Files
fizzy/app/controllers/sessions/launchpad_controller.rb
T
Mike Dalessio 2c18173f08 Trampoline the Launchpad auth redirect from a GET into a POST
to always route it to the writer.
2025-06-20 15:16:57 -04:00

28 lines
680 B
Ruby

class Sessions::LaunchpadController < ApplicationController
require_unauthenticated_access
before_action :store_sig, only: :show
before_action :restore_and_clear_sig, only: :update
def show
end
def update
if user = Current.account.signal_account.authenticate(sig: @sig).try(:peer)
start_new_session_for user
redirect_to after_authentication_url
else
render plain: "Authentication failed. This is probably a bug.", status: :unauthorized
end
end
private
def store_sig
cookies[:_fizzy_launchpad_sig] = params.expect(:sig)
end
def restore_and_clear_sig
@sig = cookies.delete :_fizzy_launchpad_sig
end
end