demarches-normaliennes/app/controllers/users/sessions_controller.rb

class Users::SessionsController < Sessions::SessionsController
  layout "new_application"

  # GET /resource/sign_in
  def new
    if user_return_to_procedure_id.present? # WTF ?
      @dossier = Dossier.new(procedure: Procedure.active(user_return_to_procedure_id))
    end

    @user = User.new
  rescue ActiveRecord::RecordNotFound
    error_procedure
  end

  # POST /resource/sign_in
  def create
    remember_me = params[:user][:remember_me] == '1'
    try_to_authenticate(User, remember_me)
    try_to_authenticate(Gestionnaire, remember_me)
    try_to_authenticate(Administrateur, remember_me)

    if user_signed_in?
      current_user.update(loged_in_with_france_connect: '')
    end

    if user_signed_in?
      redirect_to after_sign_in_path_for(:user)
    elsif gestionnaire_signed_in?
      location = stored_location_for(:gestionnaire) || gestionnaire_procedures_path
      redirect_to location
    elsif administrateur_signed_in?
      redirect_to admin_path
    else
      flash.alert = 'Mauvais couple login / mot de passe'
      new
      render :new, status: 401
    end
  end

  # DELETE /resource/sign_out
  def destroy
    sign_out :gestionnaire if gestionnaire_signed_in?
    sign_out :administrateur if administrateur_signed_in?

    if user_signed_in?
      connected_with_france_connect = current_user.loged_in_with_france_connect
      current_user.update(loged_in_with_france_connect: '')

      sign_out :user

      case connected_with_france_connect
      when 'particulier'
        redirect_to FRANCE_CONNECT[:particulier][:logout_endpoint]
        return
      end
    end

    respond_to_on_destroy
  end

  def no_procedure
    session['user_return_to'] = nil
    redirect_to new_user_session_path
  end

  private

  def error_procedure
    session["user_return_to"] = nil
    flash.alert = t('errors.messages.procedure_not_found')
    redirect_to url_for root_path
  end

  def user_return_to_procedure_id
    return nil if session["user_return_to"].nil?

    NumberService.to_number session["user_return_to"].split("?procedure_id=").second
  end

  def try_to_authenticate(klass, remember_me = false)
    resource = klass.find_for_database_authentication(email: params[:user][:email])

    if resource.present?
      if resource.valid_password?(params[:user][:password])
        resource.remember_me = remember_me
        sign_in resource
        resource.force_sync_credentials
        set_flash_message :notice, :signed_in
      end
    end
  end
end
sign_out all devises connect before sign_in an other 2015-12-09 15:10:11 +01:00			`class Users::SessionsController < Sessions::SessionsController`
Use new layout for login 2017-06-13 12:33:03 +02:00			`layout "new_application"`

Enable the Layout/CommentIndentation cop 2017-06-12 15:12:51 +02:00			`# GET /resource/sign_in`
Demo sign_in page for users and gestionnaires 2016-02-15 17:13:16 +01:00			`def new`
Don’t use unless 2018-01-11 19:04:39 +01:00			`if user_return_to_procedure_id.present? # WTF ?`
Add draft/publish status for procedure. 2016-06-09 17:49:38 +02:00			`@dossier = Dossier.new(procedure: Procedure.active(user_return_to_procedure_id))`
Connexion page is contextualized with procedure title and description when is access with link. 2016-05-26 15:59:50 +02:00			`end`

Demo sign_in page for users and gestionnaires 2016-02-15 17:13:16 +01:00			`@user = User.new`
Connexion page is contextualized with procedure title and description when is access with link. 2016-05-26 15:59:50 +02:00			`rescue ActiveRecord::RecordNotFound`
			`error_procedure`
Demo sign_in page for users and gestionnaires 2016-02-15 17:13:16 +01:00			`end`
[#884] add user 2015-09-23 10:02:01 +02:00
Enable the Layout/LeadingCommentSpace cop 2018-01-15 19:14:09 +01:00			`# POST /resource/sign_in`
[bis] force login_with_france_connect at false when connection devise user 2015-10-07 14:19:16 +02:00			`def create`
Add remember me on login 2017-03-07 10:15:33 +01:00			`remember_me = params[:user][:remember_me] == '1'`
			`try_to_authenticate(User, remember_me)`
			`try_to_authenticate(Gestionnaire, remember_me)`
			`try_to_authenticate(Administrateur, remember_me)`
[bis] force login_with_france_connect at false when connection devise user 2015-10-07 14:19:16 +02:00
Sign user + gestionnaire in (OpenSimplif) Hacks into users/sessions to sign in and sign out a gestionnaire and/or a user at the same time, as long as credentials are identical (same email, same password). 2016-10-11 11:12:45 +02:00			`if user_signed_in?`
Bump development gems - brakeman - rubocop - scss_lint 2018-03-02 16:27:03 +01:00			`current_user.update(loged_in_with_france_connect: '')`
Sign user + gestionnaire in (OpenSimplif) Hacks into users/sessions to sign in and sign out a gestionnaire and/or a user at the same time, as long as credentials are identical (same email, same password). 2016-10-11 11:12:45 +02:00			`end`

Fix features flip on user connection for unified_login 2016-10-20 11:48:40 +02:00			`if user_signed_in?`
Sign user + gestionnaire in (OpenSimplif) Hacks into users/sessions to sign in and sign out a gestionnaire and/or a user at the same time, as long as credentials are identical (same email, same password). 2016-10-11 11:12:45 +02:00			`redirect_to after_sign_in_path_for(:user)`
Fix features flip on user connection for unified_login 2016-10-20 11:48:40 +02:00			`elsif gestionnaire_signed_in?`
Gestionnaire: move procedures_path to gestionnaire_procedures_path 2018-02-21 15:06:21 +01:00			`location = stored_location_for(:gestionnaire) \|\| gestionnaire_procedures_path`
[Fix #388] In avis email, redirect a signed out gest. to the dossier 2017-06-12 10:06:41 +02:00			`redirect_to location`
Can connect admin with user session path 2016-12-07 17:03:36 +01:00			`elsif administrateur_signed_in?`
			`redirect_to admin_path`
Sign user + gestionnaire in (OpenSimplif) Hacks into users/sessions to sign in and sign out a gestionnaire and/or a user at the same time, as long as credentials are identical (same email, same password). 2016-10-11 11:12:45 +02:00			`else`
Add alert for bad connexion with unified connexion 2017-01-02 09:38:49 +01:00			`flash.alert = 'Mauvais couple login / mot de passe'`
Sign user + gestionnaire in (OpenSimplif) Hacks into users/sessions to sign in and sign out a gestionnaire and/or a user at the same time, as long as credentials are identical (same email, same password). 2016-10-11 11:12:45 +02:00			`new`
			`render :new, status: 401`
			`end`
[bis] force login_with_france_connect at false when connection devise user 2015-10-07 14:19:16 +02:00			`end`
[#884] add user 2015-09-23 10:02:01 +02:00
Enable the Layout/CommentIndentation cop 2017-06-12 15:12:51 +02:00			`# DELETE /resource/sign_out`
add france connect logout process 2015-10-07 16:38:29 +02:00			`def destroy`
Can connect admin with user session path 2016-12-07 17:03:36 +01:00			`sign_out :gestionnaire if gestionnaire_signed_in?`
			`sign_out :administrateur if administrateur_signed_in?`
add france connect logout process 2015-10-07 16:38:29 +02:00
Sign user + gestionnaire in (OpenSimplif) Hacks into users/sessions to sign in and sign out a gestionnaire and/or a user at the same time, as long as credentials are identical (same email, same password). 2016-10-11 11:12:45 +02:00			`if user_signed_in?`
			`connected_with_france_connect = current_user.loged_in_with_france_connect`
Bump development gems - brakeman - rubocop - scss_lint 2018-03-02 16:27:03 +01:00			`current_user.update(loged_in_with_france_connect: '')`
add france connect logout process 2015-10-07 16:38:29 +02:00
Sign user + gestionnaire in (OpenSimplif) Hacks into users/sessions to sign in and sign out a gestionnaire and/or a user at the same time, as long as credentials are identical (same email, same password). 2016-10-11 11:12:45 +02:00			`sign_out :user`

Use case statements instead of if statements where appropriated 2017-04-05 10:22:37 +02:00			`case connected_with_france_connect`
			`when 'particulier'`
FC initializers: remove Hashie 2018-01-11 14:04:24 +01:00			`redirect_to FRANCE_CONNECT[:particulier][:logout_endpoint]`
Sign user + gestionnaire in (OpenSimplif) Hacks into users/sessions to sign in and sign out a gestionnaire and/or a user at the same time, as long as credentials are identical (same email, same password). 2016-10-11 11:12:45 +02:00			`return`
			`end`
add france connect logout process 2015-10-07 16:38:29 +02:00			`end`
Sign user + gestionnaire in (OpenSimplif) Hacks into users/sessions to sign in and sign out a gestionnaire and/or a user at the same time, as long as credentials are identical (same email, same password). 2016-10-11 11:12:45 +02:00
			`respond_to_on_destroy`
add france connect logout process 2015-10-07 16:38:29 +02:00			`end`
[#884] add user 2015-09-23 10:02:01 +02:00
Connexion page is contextualized with procedure title and description when is access with link. 2016-05-26 15:59:50 +02:00			`def no_procedure`
			`session['user_return_to'] = nil`
			`redirect_to new_user_session_path`
			`end`

			`private`
[#884] add user 2015-09-23 10:02:01 +02:00
Connexion page is contextualized with procedure title and description when is access with link. 2016-05-26 15:59:50 +02:00			`def error_procedure`
If user_return_to procedure is invalid then remove it from session 2017-11-21 10:10:19 +01:00			`session["user_return_to"] = nil`
Connexion page is contextualized with procedure title and description when is access with link. 2016-05-26 15:59:50 +02:00			`flash.alert = t('errors.messages.procedure_not_found')`
			`redirect_to url_for root_path`
			`end`

			`def user_return_to_procedure_id`
			`return nil if session["user_return_to"].nil?`

			`NumberService.to_number session["user_return_to"].split("?procedure_id=").second`
			`end`
Sign user + gestionnaire in (OpenSimplif) Hacks into users/sessions to sign in and sign out a gestionnaire and/or a user at the same time, as long as credentials are identical (same email, same password). 2016-10-11 11:12:45 +02:00
Add remember me on login 2017-03-07 10:15:33 +01:00			`def try_to_authenticate(klass, remember_me = false)`
Avoid assignments in conditions 2018-03-06 12:01:45 +01:00			`resource = klass.find_for_database_authentication(email: params[:user][:email])`

			`if resource.present?`
Sign user + gestionnaire in (OpenSimplif) Hacks into users/sessions to sign in and sign out a gestionnaire and/or a user at the same time, as long as credentials are identical (same email, same password). 2016-10-11 11:12:45 +02:00			`if resource.valid_password?(params[:user][:password])`
Add remember me on login 2017-03-07 10:15:33 +01:00			`resource.remember_me = remember_me`
Sign user + gestionnaire in (OpenSimplif) Hacks into users/sessions to sign in and sign out a gestionnaire and/or a user at the same time, as long as credentials are identical (same email, same password). 2016-10-11 11:12:45 +02:00			`sign_in resource`
Sync password after login 2017-02-07 16:56:21 +01:00			`resource.force_sync_credentials`
Sign user + gestionnaire in (OpenSimplif) Hacks into users/sessions to sign in and sign out a gestionnaire and/or a user at the same time, as long as credentials are identical (same email, same password). 2016-10-11 11:12:45 +02:00			`set_flash_message :notice, :signed_in`
			`end`
			`end`
			`end`
[#884] add user 2015-09-23 10:02:01 +02:00			`end`