Session: validate authenticatable presence explicitly

mikker / passwordless

🗝 Authentication for your Rails app without the icky-ness of passwords

MIT License

1.27k stars 87 forks source link

Session: validate authenticatable presence explicitly #32

Closed EugZol closed 5 years ago

EugZol commented 5 years ago

It is required when config.load_defaults 5.2 is absent from application.rb. Otherwise, when entering email for non-existent user this code from session_controller.rb works incorrectly:

def create
  session = build_passwordless_session(find_authenticatable)

  if session.save
    Mailer.magic_link(session).deliver_now
  end

  render
end

save actually returns true and Mailer.magic_link(nil) is called.

mikker commented 5 years ago

Thank you for finding and reporting this! Should we add a test for It? With that I’ll be happy to merge.