sessions_controller.rb 2.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119
  1. # frozen_string_literal: true
  2. class Auth::SessionsController < Devise::SessionsController
  3. include Devise::Controllers::Rememberable
  4. layout 'auth'
  5. skip_before_action :require_no_authentication, only: [:create]
  6. skip_before_action :require_functional!
  7. include TwoFactorAuthenticationConcern
  8. include SignInTokenAuthenticationConcern
  9. before_action :set_instance_presenter, only: [:new]
  10. before_action :set_body_classes
  11. def new
  12. Devise.omniauth_configs.each do |provider, config|
  13. return redirect_to(omniauth_authorize_path(resource_name, provider)) if config.strategy.redirect_at_sign_in
  14. end
  15. super
  16. end
  17. def create
  18. super do |resource|
  19. remember_me(resource)
  20. flash.delete(:notice)
  21. end
  22. end
  23. def destroy
  24. tmp_stored_location = stored_location_for(:user)
  25. super
  26. session.delete(:challenge_passed_at)
  27. flash.delete(:notice)
  28. store_location_for(:user, tmp_stored_location) if continue_after?
  29. end
  30. def webauthn_options
  31. user = find_user
  32. if user.webauthn_enabled?
  33. options_for_get = WebAuthn::Credential.options_for_get(
  34. allow: user.webauthn_credentials.pluck(:external_id)
  35. )
  36. session[:webauthn_challenge] = options_for_get.challenge
  37. render json: options_for_get, status: :ok
  38. else
  39. render json: { error: t('webauthn_credentials.not_enabled') }, status: :unauthorized
  40. end
  41. end
  42. protected
  43. def find_user
  44. if session[:attempt_user_id]
  45. User.find(session[:attempt_user_id])
  46. else
  47. user = User.authenticate_with_ldap(user_params) if Devise.ldap_authentication
  48. user ||= User.authenticate_with_pam(user_params) if Devise.pam_authentication
  49. user ||= User.find_for_authentication(email: user_params[:email])
  50. user
  51. end
  52. end
  53. def user_params
  54. params.require(:user).permit(:email, :password, :otp_attempt, :sign_in_token_attempt, credential: {})
  55. end
  56. def after_sign_in_path_for(resource)
  57. last_url = stored_location_for(:user)
  58. if home_paths(resource).include?(last_url)
  59. root_path
  60. else
  61. last_url || root_path
  62. end
  63. end
  64. def after_sign_out_path_for(_resource_or_scope)
  65. Devise.omniauth_configs.each_value do |config|
  66. return root_path if config.strategy.redirect_at_sign_in
  67. end
  68. super
  69. end
  70. def require_no_authentication
  71. super
  72. # Delete flash message that isn't entirely useful and may be confusing in
  73. # most cases because /web doesn't display/clear flash messages.
  74. flash.delete(:alert) if flash[:alert] == I18n.t('devise.failure.already_authenticated')
  75. end
  76. private
  77. def set_instance_presenter
  78. @instance_presenter = InstancePresenter.new
  79. end
  80. def set_body_classes
  81. @body_classes = 'lighter'
  82. end
  83. def home_paths(resource)
  84. paths = [about_path]
  85. if single_user_mode? && resource.is_a?(User)
  86. paths << short_account_path(username: resource.account)
  87. end
  88. paths
  89. end
  90. def continue_after?
  91. truthy_param?(:continue)
  92. end
  93. end