1
0

sessions_controller.rb 3.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140
  1. # frozen_string_literal: true
  2. class Auth::SessionsController < Devise::SessionsController
  3. layout 'auth'
  4. skip_before_action :require_no_authentication, only: [:create]
  5. skip_before_action :require_functional!
  6. skip_before_action :update_user_sign_in
  7. include TwoFactorAuthenticationConcern
  8. include SignInTokenAuthenticationConcern
  9. before_action :set_instance_presenter, only: [:new]
  10. before_action :set_body_classes
  11. def new
  12. Devise.omniauth_configs.each do |provider, config|
  13. return redirect_to(omniauth_authorize_path(resource_name, provider)) if config.strategy.redirect_at_sign_in
  14. end
  15. super
  16. end
  17. def create
  18. super do |resource|
  19. resource.update_sign_in!(request, new_sign_in: true)
  20. flash.delete(:notice)
  21. end
  22. end
  23. def destroy
  24. tmp_stored_location = stored_location_for(:user)
  25. super
  26. session.delete(:challenge_passed_at)
  27. flash.delete(:notice)
  28. store_location_for(:user, tmp_stored_location) if continue_after?
  29. end
  30. def webauthn_options
  31. user = User.find_by(id: session[:attempt_user_id])
  32. if user.webauthn_enabled?
  33. options_for_get = WebAuthn::Credential.options_for_get(
  34. allow: user.webauthn_credentials.pluck(:external_id)
  35. )
  36. session[:webauthn_challenge] = options_for_get.challenge
  37. render json: options_for_get, status: :ok
  38. else
  39. render json: { error: t('webauthn_credentials.not_enabled') }, status: :unauthorized
  40. end
  41. end
  42. protected
  43. def find_user
  44. if user_params[:email].present?
  45. find_user_from_params
  46. elsif session[:attempt_user_id]
  47. User.find_by(id: session[:attempt_user_id])
  48. end
  49. end
  50. def find_user_from_params
  51. user = User.authenticate_with_ldap(user_params) if Devise.ldap_authentication
  52. user ||= User.authenticate_with_pam(user_params) if Devise.pam_authentication
  53. user ||= User.find_for_authentication(email: user_params[:email])
  54. user
  55. end
  56. def user_params
  57. params.require(:user).permit(:email, :password, :otp_attempt, :sign_in_token_attempt, credential: {})
  58. end
  59. def after_sign_in_path_for(resource)
  60. last_url = stored_location_for(:user)
  61. if home_paths(resource).include?(last_url)
  62. root_path
  63. else
  64. last_url || root_path
  65. end
  66. end
  67. def after_sign_out_path_for(_resource_or_scope)
  68. Devise.omniauth_configs.each_value do |config|
  69. return root_path if config.strategy.redirect_at_sign_in
  70. end
  71. super
  72. end
  73. def require_no_authentication
  74. super
  75. # Delete flash message that isn't entirely useful and may be confusing in
  76. # most cases because /web doesn't display/clear flash messages.
  77. flash.delete(:alert) if flash[:alert] == I18n.t('devise.failure.already_authenticated')
  78. end
  79. private
  80. def set_instance_presenter
  81. @instance_presenter = InstancePresenter.new
  82. end
  83. def set_body_classes
  84. @body_classes = 'lighter'
  85. end
  86. def home_paths(resource)
  87. paths = [about_path]
  88. if single_user_mode? && resource.is_a?(User)
  89. paths << short_account_path(username: resource.account)
  90. end
  91. paths
  92. end
  93. def continue_after?
  94. truthy_param?(:continue)
  95. end
  96. def restart_session
  97. clear_attempt_from_session
  98. redirect_to new_user_session_path, alert: I18n.t('devise.failure.timeout')
  99. end
  100. def set_attempt_session(user)
  101. session[:attempt_user_id] = user.id
  102. session[:attempt_user_updated_at] = user.updated_at.to_s
  103. end
  104. def clear_attempt_from_session
  105. session.delete(:attempt_user_id)
  106. session.delete(:attempt_user_updated_at)
  107. end
  108. end