demarches-normaliennes/app/controllers/users/sessions_controller.rb

124 lines
3.6 KiB
Ruby
Raw Normal View History

class Users::SessionsController < Sessions::SessionsController
include ProcedureContextConcern
2018-10-30 18:24:29 +01:00
include TrustedDeviceConcern
include ActionView::Helpers::DateHelper
layout 'procedure_context', only: [:new, :create]
before_action :restore_procedure_context, only: [:new, :create]
# GET /resource/sign_in
def new
@user = User.new
end
2015-09-23 10:02:01 +02:00
# POST /resource/sign_in
def create
2017-03-07 10:15:33 +01:00
remember_me = params[:user][:remember_me] == '1'
try_to_authenticate(User, remember_me)
try_to_authenticate(Gestionnaire, remember_me)
try_to_authenticate(Administrateur, remember_me)
if user_signed_in?
current_user.update(loged_in_with_france_connect: nil)
end
if gestionnaire_signed_in?
if trusted_device? || !current_gestionnaire.feature_enabled?(:enable_email_login_token)
set_flash_message :notice, :signed_in
redirect_to after_sign_in_path_for(:user)
2018-10-30 18:24:29 +01:00
else
gestionnaire = current_gestionnaire
send_login_token_or_bufferize(gestionnaire)
2018-10-30 18:24:29 +01:00
[:user, :gestionnaire, :administrateur].each { |role| sign_out(role) }
2018-10-30 18:24:29 +01:00
redirect_to link_sent_path(email: gestionnaire.email)
end
elsif user_signed_in?
set_flash_message :notice, :signed_in
redirect_to after_sign_in_path_for(:user)
else
flash.alert = 'Mauvais couple login / mot de passe'
new
render :new, status: 401
end
end
2015-09-23 10:02:01 +02:00
def link_sent
@email = params[:email]
end
# DELETE /resource/sign_out
2015-10-07 16:38:29 +02:00
def destroy
2018-10-01 13:24:37 +02:00
if gestionnaire_signed_in?
sign_out :gestionnaire
end
if administrateur_signed_in?
sign_out :administrateur
end
2015-10-07 16:38:29 +02:00
if user_signed_in?
connected_with_france_connect = current_user.loged_in_with_france_connect
current_user.update(loged_in_with_france_connect: '')
2015-10-07 16:38:29 +02:00
sign_out :user
case connected_with_france_connect
when User.loged_in_with_france_connects.fetch(:particulier)
2018-01-11 14:04:24 +01:00
redirect_to FRANCE_CONNECT[:particulier][:logout_endpoint]
return
end
2015-10-07 16:38:29 +02:00
end
respond_to_on_destroy
2015-10-07 16:38:29 +02:00
end
2015-09-23 10:02:01 +02:00
def no_procedure
clear_stored_location_for(:user)
redirect_to new_user_session_path
end
def sign_in_by_link
gestionnaire = Gestionnaire.find(params[:id])
if gestionnaire&.login_token_valid?(params[:jeton])
2018-10-30 18:24:29 +01:00
trust_device
flash.notice = "Merci davoir confirmé votre connexion. Votre navigateur est maintenant authentifié pour #{TRUSTED_DEVICE_PERIOD.to_i / ActiveSupport::Duration::SECONDS_PER_DAY} jours."
user = User.find_by(email: gestionnaire.email)
administrateur = Administrateur.find_by(email: gestionnaire.email)
[user, gestionnaire, administrateur].compact.each { |resource| sign_in(resource) }
# redirect to procedure'url if stored by store_location_for(:user) in dossiers_controller
# redirect to root_path otherwise
redirect_to after_sign_in_path_for(:user)
else
flash[:alert] = 'Votre lien est invalide ou expiré, veuillez-vous reconnecter.'
redirect_to new_user_session_path
end
end
private
2015-09-23 10:02:01 +02:00
def send_login_token_or_bufferize(gestionnaire)
if !gestionnaire.young_login_token?
login_token = gestionnaire.login_token!
GestionnaireMailer.send_login_token(gestionnaire, login_token).deliver_later
end
end
2017-03-07 10:15:33 +01:00
def try_to_authenticate(klass, remember_me = false)
2018-03-06 12:01:45 +01:00
resource = klass.find_for_database_authentication(email: params[:user][:email])
if resource.present?
if resource.valid_password?(params[:user][:password])
2017-03-07 10:15:33 +01:00
resource.remember_me = remember_me
sign_in resource
2017-02-07 16:56:21 +01:00
resource.force_sync_credentials
end
end
end
2015-09-23 10:02:01 +02:00
end