redirect users to update profile

jrowah · Apr 17, 2024 · ba9f229 · ba9f229
1 parent 64be26b
commit ba9f229
Show file tree

Hide file tree

Showing 3 changed files with 49 additions and 31 deletions.
diff --git a/lib/easy_bills/accounts/user_token.ex b/lib/easy_bills/accounts/user_token.ex
@@ -66,6 +66,24 @@ defmodule EasyBills.Accounts.UserToken do
     {:ok, query}
   end
 
+  @doc """
+  Checks if the token is valid and returns its underlying lookup query.
+
+  The query returns the user found by the token, if any.
+
+  The token is valid if it matches the value in the database and it has
+  not expired (after @session_validity_in_days).
+  """
+  def verify_confirmation_token_query(token) do
+    query =
+      from token in by_token_and_context_query(token, "confirm"),
+        join: user in assoc(token, :user),
+        where: token.inserted_at > ago(@session_validity_in_days, "day"),
+        select: user
+
+    {:ok, query}
+  end
+
   @doc """
   Builds a token and its hash to be delivered to the user's email.
 

diff --git a/lib/easy_bills_web/controllers/user_session_controller.ex b/lib/easy_bills_web/controllers/user_session_controller.ex
@@ -3,6 +3,7 @@ defmodule EasyBillsWeb.UserSessionController do
 
   alias EasyBills.Accounts
   alias EasyBillsWeb.UserAuth
+  alias EasyBills.Accounts.User
 
   def create(conn, %{"_action" => "registered"} = params) do
     create(conn, params, "Account created successfully!")
@@ -19,21 +20,31 @@ defmodule EasyBillsWeb.UserSessionController do
   end
 
   defp create(conn, %{"user" => user_params}, info) do
+    user_return_to = get_session(conn, :user_return_to)
+
     %{"email" => email, "password" => password} = user_params
 
-    if user = Accounts.get_user_by_email_and_password(email, password) do
-      conn
-      |> put_flash(:info, info)
-      |> UserAuth.log_in_user(user, user_params)
-    else
-      # In order to prevent user enumeration attacks, don't disclose whether the email is registered.
-      conn
-      |> put_flash(
-        :error,
-        "We couldn’t find an account matching the email and password you entered. Please crosscheck your email and password and try again"
-      )
-      |> put_flash(:email, String.slice(email, 0, 160))
-      |> redirect(to: ~p"/login")
+    case Accounts.get_user_by_email_and_password(email, password) do
+      %User{avatar_url: nil} = user ->
+        conn
+        |> put_flash(:info, info)
+        |> UserAuth.log_in_user(user, user_params)
+        |> redirect(to: user_return_to || ~p"/welcome")
+
+      %User{} = user ->
+        conn
+        |> put_flash(:info, info)
+        |> UserAuth.log_in_user(user, user_params)
+        |> redirect(to: user_return_to || ~p"/invoices")
+
+      _ ->
+        conn
+        |> put_flash(
+          :error,
+          "We couldn’t find an account matching the email and password you entered. Please crosscheck your email and password and try again"
+        )
+        |> put_flash(:email, String.slice(email, 0, 160))
+        |> redirect(to: ~p"/login")
     end
   end
 

diff --git a/lib/easy_bills_web/user_auth.ex b/lib/easy_bills_web/user_auth.ex
@@ -29,17 +29,13 @@ defmodule EasyBillsWeb.UserAuth do
   """
   def log_in_user(conn, user, params \\ %{}) do
     token = Accounts.generate_user_session_token(user)
-    user_return_to = get_session(conn, :user_return_to)
 
-    if user.avatar_url do
-      conn
-      |> session_manager(token, params)
-      |> redirect(to: user_return_to || signed_in_path(conn))
-    else
-      conn
-      |> session_manager(token, params)
-      |> redirect(to: user_return_to || ~p"/welcome")
-    end
+    conn
+    |> renew_session()
+    |> put_token_in_session(token)
+    |> maybe_write_remember_me_cookie(token, params)
+
+    # |> redirect(to: user_return_to || signed_in_path(conn))
   end
 
   defp maybe_write_remember_me_cookie(conn, token, %{"remember_me" => "true"}) do
@@ -192,7 +188,7 @@ defmodule EasyBillsWeb.UserAuth do
   def redirect_if_user_is_authenticated(conn, _opts) do
     if conn.assigns[:current_user] do
       conn
-      |> redirect(to: ~p"/welcome")
+      |> redirect(to: signed_in_path(conn))
       |> halt()
     else
       conn
@@ -230,11 +226,4 @@ defmodule EasyBillsWeb.UserAuth do
   defp maybe_store_return_to(conn), do: conn
 
   defp signed_in_path(_conn), do: ~p"/invoices"
-
-  defp session_manager(conn, token, params) do
-    conn
-    |> renew_session()
-    |> put_token_in_session(token)
-    |> maybe_write_remember_me_cookie(token, params)
-  end
 end