Created
February 19, 2021 02:20
-
-
Save carlyleec/10419800d685885b4aae5eb105fcc5d1 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Do not log in the user after confirmation to avoid a | |
# leaked token giving the user access to the account. | |
def confirm(conn, %{"token" => token}) do | |
case Accounts.confirm_user(token) do | |
{:ok, _} -> | |
conn | |
|> put_flash(:info, "Account confirmed successfully.") | |
|> redirect(to: "/") | |
:error -> | |
# If there is a current user and the account was already confirmed, | |
# then odds are that the confirmation link was already visited, either | |
# by some automation or by the user themselves, so we redirect without | |
# a warning message. | |
case conn.assigns do | |
%{current_user: %{confirmed_at: confirmed_at}} when not is_nil(confirmed_at) -> | |
redirect(conn, to: "/") | |
%{} -> | |
conn | |
|> put_flash(:error, "Account confirmation link is invalid or it has expired.") | |
|> redirect(to: "/") | |
end | |
end | |
end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment