demarches-normaliennes/app/controllers/users/sessions_controller.rb

123 lines
3.3 KiB
Ruby
Raw Normal View History

class Users::SessionsController < Sessions::SessionsController
include ProcedureContextConcern
2018-10-30 18:24:29 +01:00
include TrustedDeviceConcern
include ActionView::Helpers::DateHelper
layout 'procedure_context', only: [:new, :create]
before_action :restore_procedure_context, only: [:new, :create]
# GET /resource/sign_in
def new
@user = User.new
end
2015-09-23 10:02:01 +02:00
# POST /resource/sign_in
def create
2017-03-07 10:15:33 +01:00
remember_me = params[:user][:remember_me] == '1'
2019-06-25 18:00:13 +02:00
if resource_locked?(try_to_authenticate(User, remember_me)) ||
resource_locked?(try_to_authenticate(Administrateur, remember_me))
flash.alert = 'Votre compte est verrouillé.'
new
return render :new, status: 401
end
if user_signed_in?
current_user.update(loged_in_with_france_connect: nil)
end
if instructeur_signed_in? || user_signed_in?
set_flash_message :notice, :signed_in
redirect_to after_sign_in_path_for(:user)
else
flash.alert = 'Mauvais couple login / mot de passe'
new
render :new, status: 401
end
end
2015-09-23 10:02:01 +02:00
def link_sent
@email = params[:email]
end
# DELETE /resource/sign_out
2015-10-07 16:38:29 +02:00
def destroy
if instructeur_signed_in?
sign_out :instructeur
2018-10-01 13:24:37 +02:00
end
if administrateur_signed_in?
sign_out :administrateur
end
2015-10-07 16:38:29 +02:00
if user_signed_in?
connected_with_france_connect = current_user.loged_in_with_france_connect
current_user.update(loged_in_with_france_connect: '')
2015-10-07 16:38:29 +02:00
sign_out :user
case connected_with_france_connect
when User.loged_in_with_france_connects.fetch(:particulier)
2018-01-11 14:04:24 +01:00
redirect_to FRANCE_CONNECT[:particulier][:logout_endpoint]
return
end
2015-10-07 16:38:29 +02:00
end
respond_to_on_destroy
2015-10-07 16:38:29 +02:00
end
2015-09-23 10:02:01 +02:00
def no_procedure
clear_stored_location_for(:user)
redirect_to new_user_session_path
end
def sign_in_by_link
instructeur = Instructeur.find(params[:id])
trusted_device_token = instructeur
.trusted_device_tokens
.find_by(token: params[:jeton])
if trusted_device_token&.token_valid?
trust_device(trusted_device_token.created_at)
period = ((trusted_device_token.created_at + TRUSTED_DEVICE_PERIOD) - Time.zone.now).to_i / ActiveSupport::Duration::SECONDS_PER_DAY
flash.notice = "Merci davoir confirmé votre connexion. Votre navigateur est maintenant authentifié pour #{period} jours."
2018-10-30 18:24:29 +01:00
# redirect to procedure'url if stored by store_location_for(:user) in dossiers_controller
# redirect to root_path otherwise
2019-02-01 17:17:10 +01:00
if instructeur_signed_in?
2019-02-01 17:17:10 +01:00
redirect_to after_sign_in_path_for(:user)
else
redirect_to new_user_session_path
end
else
2019-02-01 17:17:10 +01:00
flash[:alert] = 'Votre lien est invalide ou expiré, un nouveau vient de vous être envoyé.'
send_login_token_or_bufferize(instructeur)
redirect_to link_sent_path(email: instructeur.email)
end
end
private
2015-09-23 10:02:01 +02:00
2017-03-07 10:15:33 +01:00
def try_to_authenticate(klass, remember_me = false)
2018-03-06 12:01:45 +01:00
resource = klass.find_for_database_authentication(email: params[:user][:email])
if resource.present?
2019-06-25 18:00:13 +02:00
if resource.valid_password?(params[:user][:password])
resource.remember_me = remember_me
sign_in resource
resource.force_sync_credentials
end
end
2019-06-25 18:00:13 +02:00
resource
end
def resource_locked?(resource)
resource.present? && resource.access_locked?
end
2015-09-23 10:02:01 +02:00
end