Class: SessionsController

Inherits:
Devise::SessionsController
  • Object
show all
Extended by:
Gitlab::Utils::Override
Includes:
AcceptsPendingInvitations, AuthenticatesWithTwoFactor, BizibleCSP, CheckInitialSetup, Devise::Controllers::Rememberable, Gitlab::Utils::StrongMemoize, InternalRedirect, KnownSignIn, OneTrustCSP, PreferredLanguageSwitcher, Recaptcha::Adapters::ControllerMethods, Recaptcha::Adapters::ViewMethods, RendersLdapServers, SkipsAlreadySignedInMessage, SynchronizeBroadcastMessageDismissals, VerifiesWithEmail
Defined in:
app/controllers/sessions_controller.rb

Constant Summary collapse

CAPTCHA_HEADER = 
'X-GitLab-Show-Login-Captcha'
MAX_FAILED_LOGIN_ATTEMPTS = 
5
PRESERVE_COOKIES = 
%w[current_signin_tab preferred_language].freeze

Constants included from PreferredLanguageSwitcherHelper

PreferredLanguageSwitcherHelper::SWITCHER_MINIMUM_TRANSLATION_LEVEL

Constants included from VerifiesWithEmail

VerifiesWithEmail::VERIFICATION_REASON_EMAIL_OTP, VerifiesWithEmail::VERIFICATION_REASON_EMAIL_OTP_RESEND, VerifiesWithEmail::VERIFICATION_REASON_LOCK_RESEND, VerifiesWithEmail::VERIFICATION_REASON_NEW_TOKEN_NEEDED, VerifiesWithEmail::VERIFICATION_REASON_UNTRUSTED_IP

Constants included from KnownSignIn

KnownSignIn::KNOWN_SIGN_IN_COOKIE, KnownSignIn::KNOWN_SIGN_IN_COOKIE_EXPIRY

Constants included from CookiesHelper

CookiesHelper::COOKIE_TYPE_ENCRYPTED, CookiesHelper::COOKIE_TYPE_PERMANENT

Constants included from Authn::WebauthnInstrumentation

Authn::WebauthnInstrumentation::PASSKEY_EVENT_TRACKING_ENTRY_POINT, Authn::WebauthnInstrumentation::PASSKEY_EVENT_TRACKING_STATUS

Instance Method Summary collapse

Methods included from Gitlab::Utils::Override

extended, extensions, included, method_added, override, prepended, queue_verification, verify!

Methods included from SynchronizeBroadcastMessageDismissals

#synchronize_broadcast_message_dismissals

Methods included from AcceptsPendingInvitations

#accept_pending_invitations

Methods included from SkipsAlreadySignedInMessage

#require_no_authentication_without_flash

Methods included from PreferredLanguageSwitcherHelper

#ordered_selectable_locales

Methods included from VerifiesWithEmail

#fallback_to_email_otp, #resend_verification_code, #skip_verification_confirmation, #skip_verification_for_now, #successful_verification, #verify_with_email

Methods included from VerifiesWithEmailHelper

#permitted_to_skip_email_otp_in_grace_period?, #treat_as_locked?, #trusted_ip_address?

Methods included from CookiesHelper

#set_secure_cookie

Methods included from RendersLdapServers

#ldap_servers

Methods included from CheckInitialSetup

#in_initial_setup_state?

Methods included from AuthenticatesWithTwoFactor

#authenticate_with_two_factor, #handle_locked_user, #handle_passwordless_flow, #locked_user_redirect, #prompt_for_passwordless_authentication_via_passkey, #prompt_for_two_factor

Methods included from Authn::WebauthnInstrumentation

#track_passkey_internal_event

Methods included from Gitlab::InternalEventsTracking

#track_internal_event

Methods included from InternalRedirect

#full_path_for_uri, #host_allowed?, #referer_path, #safe_redirect_path, #safe_redirect_path_for_url, #sanitize_redirect

Instance Method Details

#createObject 



82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
 
# File 'app/controllers/sessions_controller.rb', line 82

def create
  super do |resource|
    # User has successfully signed in, so clear any unused reset token
    resource.update(reset_password_token: nil, reset_password_sent_at: nil) if resource.reset_password_token.present?

    if resource.deactivated?
      resource.activate
      flash[:notice] = _('Welcome back! Your account had been deactivated due to inactivity but is now reactivated.')
    else
      # hide the default signed-in notification
      flash[:notice] = nil
    end

    accept_pending_invitations

    synchronize_broadcast_message_dismissals(current_user)

    log_audit_event(current_user, resource, with: authentication_method)
    log_user_activity(current_user)
  end
end

#destroyObject 



104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
 
# File 'app/controllers/sessions_controller.rb', line 104

def destroy
  headers['Clear-Site-Data'] = '"cache", "storage", "executionContexts", "clientHints"'
  Gitlab::AppLogger.info("User Logout: username=#{current_user.username} ip=#{request.remote_ip}")

  super

  # hide the signed_out notice
  flash[:notice] = nil

  # cookies must be deleted after super call
  # Warden sets some cookies for deletion, this will not override those settings
  cookies.each do |cookie|
    next if PRESERVE_COOKIES.include?(cookie[0])

    cookies.delete(cookie[0])
  end
end

#newObject 



67
68
69
70
71
 
# File 'app/controllers/sessions_controller.rb', line 67

def new
  set_minimum_password_length

  super
end

#new_passkeyObject 



73
74
75
76
77
78
79
80
 
# File 'app/controllers/sessions_controller.rb', line 73

def new_passkey
  if Feature.enabled?(:passkeys, Feature.current_request) &&
      Gitlab::CurrentSettings.password_authentication_enabled_for_web?
    handle_passwordless_flow
  else
    render_403
  end
end

#sign_in_pathObject 



122
123
124
125
126
127
128
129
130
131
132
133
 
# File 'app/controllers/sessions_controller.rb', line 122

def 
  return render_404 unless Feature.enabled?(:two_step_sign_in, Feature.current_request)

  respond_to do |format|
    format.json do
      render json: { sign_in_path:  }
    end
    format.html do
      render_404
    end
  end
end