add admin account recovery via setup secret
All checks were successful
deploy / deploy (push) Successful in 1m33s
All checks were successful
deploy / deploy (push) Successful in 1m33s
When email isn't configured, the login page now hides the magic link form and shows a recovery link. The /recover page logs the setup secret to server logs and lets the admin reset their password with it. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
jamey
@@ -29,9 +29,39 @@ defmodule BerrypodWeb.SetupController do
|
||||
end
|
||||
end
|
||||
|
||||
@doc """
|
||||
Logs in after a successful password recovery.
|
||||
|
||||
Same flow as setup login — validates the token, sets the session cookie,
|
||||
then redirects to admin.
|
||||
"""
|
||||
def recover_login(conn, %{"token" => token}) do
|
||||
if Accounts.get_user_by_magic_link_token(token) do
|
||||
case Accounts.login_user_by_magic_link(token) do
|
||||
{:ok, {user, tokens_to_disconnect}} ->
|
||||
UserAuth.disconnect_sessions(tokens_to_disconnect)
|
||||
|
||||
conn
|
||||
|> put_session(:user_return_to, ~p"/admin")
|
||||
|> UserAuth.log_in_user(user)
|
||||
|
||||
_ ->
|
||||
recover_login_failed(conn)
|
||||
end
|
||||
else
|
||||
recover_login_failed(conn)
|
||||
end
|
||||
end
|
||||
|
||||
defp login_failed(conn) do
|
||||
conn
|
||||
|> put_flash(:error, "Login failed — please try again.")
|
||||
|> redirect(to: ~p"/setup")
|
||||
end
|
||||
|
||||
defp recover_login_failed(conn) do
|
||||
conn
|
||||
|> put_flash(:error, "Recovery login failed — please try again.")
|
||||
|> redirect(to: ~p"/recover")
|
||||
end
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user