demarches-normaliennes/app/controllers/users/sessions_controller.rb

class Users::SessionsController < Sessions::SessionsController
  include ProcedureContextConcern
  include TrustedDeviceConcern
  include ActionView::Helpers::DateHelper

  layout 'procedure_context', only: [:new, :create]

  before_action :restore_procedure_context, only: [:new, :create]

  # GET /resource/sign_in
  def new
    @user = User.new
  end

  # POST /resource/sign_in
  def create
    remember_me = params[:user][:remember_me] == '1'

    if resource_locked?(try_to_authenticate(User, remember_me)) ||
      resource_locked?(try_to_authenticate(Gestionnaire, remember_me)) ||
      resource_locked?(try_to_authenticate(Administrateur, remember_me))
      flash.alert = 'Votre compte est verrouillé.'
      new
      return render :new, status: 401
    end

    if user_signed_in?
      current_user.update(loged_in_with_france_connect: nil)
    end

    if gestionnaire_signed_in? || user_signed_in?
      set_flash_message :notice, :signed_in
      redirect_to after_sign_in_path_for(:user)
    else
      flash.alert = 'Mauvais couple login / mot de passe'
      new
      render :new, status: 401
    end
  end

  def link_sent
    @email = params[:email]
  end

  # DELETE /resource/sign_out
  def destroy
    if gestionnaire_signed_in?
      sign_out :gestionnaire
    end

    if administrateur_signed_in?
      sign_out :administrateur
    end

    if user_signed_in?
      connected_with_france_connect = current_user.loged_in_with_france_connect
      current_user.update(loged_in_with_france_connect: '')

      sign_out :user

      case connected_with_france_connect
      when User.loged_in_with_france_connects.fetch(:particulier)
        redirect_to FRANCE_CONNECT[:particulier][:logout_endpoint]
        return
      end
    end

    respond_to_on_destroy
  end

  def no_procedure
    clear_stored_location_for(:user)
    redirect_to new_user_session_path
  end

  def sign_in_by_link
    gestionnaire = Gestionnaire.find(params[:id])
    trusted_device_token = gestionnaire
      .trusted_device_tokens
      .find_by(token: params[:jeton])

    if trusted_device_token&.token_valid?
      trust_device(trusted_device_token.created_at)

      period = ((trusted_device_token.created_at + TRUSTED_DEVICE_PERIOD) - Time.zone.now).to_i / ActiveSupport::Duration::SECONDS_PER_DAY

      flash.notice = "Merci d’avoir confirmé votre connexion. Votre navigateur est maintenant authentifié pour #{period} jours."

      # redirect to procedure'url if stored by store_location_for(:user) in dossiers_controller
      # redirect to root_path otherwise

      if gestionnaire_signed_in?
        redirect_to after_sign_in_path_for(:user)
      else
        redirect_to new_user_session_path
      end
    else
      flash[:alert] = 'Votre lien est invalide ou expiré, un nouveau vient de vous être envoyé.'

      send_login_token_or_bufferize(gestionnaire)
      redirect_to link_sent_path(email: gestionnaire.email)
    end
  end

  private

  def try_to_authenticate(klass, remember_me = false)
    resource = klass.find_for_database_authentication(email: params[:user][:email])

    if resource.present?
      if resource.valid_password?(params[:user][:password])
        resource.remember_me = remember_me
        sign_in resource
        resource.force_sync_credentials
      end
    end
    resource
  end

  def resource_locked?(resource)
    resource.present? && resource.access_locked?
  end
end
-												sign_out all devises connect before sign_in an other

											
										
										
											2015-12-09 15:10:11 +01:00
+								class Users::SessionsController < Sessions::SessionsController
-												sign_in: extract the procedure context to a ProcedureContextConcern

											
										
										
											2019-01-14 16:25:48 +01:00
+								  include ProcedureContextConcern
-												Session: add trusted_device cookie

											
										
										
											2018-10-30 18:24:29 +01:00
+								  include TrustedDeviceConcern
 								  include ActionView::Helpers::DateHelper
-												layouts: migrate sign_in to the shared layout

											
										
										
											2019-01-08 08:20:49 +01:00
+								  layout 'procedure_context', only: [:new, :create]
-												sign_in: extract the procedure context to a ProcedureContextConcern

											
										
										
											2019-01-14 16:25:48 +01:00
+								  before_action :restore_procedure_context, only: [:new, :create]
-												Enable the Layout/CommentIndentation cop
											
										
										
											2017-06-12 15:12:51 +02:00
+								  # GET /resource/sign_in
-												Demo sign_in page for users and gestionnaires

											
										
										
											2016-02-15 17:13:16 +01:00
+								  def new
 								    @user = User.new
 								  end
-												[#884] add user
											
										
										
											2015-09-23 10:02:01 +02:00
-												Enable the Layout/LeadingCommentSpace cop
											
										
										
											2018-01-15 19:14:09 +01:00
+								  # POST /resource/sign_in
-												[bis] force login_with_france_connect at false when connection devise user

											
										
										
											2015-10-07 14:19:16 +02:00
+								  def create
-												Add remember me on login

											
										
										
											2017-03-07 10:15:33 +01:00
+								    remember_me = params[:user][:remember_me] == '1'
-												add alert for account is locked

											
										
										
											2019-06-25 18:00:13 +02:00
 								    if resource_locked?(try_to_authenticate(User, remember_me)) ||
 								      resource_locked?(try_to_authenticate(Gestionnaire, remember_me)) ||
 								      resource_locked?(try_to_authenticate(Administrateur, remember_me))
 								      flash.alert = 'Votre compte est verrouillé.'
 								      new
 								      return render :new, status: 401
 								    end
-												[bis] force login_with_france_connect at false when connection devise user

											
										
										
											2015-10-07 14:19:16 +02:00
-												Sign user + gestionnaire in (OpenSimplif)

Hacks into users/sessions to sign in and sign out a gestionnaire
and/or a user at the same time, as long as credentials are
identical (same email, same password).

											
										
										
											2016-10-11 11:12:45 +02:00
+								    if user_signed_in?
-												SessionControllerSpec: remove specific attribut test

change user.update(log_in_with_france_connect: nil) as log_in_france_connect is an enum

											
										
										
											2019-01-09 11:18:53 +01:00
+								      current_user.update(loged_in_with_france_connect: nil)
-												Sign user + gestionnaire in (OpenSimplif)

Hacks into users/sessions to sign in and sign out a gestionnaire
and/or a user at the same time, as long as credentials are
identical (same email, same password).

											
										
										
											2016-10-11 11:12:45 +02:00
+								    end
-												split login and trusted_device logic

											
										
										
											2019-02-01 17:17:10 +01:00
+								    if gestionnaire_signed_in? || user_signed_in?
-												SessionController: do not display 'Connecté' when a login_link is required

											
										
										
											2018-11-08 14:39:23 +01:00
+								      set_flash_message :notice, :signed_in
-												Sign user + gestionnaire in (OpenSimplif)

Hacks into users/sessions to sign in and sign out a gestionnaire
and/or a user at the same time, as long as credentials are
identical (same email, same password).

											
										
										
											2016-10-11 11:12:45 +02:00
+								      redirect_to after_sign_in_path_for(:user)
 								    else
-												Add alert for bad connexion with unified connexion

											
										
										
											2017-01-02 09:38:49 +01:00
+								      flash.alert = 'Mauvais couple login / mot de passe'
-												Sign user + gestionnaire in (OpenSimplif)

Hacks into users/sessions to sign in and sign out a gestionnaire
and/or a user at the same time, as long as credentials are
identical (same email, same password).

											
										
										
											2016-10-11 11:12:45 +02:00
+								      new
 								      render :new, status: 401
 								    end
-												[bis] force login_with_france_connect at false when connection devise user

											
										
										
											2015-10-07 14:19:16 +02:00
+								  end
-												[#884] add user
											
										
										
											2015-09-23 10:02:01 +02:00
-												Session: send a mail to confirm gestionnaire login

											
										
										
											2018-10-03 11:11:02 +02:00
+								  def link_sent
 								    @email = params[:email]
 								  end
-												Enable the Layout/CommentIndentation cop
											
										
										
											2017-06-12 15:12:51 +02:00
+								  # DELETE /resource/sign_out
-												add france connect logout process

											
										
										
											2015-10-07 16:38:29 +02:00
+								  def destroy
-												Do one thing per line

											
										
										
											2018-10-01 13:24:37 +02:00
+								    if gestionnaire_signed_in?
 								      sign_out :gestionnaire
 								    end
 								    if administrateur_signed_in?
 								      sign_out :administrateur
 								    end
-												add france connect logout process

											
										
										
											2015-10-07 16:38:29 +02:00
-												Sign user + gestionnaire in (OpenSimplif)

Hacks into users/sessions to sign in and sign out a gestionnaire
and/or a user at the same time, as long as credentials are
identical (same email, same password).

											
										
										
											2016-10-11 11:12:45 +02:00
+								    if user_signed_in?
 								      connected_with_france_connect = current_user.loged_in_with_france_connect
-												Bump development gems

- brakeman
- rubocop
- scss_lint

											
										
										
											2018-03-02 16:27:03 +01:00
+								      current_user.update(loged_in_with_france_connect: '')
-												add france connect logout process

											
										
										
											2015-10-07 16:38:29 +02:00
-												Sign user + gestionnaire in (OpenSimplif)

Hacks into users/sessions to sign in and sign out a gestionnaire
and/or a user at the same time, as long as credentials are
identical (same email, same password).

											
										
										
											2016-10-11 11:12:45 +02:00
+								      sign_out :user
-												Use case statements instead of if statements where appropriated

											
										
										
											2017-04-05 10:22:37 +02:00
+								      case connected_with_france_connect
-												Use enum to the fullest with User.loged_in_with_france_connects
											
										
										
											2018-08-28 11:41:37 +02:00
+								      when User.loged_in_with_france_connects.fetch(:particulier)
-												FC initializers: remove Hashie

											
										
										
											2018-01-11 14:04:24 +01:00
+								        redirect_to FRANCE_CONNECT[:particulier][:logout_endpoint]
-												Sign user + gestionnaire in (OpenSimplif)

Hacks into users/sessions to sign in and sign out a gestionnaire
and/or a user at the same time, as long as credentials are
identical (same email, same password).

											
										
										
											2016-10-11 11:12:45 +02:00
+								        return
 								      end
-												add france connect logout process

											
										
										
											2015-10-07 16:38:29 +02:00
+								    end
-												Sign user + gestionnaire in (OpenSimplif)

Hacks into users/sessions to sign in and sign out a gestionnaire
and/or a user at the same time, as long as credentials are
identical (same email, same password).

											
										
										
											2016-10-11 11:12:45 +02:00
 								    respond_to_on_destroy
-												add france connect logout process

											
										
										
											2015-10-07 16:38:29 +02:00
+								  end
-												[#884] add user
											
										
										
											2015-09-23 10:02:01 +02:00
-												Connexion page is contextualized with procedure title and description when is access with link.

											
										
										
											2016-05-26 15:59:50 +02:00
+								  def no_procedure
-												sign_in: extract the procedure context to a ProcedureContextConcern

											
										
										
											2019-01-14 16:25:48 +01:00
+								    clear_stored_location_for(:user)
-												Connexion page is contextualized with procedure title and description when is access with link.

											
										
										
											2016-05-26 15:59:50 +02:00
+								    redirect_to new_user_session_path
 								  end
-												Session: send a mail to confirm gestionnaire login

											
										
										
											2018-10-03 11:11:02 +02:00
+								  def sign_in_by_link
 								    gestionnaire = Gestionnaire.find(params[:id])
-												move token validity to trusted_device_token

											
										
										
											2019-02-02 22:16:11 +01:00
+								    trusted_device_token = gestionnaire
 								      .trusted_device_tokens
 								      .find_by(token: params[:jeton])
 								    if trusted_device_token&.token_valid?
-												valid period depend on trusted_device_token.created_at

											
										
										
											2019-02-04 11:57:50 +01:00
+								      trust_device(trusted_device_token.created_at)
 								      period = ((trusted_device_token.created_at + TRUSTED_DEVICE_PERIOD) - Time.zone.now).to_i / ActiveSupport::Duration::SECONDS_PER_DAY
 								      flash.notice = "Merci d’avoir confirmé votre connexion. Votre navigateur est maintenant authentifié pour #{period} jours."
-												Session: add trusted_device cookie

											
										
										
											2018-10-30 18:24:29 +01:00
-												[Fix #2999] Send gestionnaire back to what they were doing after email verification

											
										
										
											2018-11-22 18:11:00 +01:00
+								      # redirect to procedure'url if stored by store_location_for(:user) in dossiers_controller
 								      # redirect to root_path otherwise
-												split login and trusted_device logic

											
										
										
											2019-02-01 17:17:10 +01:00
 								      if gestionnaire_signed_in?
 								        redirect_to after_sign_in_path_for(:user)
 								      else
 								        redirect_to new_user_session_path
 								      end
-												Session: send a mail to confirm gestionnaire login

											
										
										
											2018-10-03 11:11:02 +02:00
+								    else
-												split login and trusted_device logic

											
										
										
											2019-02-01 17:17:10 +01:00
+								      flash[:alert] = 'Votre lien est invalide ou expiré, un nouveau vient de vous être envoyé.'
 								      send_login_token_or_bufferize(gestionnaire)
 								      redirect_to link_sent_path(email: gestionnaire.email)
-												Session: send a mail to confirm gestionnaire login

											
										
										
											2018-10-03 11:11:02 +02:00
+								    end
 								  end
-												Connexion page is contextualized with procedure title and description when is access with link.

											
										
										
											2016-05-26 15:59:50 +02:00
+								  private
-												[#884] add user
											
										
										
											2015-09-23 10:02:01 +02:00
-												Add remember me on login

											
										
										
											2017-03-07 10:15:33 +01:00
+								  def try_to_authenticate(klass, remember_me = false)
-												Avoid assignments in conditions
											
										
										
											2018-03-06 12:01:45 +01:00
+								    resource = klass.find_for_database_authentication(email: params[:user][:email])
 								    if resource.present?
-												add alert for account is locked

											
										
										
											2019-06-25 18:00:13 +02:00
+								      if resource.valid_password?(params[:user][:password])
 								        resource.remember_me = remember_me
 								        sign_in resource
 								        resource.force_sync_credentials
-												Sign user + gestionnaire in (OpenSimplif)

Hacks into users/sessions to sign in and sign out a gestionnaire
and/or a user at the same time, as long as credentials are
identical (same email, same password).

											
										
										
											2016-10-11 11:12:45 +02:00
+								      end
 								    end
-												add alert for account is locked

											
										
										
											2019-06-25 18:00:13 +02:00
+								    resource
 								  end
 								  def resource_locked?(resource)
 								    resource.present? && resource.access_locked?
-												Sign user + gestionnaire in (OpenSimplif)

Hacks into users/sessions to sign in and sign out a gestionnaire
and/or a user at the same time, as long as credentials are
identical (same email, same password).

											
										
										
											2016-10-11 11:12:45 +02:00
+								  end
-												[#884] add user
											
										
										
											2015-09-23 10:02:01 +02:00
+								end