auto-confirm admin during setup, skip email verification
Some checks failed
deploy / deploy (push) Has been cancelled
Some checks failed
deploy / deploy (push) Has been cancelled
Setup wizard no longer requires email delivery. Admin account is auto-confirmed and auto-logged-in via token redirect. Adds setup secret gate for prod (logged on boot), SMTP env var config in runtime.exs, email_configured? helper, and admin warning banner when email isn't set up. Includes plan files for this task and the follow-up email settings UI. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
jamey
37
lib/berrypod_web/controllers/setup_controller.ex
Normal file
37
lib/berrypod_web/controllers/setup_controller.ex
Normal file
@@ -0,0 +1,37 @@
|
||||
defmodule BerrypodWeb.SetupController do
|
||||
use BerrypodWeb, :controller
|
||||
|
||||
alias Berrypod.Accounts
|
||||
alias BerrypodWeb.UserAuth
|
||||
|
||||
@doc """
|
||||
Logs in a user via a setup login token.
|
||||
|
||||
The setup wizard generates a token after creating the admin account,
|
||||
then redirects here to set the session cookie (LiveViews can't do that).
|
||||
"""
|
||||
def login(conn, %{"token" => token}) do
|
||||
# Validate token first — login_user_by_magic_link crashes on invalid base64
|
||||
if Accounts.get_user_by_magic_link_token(token) do
|
||||
case Accounts.login_user_by_magic_link(token) do
|
||||
{:ok, {user, tokens_to_disconnect}} ->
|
||||
UserAuth.disconnect_sessions(tokens_to_disconnect)
|
||||
|
||||
conn
|
||||
|> put_session(:user_return_to, ~p"/setup")
|
||||
|> UserAuth.log_in_user(user)
|
||||
|
||||
_ ->
|
||||
login_failed(conn)
|
||||
end
|
||||
else
|
||||
login_failed(conn)
|
||||
end
|
||||
end
|
||||
|
||||
defp login_failed(conn) do
|
||||
conn
|
||||
|> put_flash(:error, "Login failed — please try again.")
|
||||
|> redirect(to: ~p"/setup")
|
||||
end
|
||||
end
|
||||
Reference in New Issue
Block a user