scinote-web/app/controllers/users/sessions_controller.rb

56 lines
1.6 KiB
Ruby
Raw Normal View History

2016-02-12 23:52:43 +08:00
class Users::SessionsController < Devise::SessionsController
# before_filter :configure_sign_in_params, only: [:create]
2016-02-12 23:52:43 +08:00
# GET /resource/sign_in
def new
2018-11-26 21:23:26 +08:00
# If user was redirected here from OAuth's authorize/new page (Doorkeeper
# endpoint for authorizing an OAuth client), 3rd party sign-in buttons
# (e.g. LinkedIn) should be hidden. See config/initializers/devise.rb.
2018-11-27 17:58:51 +08:00
@oauth_authorize = session['oauth_authorize'] == true
super
end
2016-02-12 23:52:43 +08:00
# POST /resource/sign_in
# def create
# super
# end
# DELETE /resource/sign_out
# def destroy
# super
# end
# Singing in with authentication token (needed when signing in automatically
# from another website). NOTE: For some reason URL needs to end with '/'.
def auth_token_create
user = User.find_by_email(params[:user_email])
user_token = params[:user_token]
# Remove trailing slash if present
user_token.chop! if !user_token.nil? && user_token.end_with?('/')
if user && user.authentication_token == user_token
sign_in(:user, user)
# This will cause new token to be generated
user.update(authentication_token: nil)
redirect_url = root_path
else
flash[:error] = t('devise.sessions.auth_token_create.wrong_credentials')
redirect_url = new_user_session_path
end
respond_to do |format|
format.html do
redirect_to redirect_url
end
end
end
2016-02-12 23:52:43 +08:00
protected
# If you have extra params to permit, append them to the sanitizer.
def configure_sign_in_params
devise_parameter_sanitizer.for(:sign_in) << :attribute
end
end