memEx/lib/memex_web/controllers/user_confirmation_controller.ex

61 lines
1.8 KiB
Elixir
Raw Normal View History

2022-07-25 19:31:54 -04:00
defmodule MemexWeb.UserConfirmationController do
use MemexWeb, :controller
2021-03-11 21:12:55 -05:00
2022-07-25 19:31:54 -04:00
import MemexWeb.Gettext
alias Memex.Accounts
2021-03-11 21:12:55 -05:00
def new(conn, _params) do
2022-02-25 21:53:04 -05:00
render(conn, "new.html", page_title: gettext("Confirm your account"))
2021-03-11 21:12:55 -05:00
end
def create(conn, %{"user" => %{"email" => email}}) do
if user = Accounts.get_user_by_email(email) do
Accounts.deliver_user_confirmation_instructions(
user,
&Routes.user_confirmation_url(conn, :confirm, &1)
)
end
# Regardless of the outcome, show an impartial success/error message.
conn
|> put_flash(
:info,
2022-02-25 21:53:04 -05:00
dgettext(
"prompts",
"If your email is in our system and it has not been confirmed yet, " <>
"you will receive an email with instructions shortly."
)
2021-03-11 21:12:55 -05:00
)
|> redirect(to: "/")
end
# Do not log in the user after confirmation to avoid a
# leaked token giving the user access to the account.
def confirm(conn, %{"token" => token}) do
case Accounts.confirm_user(token) do
2022-02-25 21:53:04 -05:00
{:ok, %{email: email}} ->
2021-03-11 21:12:55 -05:00
conn
2022-02-25 21:53:04 -05:00
|> put_flash(:info, dgettext("prompts", "%{email} confirmed successfully.", email: email))
2021-03-11 21:12:55 -05:00
|> redirect(to: "/")
:error ->
# If there is a current user and the account was already confirmed,
# then odds are that the confirmation link was already visited, either
# by some automation or by the user themselves, so we redirect without
# a warning message.
case conn.assigns do
%{current_user: %{confirmed_at: confirmed_at}} when not is_nil(confirmed_at) ->
redirect(conn, to: "/")
%{} ->
conn
2022-02-25 21:53:04 -05:00
|> put_flash(
:error,
dgettext("errors", "User confirmation link is invalid or it has expired.")
)
2021-03-11 21:12:55 -05:00
|> redirect(to: "/")
end
end
end
end