demarches-normaliennes/app/controllers/users/sessions_controller.rb

class Users::SessionsController < Sessions::SessionsController
# before_filter :configure_sign_in_params, only: [:create]

  def demo
    return redirect_to root_path if Rails.env.production?

    @user = User.new(email: 'demo@tps.fr', password: 'password')

    render 'new'
  end

# GET /resource/sign_in
  def new
    unless user_return_to_procedure_id.nil?
      @dossier = Dossier.new(procedure: Procedure.active(user_return_to_procedure_id))
    end

    @user = User.new
  rescue ActiveRecord::RecordNotFound
    error_procedure
  end

#POST /resource/sign_in
  def create
    try_to_authenticate(User)
    try_to_authenticate(Gestionnaire) if Features.unified_login

    if user_signed_in?
      current_user.update_attributes(loged_in_with_france_connect: '')
    end

    if user_signed_in?
      redirect_to after_sign_in_path_for(:user)
    elsif gestionnaire_signed_in?
      redirect_to backoffice_path
    else
      new
      render :new, status: 401
    end
  end

# DELETE /resource/sign_out
  def destroy
    if gestionnaire_signed_in?
      sign_out :gestionnaire
    end

    if user_signed_in?
      connected_with_france_connect = current_user.loged_in_with_france_connect
      current_user.update_attributes(loged_in_with_france_connect: '')

      sign_out :user

      if connected_with_france_connect == 'entreprise'
        redirect_to FRANCE_CONNECT.entreprise_logout_endpoint
        return
      elsif connected_with_france_connect == 'particulier'
        redirect_to FRANCE_CONNECT.particulier_logout_endpoint
        return
      end
    end

    respond_to_on_destroy
  end

  def no_procedure
    session['user_return_to'] = nil
    redirect_to new_user_session_path
  end

  private

  def error_procedure
    flash.alert = t('errors.messages.procedure_not_found')
    redirect_to url_for root_path
  end

  def user_return_to_procedure_id
    return nil if session["user_return_to"].nil?

    NumberService.to_number session["user_return_to"].split("?procedure_id=").second
  end

  def try_to_authenticate(klass)
    if resource = klass.find_for_database_authentication(email: params[:user][:email])
      if resource.valid_password?(params[:user][:password])
        sign_in resource
        set_flash_message :notice, :signed_in
      end
    end
  end
end
sign_out all devises connect before sign_in an other 2015-12-09 15:10:11 +01:00			`class Users::SessionsController < Sessions::SessionsController`
[#884] add user 2015-09-23 10:02:01 +02:00			`# before_filter :configure_sign_in_params, only: [:create]`

Demo sign_in page for users and gestionnaires 2016-02-15 17:13:16 +01:00			`def demo`
Don't access at user/sign_in/demi and gestionnaire/sign_in/demo on env production 2016-02-19 15:04:29 +01:00			`return redirect_to root_path if Rails.env.production?`

Demo sign_in page for users and gestionnaires 2016-02-15 17:13:16 +01:00			`@user = User.new(email: 'demo@tps.fr', password: 'password')`

			`render 'new'`
			`end`

Add FranceConnect Particulier Reactivate FranceConnect Entreprise 2015-12-24 10:12:23 +01:00			`# GET /resource/sign_in`
Demo sign_in page for users and gestionnaires 2016-02-15 17:13:16 +01:00			`def new`
Connexion page is contextualized with procedure title and description when is access with link. 2016-05-26 15:59:50 +02:00			`unless user_return_to_procedure_id.nil?`
Add draft/publish status for procedure. 2016-06-09 17:49:38 +02:00			`@dossier = Dossier.new(procedure: Procedure.active(user_return_to_procedure_id))`
Connexion page is contextualized with procedure title and description when is access with link. 2016-05-26 15:59:50 +02:00			`end`

Demo sign_in page for users and gestionnaires 2016-02-15 17:13:16 +01:00			`@user = User.new`
Connexion page is contextualized with procedure title and description when is access with link. 2016-05-26 15:59:50 +02:00			`rescue ActiveRecord::RecordNotFound`
			`error_procedure`
Demo sign_in page for users and gestionnaires 2016-02-15 17:13:16 +01:00			`end`
[#884] add user 2015-09-23 10:02:01 +02:00
Add FranceConnect Particulier Reactivate FranceConnect Entreprise 2015-12-24 10:12:23 +01:00			`#POST /resource/sign_in`
[bis] force login_with_france_connect at false when connection devise user 2015-10-07 14:19:16 +02:00			`def create`
Sign user + gestionnaire in (OpenSimplif) Hacks into users/sessions to sign in and sign out a gestionnaire and/or a user at the same time, as long as credentials are identical (same email, same password). 2016-10-11 11:12:45 +02:00			`try_to_authenticate(User)`
Fix features flip on user connection for unified_login 2016-10-20 11:48:40 +02:00			`try_to_authenticate(Gestionnaire) if Features.unified_login`
[bis] force login_with_france_connect at false when connection devise user 2015-10-07 14:19:16 +02:00
Sign user + gestionnaire in (OpenSimplif) Hacks into users/sessions to sign in and sign out a gestionnaire and/or a user at the same time, as long as credentials are identical (same email, same password). 2016-10-11 11:12:45 +02:00			`if user_signed_in?`
			`current_user.update_attributes(loged_in_with_france_connect: '')`
			`end`

Fix features flip on user connection for unified_login 2016-10-20 11:48:40 +02:00			`if user_signed_in?`
Sign user + gestionnaire in (OpenSimplif) Hacks into users/sessions to sign in and sign out a gestionnaire and/or a user at the same time, as long as credentials are identical (same email, same password). 2016-10-11 11:12:45 +02:00			`redirect_to after_sign_in_path_for(:user)`
Fix features flip on user connection for unified_login 2016-10-20 11:48:40 +02:00			`elsif gestionnaire_signed_in?`
			`redirect_to backoffice_path`
Sign user + gestionnaire in (OpenSimplif) Hacks into users/sessions to sign in and sign out a gestionnaire and/or a user at the same time, as long as credentials are identical (same email, same password). 2016-10-11 11:12:45 +02:00			`else`
			`new`
			`render :new, status: 401`
			`end`
[bis] force login_with_france_connect at false when connection devise user 2015-10-07 14:19:16 +02:00			`end`
[#884] add user 2015-09-23 10:02:01 +02:00
Demo sign_in page for users and gestionnaires 2016-02-15 17:13:16 +01:00			`# DELETE /resource/sign_out`
add france connect logout process 2015-10-07 16:38:29 +02:00			`def destroy`
Sign user + gestionnaire in (OpenSimplif) Hacks into users/sessions to sign in and sign out a gestionnaire and/or a user at the same time, as long as credentials are identical (same email, same password). 2016-10-11 11:12:45 +02:00			`if gestionnaire_signed_in?`
			`sign_out :gestionnaire`
			`end`
add france connect logout process 2015-10-07 16:38:29 +02:00
Sign user + gestionnaire in (OpenSimplif) Hacks into users/sessions to sign in and sign out a gestionnaire and/or a user at the same time, as long as credentials are identical (same email, same password). 2016-10-11 11:12:45 +02:00			`if user_signed_in?`
			`connected_with_france_connect = current_user.loged_in_with_france_connect`
			`current_user.update_attributes(loged_in_with_france_connect: '')`
add france connect logout process 2015-10-07 16:38:29 +02:00
Sign user + gestionnaire in (OpenSimplif) Hacks into users/sessions to sign in and sign out a gestionnaire and/or a user at the same time, as long as credentials are identical (same email, same password). 2016-10-11 11:12:45 +02:00			`sign_out :user`

			`if connected_with_france_connect == 'entreprise'`
			`redirect_to FRANCE_CONNECT.entreprise_logout_endpoint`
			`return`
			`elsif connected_with_france_connect == 'particulier'`
			`redirect_to FRANCE_CONNECT.particulier_logout_endpoint`
			`return`
			`end`
add france connect logout process 2015-10-07 16:38:29 +02:00			`end`
Sign user + gestionnaire in (OpenSimplif) Hacks into users/sessions to sign in and sign out a gestionnaire and/or a user at the same time, as long as credentials are identical (same email, same password). 2016-10-11 11:12:45 +02:00
			`respond_to_on_destroy`
add france connect logout process 2015-10-07 16:38:29 +02:00			`end`
[#884] add user 2015-09-23 10:02:01 +02:00
Connexion page is contextualized with procedure title and description when is access with link. 2016-05-26 15:59:50 +02:00			`def no_procedure`
			`session['user_return_to'] = nil`
			`redirect_to new_user_session_path`
			`end`

			`private`
[#884] add user 2015-09-23 10:02:01 +02:00
Connexion page is contextualized with procedure title and description when is access with link. 2016-05-26 15:59:50 +02:00			`def error_procedure`
			`flash.alert = t('errors.messages.procedure_not_found')`
			`redirect_to url_for root_path`
			`end`

			`def user_return_to_procedure_id`
			`return nil if session["user_return_to"].nil?`

			`NumberService.to_number session["user_return_to"].split("?procedure_id=").second`
			`end`
Sign user + gestionnaire in (OpenSimplif) Hacks into users/sessions to sign in and sign out a gestionnaire and/or a user at the same time, as long as credentials are identical (same email, same password). 2016-10-11 11:12:45 +02:00
			`def try_to_authenticate(klass)`
			`if resource = klass.find_for_database_authentication(email: params[:user][:email])`
			`if resource.valid_password?(params[:user][:password])`
			`sign_in resource`
			`set_flash_message :notice, :signed_in`
			`end`
			`end`
			`end`
[#884] add user 2015-09-23 10:02:01 +02:00			`end`