philomena/lib/philomena_web/controllers/unlock_controller.ex

47 lines
1.2 KiB
Elixir
Raw Normal View History

defmodule PhilomenaWeb.UnlockController do
use PhilomenaWeb, :controller
alias Philomena.Users
2020-09-12 19:43:16 +02:00
plug PhilomenaWeb.CaptchaPlug
plug PhilomenaWeb.CheckCaptchaPlug when action in [:create]
def new(conn, _params) do
render(conn, "new.html")
end
def create(conn, %{"user" => %{"email" => email}}) do
if user = Users.get_user_by_email(email) do
Users.deliver_user_unlock_instructions(
user,
&Routes.unlock_url(conn, :show, &1)
)
end
# Regardless of the outcome, show an impartial success/error message.
conn
|> put_flash(
2023-11-23 17:07:49 +01:00
:alert,
"If your email is in our system and your account has been locked, " <>
"you will receive an email with instructions shortly."
)
|> redirect(to: "/")
end
# Do not log in the user after unlocking to avoid a
# leaked token giving the user access to the account.
def show(conn, %{"id" => token}) do
case Users.unlock_user_by_token(token) do
{:ok, _} ->
conn
|> put_flash(:info, "Account unlocked successfully. You may now log in.")
|> redirect(to: "/")
:error ->
conn
2023-11-23 17:07:49 +01:00
|> put_flash(:warning, "Unlock link is invalid or it has expired.")
|> redirect(to: "/")
end
end
end