Confirm user when signing in via magic link

Author: rossta

app/lib/warden_extensions/setup.rb

@@ -14,17 +14,20 @@ def configure_manager
       Warden::Manager.after_authentication do |user, auth, opts|
         case opts[:scope]
         when :user
-          user.touch(:last_sign_in_at)
+          user.signed_in!
+        when :admin_user
+          # no op
         end
-      end
 
-      # Hooks
-      # Warden::Manager.after_set_user do |user, auth, opts|
-      #   unless user.active?
-      #     auth.logout
-      #     throw(:warden, :message => "User not active")
-      #   end
-      # end
+        case auth.winning_strategy&.key
+        when :magic_session
+          user.confirm!
+        when :password
+          # no op
+        else # nil, as with test helpers
+          # no op
+        end
+      end
     end
   end
 end

app/models/user.rb

@@ -42,7 +42,11 @@ def confirm!
       end
     end
 
-    update_column(:confirmed_at, Time.current)
+    touch :confirmed_at
+  end
+
+  def signed_in!
+    touch :last_sign_in_at
   end
 
   def confirmed?

spec/requests/users/magic_session_tokens_spec.rb

@@ -23,8 +23,24 @@
     end
   end
 
-  describe "POST create" do
+  describe "GET show" do
     it "succeeds" do
+      get new_users_magic_session_token_path
+
+      expect(response).to have_http_status(:ok)
+    end
+
+    it "redirects if authenticated" do
+      login_user
+
+      get new_users_magic_session_token_path
+
+      expect(response).to have_http_status(:found)
+    end
+  end
+
+  describe "POST create" do
+    it "succeeds for confirmed user" do
       user = FactoryBot.create(:user, :confirmed)
       post users_magic_session_tokens_path, params: {user: {email: user.email}}
 

spec/requests/users/sessions_spec.rb

@@ -22,7 +22,7 @@
   end
 
   describe "POST create" do
-    it "signs in user with valid email and password" do
+    it "signs in confirmed user with valid email and password" do
       user = FactoryBot.create(:user, :confirmed, password: "password", password_confirmation: "password")
       expect(user.last_sign_in_at).to be_nil
 
@@ -35,7 +35,7 @@
       expect(user.reload.last_sign_in_at).to be_present
     end
 
-    it "signs in user with valid magic session token" do
+    it "signs in confirmed user with valid magic session token" do
       user = FactoryBot.create(:user, :confirmed)
       token = user.generate_token_for(:magic_session)
       expect(user.last_sign_in_at).to be_nil
@@ -49,14 +49,32 @@
       expect(user.reload.last_sign_in_at).to be_present
     end
 
+    it "signs in unconfirmed user with valid magic session token" do
+      user = FactoryBot.create(:user, :unconfirmed)
+      token = user.generate_token_for(:magic_session)
+      expect(user.last_sign_in_at).to be_nil
+
+      post users_sessions_path, params: {token: token}
+
+      perform_enqueued_jobs_and_subsequently_enqueued_jobs
+
+      expect(response).to redirect_to(users_dashboard_path)
+      expect(flash[:notice]).to eq("Signed in successfully")
+
+      user.reload
+
+      expect(user.last_sign_in_at).to be_present
+      expect(user).to be_confirmed
+    end
+
     it "disallows when user not found with given email" do
       post users_sessions_path, params: {user: {email: "hello#{SecureRandom.hex(5)}@example.com", password: "password"}}
 
       expect(response).to have_http_status(:unprocessable_entity)
       expect(flash[:alert]).to eq("Incorrect email or password")
     end
 
-    it "disallows when user is not confirmed" do
+    it "disallows password sign in when user is not confirmed" do
       user = FactoryBot.create(:user, :unconfirmed, password: "password", password_confirmation: "password")
       post users_sessions_path, params: {user: {email: user.email, password: "password"}}