demarches-normaliennes/app/controllers/users/sessions_controller.rb
2019-01-07 12:17:05 +01:00

131 lines
3.8 KiB
Ruby
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

class Users::SessionsController < Sessions::SessionsController
include TrustedDeviceConcern
include ActionView::Helpers::DateHelper
# GET /resource/sign_in
def new
if user_return_to_procedure_id.present? # WTF ?
@dossier = Dossier.new(procedure: Procedure.active(user_return_to_procedure_id))
end
@user = User.new
rescue ActiveRecord::RecordNotFound
error_procedure
end
# POST /resource/sign_in
def create
remember_me = params[:user][:remember_me] == '1'
try_to_authenticate(User, remember_me)
try_to_authenticate(Gestionnaire, remember_me)
try_to_authenticate(Administrateur, remember_me)
if user_signed_in?
current_user.update(loged_in_with_france_connect: '')
end
if gestionnaire_signed_in?
if trusted_device? || !current_gestionnaire.feature_enabled?(:enable_email_login_token)
set_flash_message :notice, :signed_in
redirect_to after_sign_in_path_for(:user)
else
gestionnaire = current_gestionnaire
login_token = gestionnaire.login_token!
GestionnaireMailer.send_login_token(gestionnaire, login_token).deliver_later
[:user, :gestionnaire, :administrateur].each { |role| sign_out(role) }
redirect_to link_sent_path(email: gestionnaire.email)
end
elsif user_signed_in?
set_flash_message :notice, :signed_in
redirect_to after_sign_in_path_for(:user)
else
flash.alert = 'Mauvais couple login / mot de passe'
new
render :new, status: 401
end
end
def link_sent
@email = params[:email]
end
# DELETE /resource/sign_out
def destroy
if gestionnaire_signed_in?
sign_out :gestionnaire
end
if administrateur_signed_in?
sign_out :administrateur
end
if user_signed_in?
connected_with_france_connect = current_user.loged_in_with_france_connect
current_user.update(loged_in_with_france_connect: '')
sign_out :user
case connected_with_france_connect
when User.loged_in_with_france_connects.fetch(:particulier)
redirect_to FRANCE_CONNECT[:particulier][:logout_endpoint]
return
end
end
respond_to_on_destroy
end
def no_procedure
session['user_return_to'] = nil
redirect_to new_user_session_path
end
def sign_in_by_link
gestionnaire = Gestionnaire.find(params[:id])
if gestionnaire&.login_token_valid?(params[:jeton])
trust_device
flash.notice = "Merci davoir confirmé votre connexion. Votre navigateur est maintenant authentifié pour #{TRUSTED_DEVICE_PERIOD.to_i / ActiveSupport::Duration::SECONDS_PER_DAY} jours."
user = User.find_by(email: gestionnaire.email)
administrateur = Administrateur.find_by(email: gestionnaire.email)
[user, gestionnaire, administrateur].compact.each { |resource| sign_in(resource) }
# redirect to procedure'url if stored by store_location_for(:user) in dossiers_controller
# redirect to root_path otherwise
redirect_to after_sign_in_path_for(:user)
else
flash[:alert] = 'Votre lien est invalide ou expiré, veuillez-vous reconnecter.'
redirect_to new_user_session_path
end
end
private
def error_procedure
session["user_return_to"] = nil
flash.alert = t('errors.messages.procedure_not_found')
redirect_to url_for root_path
end
def user_return_to_procedure_id
if session["user_return_to"].nil?
return nil
end
NumberService.to_number session["user_return_to"].split("?procedure_id=").second
end
def try_to_authenticate(klass, remember_me = false)
resource = klass.find_for_database_authentication(email: params[:user][:email])
if resource.present?
if resource.valid_password?(params[:user][:password])
resource.remember_me = remember_me
sign_in resource
resource.force_sync_credentials
end
end
end
end