
head :unprocessable_entity
|
|
end
|
|
end
|
|
|
|
private
|
|
def redirect_authenticated_user
|
|
redirect_to new_signup_completion_path if authenticated?
|
|
end
|
|
|
|
def signup_params
|
|
params.expect signup: :email_address
|
|
end
|
|
end
|