Class: RailsBase::Users::SessionsController

Inherits:

Devise::SessionsController

• Object
• Devise::SessionsController
• RailsBase::Users::SessionsController

Defined in:

app/controllers/rails_base/users/sessions_controller.rb

Instance Method Summary

• #create ⇒ Object

  POST /user/sign_in.

• #destroy ⇒ Object

  DELETE /user/sign_out.

• #hearbeat_with_auth ⇒ Object

  POST /heartbeat.

• #hearbeat_without_auth ⇒ Object

  GET /heartbeat.

• #new ⇒ Object

  GET /user/sign_in.

Instance Method Details

#create ⇒ Object

POST /user/sign_in

# File 'app/controllers/rails_base/users/sessions_controller.rb', line 14

def create
  # Warden/Devise will try to sign the user in before we explicitly do
  # Sign ou the user when this happens so we can sign them back in later
  sign_out(current_user) if current_user

  authenticate = RailsBase::Authentication::AuthenticateUser.call(email: params[:user][:email], password: params[:user][:password])

  if authenticate.failure?
    @user = User.new(email: params[:user][:email])
    flash[:alert] = authenticate.message
    render template: 'rails_base/devise/sessions/new'
    return
  end

  mfa_decision = RailsBase::Authentication::DecisionTwofaType.call(user: authenticate.user)
  if mfa_decision.failure?
    redirect_to RailsBase.url_routes.new_user_session_path, email: params[:user][:email], alert: mfa_decision.message
    return
  end

  if mfa_decision.set_mfa_randomized_token
    session[:mfa_randomized_token] =
      RailsBase::Authentication::MfaSetEncryptToken.call(
        user: authenticate.user,
        expires_at: mfa_decision.token_ttl,
        purpose: mfa_decision.mfa_purpose,
      ).encrypted_val
  end

  redirect =
    if mfa_decision.sign_in_user
      sign_in(authenticate.user)
      # only referentially redirect when we know the user should sign in
      redirect_from_reference
    end

  redirect ||= mfa_decision.redirect_url

  logger.info { "Successful sign in: Redirecting to #{redirect}" }

  redirect_to(redirect, mfa_decision.flash)
end

#destroy ⇒ Object

DELETE /user/sign_out

# File 'app/controllers/rails_base/users/sessions_controller.rb', line 58

def destroy
  session[:mfa_randomized_token] = nil

  # force the user to sign out
  sign_out(current_user)
  reset_session

  admin_reset_session!

  flash[:notice] = 'You have been succesfully signed out'
  redirect_to RailsBase.url_routes.unauthenticated_root_path
end

#hearbeat_with_auth ⇒ Object

POST /heartbeat

# File 'app/controllers/rails_base/users/sessions_controller.rb', line 78

def hearbeat_with_auth
  heartbeat
end

#hearbeat_without_auth ⇒ Object

GET /heartbeat

# File 'app/controllers/rails_base/users/sessions_controller.rb', line 72

def hearbeat_without_auth
  skip_capture_reference!
  heartbeat
end

#new ⇒ Object

GET /user/sign_in

# File 'app/controllers/rails_base/users/sessions_controller.rb', line 8

def new
  @user = User.new
  render template: 'rails_base/devise/sessions/new'
end