confirmations_controller.rb 2.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
  1. # frozen_string_literal: true
  2. class Auth::ConfirmationsController < Devise::ConfirmationsController
  3. include Auth::CaptchaConcern
  4. layout 'auth'
  5. before_action :set_body_classes
  6. before_action :set_confirmation_user!, only: [:show, :confirm_captcha]
  7. before_action :require_unconfirmed!
  8. before_action :extend_csp_for_captcha!, only: [:show, :confirm_captcha]
  9. before_action :require_captcha_if_needed!, only: [:show]
  10. skip_before_action :check_self_destruct!
  11. skip_before_action :require_functional!
  12. def show
  13. old_session_values = session.to_hash
  14. reset_session
  15. session.update old_session_values.except('session_id')
  16. super
  17. end
  18. def new
  19. super
  20. resource.email = current_user.unconfirmed_email || current_user.email if user_signed_in?
  21. end
  22. def confirm_captcha
  23. check_captcha! do |message|
  24. flash.now[:alert] = message
  25. render :captcha
  26. return
  27. end
  28. show
  29. end
  30. def redirect_to_app?
  31. truthy_param?(:redirect_to_app)
  32. end
  33. helper_method :redirect_to_app?
  34. private
  35. def require_captcha_if_needed!
  36. render :captcha if captcha_required?
  37. end
  38. def set_confirmation_user!
  39. # We need to reimplement looking up the user because
  40. # Devise::ConfirmationsController#show looks up and confirms in one
  41. # step.
  42. confirmation_token = params[:confirmation_token]
  43. return if confirmation_token.nil?
  44. @confirmation_user = User.find_first_by_auth_conditions(confirmation_token: confirmation_token)
  45. end
  46. def captcha_user_bypass?
  47. return true if @confirmation_user.nil? || @confirmation_user.confirmed?
  48. end
  49. def require_unconfirmed!
  50. if user_signed_in? && current_user.confirmed? && current_user.unconfirmed_email.blank?
  51. redirect_to(current_user.approved? ? root_path : edit_user_registration_path)
  52. end
  53. end
  54. def set_body_classes
  55. @body_classes = 'lighter'
  56. end
  57. def after_resending_confirmation_instructions_path_for(_resource_name)
  58. if user_signed_in?
  59. if current_user.confirmed? && current_user.approved?
  60. edit_user_registration_path
  61. else
  62. auth_setup_path
  63. end
  64. else
  65. new_user_session_path
  66. end
  67. end
  68. def after_confirmation_path_for(_resource_name, user)
  69. if user.created_by_application && redirect_to_app?
  70. user.created_by_application.confirmation_redirect_uri
  71. elsif user_signed_in?
  72. web_url('start')
  73. else
  74. new_user_session_path
  75. end
  76. end
  77. end