mirror of
https://github.com/basecamp/once-campfire.git
synced 2026-02-22 12:40:33 +09:00
dde94b06ed
When it's set. Also, store it in current attributes for convenience. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
41 lines
1.0 KiB
Ruby
41 lines
1.0 KiB
Ruby
class SessionsController < ApplicationController
|
|
allow_unauthenticated_access only: %i[ new create ]
|
|
rate_limit to: 10, within: 3.minutes, only: :create, with: -> { render_rejection :too_many_requests }
|
|
|
|
before_action :ensure_user_exists, only: :new
|
|
|
|
def new
|
|
end
|
|
|
|
def create
|
|
if user = User.active.authenticate_by(email_address: params[:email_address], password: params[:password])
|
|
start_new_session_for user
|
|
redirect_to post_authenticating_url
|
|
else
|
|
render_rejection :unauthorized
|
|
end
|
|
end
|
|
|
|
def destroy
|
|
remove_push_subscription
|
|
terminate_current_session
|
|
redirect_to root_url
|
|
end
|
|
|
|
private
|
|
def ensure_user_exists
|
|
redirect_to first_run_url if User.none?
|
|
end
|
|
|
|
def render_rejection(status)
|
|
flash.now[:alert] = "Too many requests or unauthorized."
|
|
render :new, status: status
|
|
end
|
|
|
|
def remove_push_subscription
|
|
if endpoint = params[:push_subscription_endpoint]
|
|
Push::Subscription.destroy_by(endpoint: endpoint, user_id: Current.user.id)
|
|
end
|
|
end
|
|
end
|