demarches-normaliennes/app/controllers/users/sessions_controller.rb

134 lines
3.9 KiB
Ruby
Raw Normal View History

class Users::SessionsController < Sessions::SessionsController
2018-10-30 18:24:29 +01:00
include TrustedDeviceConcern
include ActionView::Helpers::DateHelper
2017-06-13 12:33:03 +02:00
layout "new_application"
# GET /resource/sign_in
def new
2018-01-11 19:04:39 +01:00
if user_return_to_procedure_id.present? # WTF ?
@dossier = Dossier.new(procedure: Procedure.active(user_return_to_procedure_id))
end
@user = User.new
rescue ActiveRecord::RecordNotFound
error_procedure
end
2015-09-23 10:02:01 +02:00
# POST /resource/sign_in
def create
2017-03-07 10:15:33 +01:00
remember_me = params[:user][:remember_me] == '1'
try_to_authenticate(User, remember_me)
try_to_authenticate(Gestionnaire, remember_me)
try_to_authenticate(Administrateur, remember_me)
if user_signed_in?
current_user.update(loged_in_with_france_connect: '')
end
if gestionnaire_signed_in?
if trusted_device? || !current_gestionnaire.feature_enabled?(:enable_email_login_token)
set_flash_message :notice, :signed_in
redirect_to after_sign_in_path_for(:user)
2018-10-30 18:24:29 +01:00
else
gestionnaire = current_gestionnaire
login_token = gestionnaire.login_token!
GestionnaireMailer.send_login_token(gestionnaire, login_token).deliver_later
2018-10-30 18:24:29 +01:00
[:user, :gestionnaire, :administrateur].each { |role| sign_out(role) }
2018-10-30 18:24:29 +01:00
redirect_to link_sent_path(email: gestionnaire.email)
end
elsif user_signed_in?
set_flash_message :notice, :signed_in
redirect_to after_sign_in_path_for(:user)
else
flash.alert = 'Mauvais couple login / mot de passe'
new
render :new, status: 401
end
end
2015-09-23 10:02:01 +02:00
def link_sent
@email = params[:email]
end
# DELETE /resource/sign_out
2015-10-07 16:38:29 +02:00
def destroy
2018-10-01 13:24:37 +02:00
if gestionnaire_signed_in?
sign_out :gestionnaire
end
if administrateur_signed_in?
sign_out :administrateur
end
2015-10-07 16:38:29 +02:00
if user_signed_in?
connected_with_france_connect = current_user.loged_in_with_france_connect
current_user.update(loged_in_with_france_connect: '')
2015-10-07 16:38:29 +02:00
sign_out :user
case connected_with_france_connect
when User.loged_in_with_france_connects.fetch(:particulier)
2018-01-11 14:04:24 +01:00
redirect_to FRANCE_CONNECT[:particulier][:logout_endpoint]
return
end
2015-10-07 16:38:29 +02:00
end
respond_to_on_destroy
2015-10-07 16:38:29 +02:00
end
2015-09-23 10:02:01 +02:00
def no_procedure
session['user_return_to'] = nil
redirect_to new_user_session_path
end
def sign_in_by_link
gestionnaire = Gestionnaire.find(params[:id])
if gestionnaire&.login_token_valid?(params[:jeton])
2018-10-30 18:24:29 +01:00
trust_device
flash.notice = "Merci davoir confirmé votre connexion. Votre navigateur est maintenant authentifié pour #{TRUSTED_DEVICE_PERIOD.to_i / ActiveSupport::Duration::SECONDS_PER_DAY} jours."
user = User.find_by(email: gestionnaire.email)
administrateur = Administrateur.find_by(email: gestionnaire.email)
[user, gestionnaire, administrateur].compact.each { |resource| sign_in(resource) }
# redirect to procedure'url if stored by store_location_for(:user) in dossiers_controller
# redirect to root_path otherwise
redirect_to after_sign_in_path_for(:user)
else
flash[:alert] = 'Votre lien est invalide ou expiré, veuillez-vous reconnecter.'
redirect_to new_user_session_path
end
end
private
2015-09-23 10:02:01 +02:00
def error_procedure
session["user_return_to"] = nil
flash.alert = t('errors.messages.procedure_not_found')
redirect_to url_for root_path
end
def user_return_to_procedure_id
2018-10-01 13:24:37 +02:00
if session["user_return_to"].nil?
return nil
end
NumberService.to_number session["user_return_to"].split("?procedure_id=").second
end
2017-03-07 10:15:33 +01:00
def try_to_authenticate(klass, remember_me = false)
2018-03-06 12:01:45 +01:00
resource = klass.find_for_database_authentication(email: params[:user][:email])
if resource.present?
if resource.valid_password?(params[:user][:password])
2017-03-07 10:15:33 +01:00
resource.remember_me = remember_me
sign_in resource
2017-02-07 16:56:21 +01:00
resource.force_sync_credentials
end
end
end
2015-09-23 10:02:01 +02:00
end