fix recovery login crash for users with password set

login_user_by_magic_link raises for unconfirmed users with a password, which is exactly what recovery creates. Use get_user_by_magic_link_token directly and log in without the magic link guard. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-21 22:52:46 +00:00 · 2026-02-21 22:52:46 +00:00 · 0ddafbd84f
commit 0ddafbd84f
parent 069fbc7df2
1 changed files with 9 additions and 15 deletions
--- a/lib/berrypod_web/controllers/setup_controller.ex
+++ b/lib/berrypod_web/controllers/setup_controller.ex
@ -32,24 +32,18 @@ defmodule BerrypodWeb.SetupController do
  @doc """
  Logs in after a successful password recovery.
-  Same flow as setup login — validates the token, sets the session cookie,
+  Uses get_user_by_magic_link_token directly instead of login_user_by_magic_link,
-  then redirects to admin.
+  because the latter raises for users with a password set (which recovery just did).
  """
  def recover_login(conn, %{"token" => token}) do
-    if Accounts.get_user_by_magic_link_token(token) do
+    case Accounts.get_user_by_magic_link_token(token) do
-      case Accounts.login_user_by_magic_link(token) do
+      %Accounts.User{} = user ->
-        {:ok, {user, tokens_to_disconnect}} ->
+        conn
-          UserAuth.disconnect_sessions(tokens_to_disconnect)
+        |> put_session(:user_return_to, ~p"/admin")
        |> UserAuth.log_in_user(user)
-          conn
+      _ ->
-          |> put_session(:user_return_to, ~p"/admin")
+        recover_login_failed(conn)
          |> UserAuth.log_in_user(user)
        _ ->
          recover_login_failed(conn)
      end
    else
      recover_login_failed(conn)
    end
  end