Class: SessionsController

Inherits:
Devise::SessionsController
  • Object
show all
Includes:
AuthenticatesWithTwoFactor, BizibleCSP, Devise::Controllers::Rememberable, Gitlab::Utils::StrongMemoize, GoogleAnalyticsCSP, InternalRedirect, KnownSignIn, OneTrustCSP, Recaptcha::ClientHelper, Recaptcha::Verify, RendersLdapServers, VerifiesWithEmail
Defined in:
app/controllers/sessions_controller.rb

Constant Summary collapse

CAPTCHA_HEADER = 
'X-GitLab-Show-Login-Captcha'
MAX_FAILED_LOGIN_ATTEMPTS = 
5

Constants included from VerifiesWithEmail

VerifiesWithEmail::TOKEN_LENGTH, VerifiesWithEmail::TOKEN_VALID_FOR_MINUTES

Constants included from KnownSignIn

KnownSignIn::KNOWN_SIGN_IN_COOKIE, KnownSignIn::KNOWN_SIGN_IN_COOKIE_EXPIRY

Constants included from CookiesHelper

CookiesHelper::COOKIE_TYPE_ENCRYPTED, CookiesHelper::COOKIE_TYPE_PERMANENT

Instance Method Summary collapse

Methods included from VerifiesWithEmail

#resend_verification_code, #successful_verification, #verify_with_email

Methods included from Gitlab::Utils::StrongMemoize

#clear_memoization, #strong_memoize, #strong_memoized?

Methods included from CookiesHelper

#set_secure_cookie

Methods included from RendersLdapServers

#ldap_servers

Methods included from AuthenticatesWithTwoFactor

#authenticate_with_two_factor, #handle_locked_user, #locked_user_redirect, #prompt_for_two_factor

Methods included from InternalRedirect

#full_path_for_uri, #host_allowed?, #referer_path, #safe_redirect_path, #safe_redirect_path_for_url, #sanitize_redirect

Instance Method Details

#createObject 


69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
 
# File 'app/controllers/sessions_controller.rb', line 69

def create
  super do |resource|
    # User has successfully signed in, so clear any unused reset token
    if resource.reset_password_token.present?
      resource.update(reset_password_token: nil,
                      reset_password_sent_at: nil)
    end

    if resource.deactivated?
      resource.activate
      flash[:notice] = _('Welcome back! Your account had been deactivated due to inactivity but is now reactivated.')
    else
      # hide the default signed-in notification
      flash[:notice] = nil
    end

    log_audit_event(current_user, resource, with: authentication_method)
    log_user_activity(current_user)
  end
end

#destroyObject 


90
91
92
93
94
95
96
97
 
# File 'app/controllers/sessions_controller.rb', line 90

def destroy
  headers['Clear-Site-Data'] = '"*"'

  Gitlab::AppLogger.info("User Logout: username=#{current_user.username} ip=#{request.remote_ip}")
  super
  # hide the signed_out notice
  flash[:notice] = nil
end

#newObject 


63
64
65
66
67
 
# File 'app/controllers/sessions_controller.rb', line 63

def new
  set_minimum_password_length

  super
end