2021-03-11 21:12:55 -05:00
|
|
|
defmodule CanneryWeb.UserConfirmationController do
|
|
|
|
use CanneryWeb, :controller
|
|
|
|
|
2022-02-20 20:39:21 -05:00
|
|
|
import CanneryWeb.Gettext
|
2021-03-11 21:12:55 -05:00
|
|
|
alias Cannery.Accounts
|
|
|
|
|
|
|
|
def new(conn, _params) do
|
2023-04-14 23:34:11 -04:00
|
|
|
render(conn, :new, page_title: gettext("Confirm your account"))
|
2021-03-11 21:12:55 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
def create(conn, %{"user" => %{"email" => email}}) do
|
|
|
|
if user = Accounts.get_user_by_email(email) do
|
|
|
|
Accounts.deliver_user_confirmation_instructions(
|
|
|
|
user,
|
2023-04-14 23:34:11 -04:00
|
|
|
fn token -> url(CanneryWeb.Endpoint, ~p"/users/confirm/#{token}") end
|
2021-03-11 21:12:55 -05:00
|
|
|
)
|
|
|
|
end
|
|
|
|
|
|
|
|
# Regardless of the outcome, show an impartial success/error message.
|
|
|
|
conn
|
|
|
|
|> put_flash(
|
|
|
|
:info,
|
2022-02-09 00:13:01 -05:00
|
|
|
dgettext(
|
|
|
|
"prompts",
|
2023-04-14 23:34:11 -04:00
|
|
|
"If your email is in our system and it has not been confirmed yet, you will receive an email with instructions shortly."
|
2022-02-09 00:13:01 -05:00
|
|
|
)
|
2021-03-11 21:12:55 -05:00
|
|
|
)
|
2023-04-14 23:34:11 -04:00
|
|
|
|> redirect(to: ~p"/")
|
2021-03-11 21:12:55 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
# Do not log in the user after confirmation to avoid a
|
|
|
|
# leaked token giving the user access to the account.
|
|
|
|
def confirm(conn, %{"token" => token}) do
|
|
|
|
case Accounts.confirm_user(token) do
|
2022-02-15 17:33:19 -05:00
|
|
|
{:ok, %{email: email}} ->
|
2021-03-11 21:12:55 -05:00
|
|
|
conn
|
2022-02-15 17:33:19 -05:00
|
|
|
|> put_flash(:info, dgettext("prompts", "%{email} confirmed successfully.", email: email))
|
2023-04-14 23:34:11 -04:00
|
|
|
|> redirect(to: ~p"/")
|
2021-03-11 21:12:55 -05:00
|
|
|
|
|
|
|
:error ->
|
|
|
|
# If there is a current user and the account was already confirmed,
|
|
|
|
# then odds are that the confirmation link was already visited, either
|
|
|
|
# by some automation or by the user themselves, so we redirect without
|
|
|
|
# a warning message.
|
|
|
|
case conn.assigns do
|
|
|
|
%{current_user: %{confirmed_at: confirmed_at}} when not is_nil(confirmed_at) ->
|
2023-04-14 23:34:11 -04:00
|
|
|
redirect(conn, to: ~p"/")
|
2021-03-11 21:12:55 -05:00
|
|
|
|
|
|
|
%{} ->
|
|
|
|
conn
|
2022-02-09 00:13:01 -05:00
|
|
|
|> put_flash(
|
|
|
|
:error,
|
|
|
|
dgettext("errors", "User confirmation link is invalid or it has expired.")
|
|
|
|
)
|
2023-04-14 23:34:11 -04:00
|
|
|
|> redirect(to: ~p"/")
|
2021-03-11 21:12:55 -05:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|