demarches-normaliennes/app/controllers/users/sessions_controller.rb
2019-08-12 13:47:01 +02:00

123 lines
3.3 KiB
Ruby
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

class Users::SessionsController < Sessions::SessionsController
include ProcedureContextConcern
include TrustedDeviceConcern
include ActionView::Helpers::DateHelper
layout 'procedure_context', only: [:new, :create]
before_action :restore_procedure_context, only: [:new, :create]
# GET /resource/sign_in
def new
@user = User.new
end
# POST /resource/sign_in
def create
remember_me = params[:user][:remember_me] == '1'
if resource_locked?(try_to_authenticate(User, remember_me)) ||
resource_locked?(try_to_authenticate(Instructeur, remember_me)) ||
resource_locked?(try_to_authenticate(Administrateur, remember_me))
flash.alert = 'Votre compte est verrouillé.'
new
return render :new, status: 401
end
if user_signed_in?
current_user.update(loged_in_with_france_connect: nil)
end
if instructeur_signed_in? || user_signed_in?
set_flash_message :notice, :signed_in
redirect_to after_sign_in_path_for(:user)
else
flash.alert = 'Mauvais couple login / mot de passe'
new
render :new, status: 401
end
end
def link_sent
@email = params[:email]
end
# DELETE /resource/sign_out
def destroy
if instructeur_signed_in?
sign_out :instructeur
end
if administrateur_signed_in?
sign_out :administrateur
end
if user_signed_in?
connected_with_france_connect = current_user.loged_in_with_france_connect
current_user.update(loged_in_with_france_connect: '')
sign_out :user
case connected_with_france_connect
when User.loged_in_with_france_connects.fetch(:particulier)
redirect_to FRANCE_CONNECT[:particulier][:logout_endpoint]
return
end
end
respond_to_on_destroy
end
def no_procedure
clear_stored_location_for(:user)
redirect_to new_user_session_path
end
def sign_in_by_link
instructeur = Instructeur.find(params[:id])
trusted_device_token = instructeur
.trusted_device_tokens
.find_by(token: params[:jeton])
if trusted_device_token&.token_valid?
trust_device(trusted_device_token.created_at)
period = ((trusted_device_token.created_at + TRUSTED_DEVICE_PERIOD) - Time.zone.now).to_i / ActiveSupport::Duration::SECONDS_PER_DAY
flash.notice = "Merci davoir confirmé votre connexion. Votre navigateur est maintenant authentifié pour #{period} jours."
# redirect to procedure'url if stored by store_location_for(:user) in dossiers_controller
# redirect to root_path otherwise
if instructeur_signed_in?
redirect_to after_sign_in_path_for(:user)
else
redirect_to new_user_session_path
end
else
flash[:alert] = 'Votre lien est invalide ou expiré, un nouveau vient de vous être envoyé.'
send_login_token_or_bufferize(instructeur)
redirect_to link_sent_path(email: instructeur.email)
end
end
private
def try_to_authenticate(klass, remember_me = false)
resource = klass.find_for_database_authentication(email: params[:user][:email])
if resource.present?
if resource.valid_password?(params[:user][:password])
resource.remember_me = remember_me
sign_in resource
resource.force_sync_credentials
end
end
resource
end
def resource_locked?(resource)
resource.present? && resource.access_locked?
end
end