fix recovery login crash for users with password set
All checks were successful
deploy / deploy (push) Successful in 1m8s
All checks were successful
deploy / deploy (push) Successful in 1m8s
login_user_by_magic_link raises for unconfirmed users with a password, which is exactly what recovery creates. Use get_user_by_magic_link_token directly and log in without the magic link guard. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
jamey
parent
069fbc7df2
commit
0ddafbd84f
@ -32,15 +32,12 @@ defmodule BerrypodWeb.SetupController do
|
||||
@doc """
|
||||
Logs in after a successful password recovery.
|
||||
|
||||
Same flow as setup login — validates the token, sets the session cookie,
|
||||
then redirects to admin.
|
||||
Uses get_user_by_magic_link_token directly instead of login_user_by_magic_link,
|
||||
because the latter raises for users with a password set (which recovery just did).
|
||||
"""
|
||||
def recover_login(conn, %{"token" => token}) do
|
||||
if Accounts.get_user_by_magic_link_token(token) do
|
||||
case Accounts.login_user_by_magic_link(token) do
|
||||
{:ok, {user, tokens_to_disconnect}} ->
|
||||
UserAuth.disconnect_sessions(tokens_to_disconnect)
|
||||
|
||||
case Accounts.get_user_by_magic_link_token(token) do
|
||||
%Accounts.User{} = user ->
|
||||
conn
|
||||
|> put_session(:user_return_to, ~p"/admin")
|
||||
|> UserAuth.log_in_user(user)
|
||||
@ -48,9 +45,6 @@ defmodule BerrypodWeb.SetupController do
|
||||
_ ->
|
||||
recover_login_failed(conn)
|
||||
end
|
||||
else
|
||||
recover_login_failed(conn)
|
||||
end
|
||||
end
|
||||
|
||||
defp login_failed(conn) do
|
||||
|
||||
Loading…
Reference in New Issue
Block a user