2019-11-29 00:00:43 +08:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2016-02-12 23:52:43 +08:00
|
|
|
class Users::SessionsController < Devise::SessionsController
|
2019-11-29 00:00:43 +08:00
|
|
|
layout :session_layout
|
|
|
|
|
2020-07-01 20:41:55 +08:00
|
|
|
after_action :after_sign_in, only: %i(create authenticate_with_two_factor)
|
2020-07-07 17:13:36 +08:00
|
|
|
before_action :remove_authenticate_mesasge_if_root_path, only: :new
|
2020-06-30 20:16:00 +08:00
|
|
|
prepend_before_action :redirect_2fa, only: :create
|
2019-05-14 23:02:56 +08:00
|
|
|
|
|
|
|
rescue_from ActionController::InvalidAuthenticityToken do
|
|
|
|
redirect_to new_user_session_path
|
|
|
|
end
|
|
|
|
|
2016-02-12 23:52:43 +08:00
|
|
|
# GET /resource/sign_in
|
2018-11-23 22:44:04 +08:00
|
|
|
def new
|
2019-11-29 00:00:43 +08:00
|
|
|
@simple_sign_in = params[:simple_sign_in] == 'true'
|
2018-11-26 21:23:26 +08:00
|
|
|
# If user was redirected here from OAuth's authorize/new page (Doorkeeper
|
|
|
|
# endpoint for authorizing an OAuth client), 3rd party sign-in buttons
|
|
|
|
# (e.g. LinkedIn) should be hidden. See config/initializers/devise.rb.
|
2018-11-27 17:58:51 +08:00
|
|
|
@oauth_authorize = session['oauth_authorize'] == true
|
2018-11-23 22:44:04 +08:00
|
|
|
super
|
|
|
|
end
|
2016-02-12 23:52:43 +08:00
|
|
|
|
|
|
|
# POST /resource/sign_in
|
2019-03-05 17:49:36 +08:00
|
|
|
def create
|
|
|
|
super
|
|
|
|
|
2020-06-30 20:16:00 +08:00
|
|
|
generate_demo_project
|
2019-03-05 17:49:36 +08:00
|
|
|
end
|
|
|
|
|
2020-07-13 15:51:04 +08:00
|
|
|
def two_factor_recovery
|
|
|
|
unless session[:otp_user_id]
|
|
|
|
redirect_to new_user_session_path
|
2019-03-05 17:49:36 +08:00
|
|
|
end
|
|
|
|
end
|
2016-02-12 23:52:43 +08:00
|
|
|
|
|
|
|
# DELETE /resource/sign_out
|
|
|
|
# def destroy
|
|
|
|
# super
|
|
|
|
# end
|
|
|
|
|
2016-11-30 23:27:12 +08:00
|
|
|
# Singing in with authentication token (needed when signing in automatically
|
2016-12-01 21:51:37 +08:00
|
|
|
# from another website). NOTE: For some reason URL needs to end with '/'.
|
2016-11-30 23:27:12 +08:00
|
|
|
def auth_token_create
|
|
|
|
user = User.find_by_email(params[:user_email])
|
2016-12-01 21:51:37 +08:00
|
|
|
user_token = params[:user_token]
|
|
|
|
# Remove trailing slash if present
|
|
|
|
user_token.chop! if !user_token.nil? && user_token.end_with?('/')
|
|
|
|
|
|
|
|
if user && user.authentication_token == user_token
|
2016-11-30 23:27:12 +08:00
|
|
|
sign_in(:user, user)
|
2016-12-01 21:51:37 +08:00
|
|
|
# This will cause new token to be generated
|
|
|
|
user.update(authentication_token: nil)
|
|
|
|
redirect_url = root_path
|
2016-11-30 23:27:12 +08:00
|
|
|
else
|
2016-12-01 21:51:37 +08:00
|
|
|
flash[:error] = t('devise.sessions.auth_token_create.wrong_credentials')
|
|
|
|
redirect_url = new_user_session_path
|
2016-11-30 23:27:12 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
respond_to do |format|
|
|
|
|
format.html do
|
2016-12-01 21:51:37 +08:00
|
|
|
redirect_to redirect_url
|
2016-11-30 23:27:12 +08:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2019-03-05 17:43:39 +08:00
|
|
|
def after_sign_in
|
|
|
|
flash[:system_notification_modal] = true
|
|
|
|
end
|
|
|
|
|
2020-07-22 17:56:36 +08:00
|
|
|
|
2020-06-30 20:16:00 +08:00
|
|
|
def authenticate_with_two_factor
|
|
|
|
user = User.find_by(id: session[:otp_user_id])
|
|
|
|
|
|
|
|
unless user
|
|
|
|
flash[:alert] = t('devise.sessions.2fa.no_user_error')
|
|
|
|
redirect_to root_path && return
|
|
|
|
end
|
|
|
|
|
|
|
|
if user.valid_otp?(params[:otp])
|
|
|
|
session.delete(:otp_user_id)
|
|
|
|
|
|
|
|
sign_in(user)
|
|
|
|
generate_demo_project
|
|
|
|
flash[:notice] = t('devise.sessions.signed_in')
|
|
|
|
redirect_to root_path
|
|
|
|
else
|
|
|
|
flash.now[:alert] = t('devise.sessions.2fa.error_message')
|
|
|
|
render :two_factor_auth
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2020-07-13 15:51:04 +08:00
|
|
|
def authenticate_with_recovery_code
|
|
|
|
user = User.find_by(id: session[:otp_user_id])
|
|
|
|
|
|
|
|
unless user
|
|
|
|
flash[:alert] = t('devise.sessions.2fa.no_user_error')
|
|
|
|
redirect_to root_path && return
|
|
|
|
end
|
|
|
|
|
|
|
|
session.delete(:otp_user_id)
|
|
|
|
if user.recover_2fa!(params[:recovery_code])
|
|
|
|
sign_in(user)
|
|
|
|
generate_demo_project
|
|
|
|
flash[:notice] = t('devise.sessions.signed_in')
|
2020-07-13 22:05:23 +08:00
|
|
|
redirect_to root_path
|
2020-07-13 15:51:04 +08:00
|
|
|
else
|
2020-07-13 22:05:23 +08:00
|
|
|
flash[:alert] = t("devise.sessions.2fa_recovery.not_correct_code")
|
|
|
|
redirect_to new_user_session_path
|
2020-07-13 15:51:04 +08:00
|
|
|
end
|
2020-07-13 22:05:23 +08:00
|
|
|
|
2020-07-13 15:51:04 +08:00
|
|
|
end
|
|
|
|
|
2020-07-22 18:37:18 +08:00
|
|
|
private
|
|
|
|
|
|
|
|
def remove_authenticate_mesasge_if_root_path
|
|
|
|
if session[:user_return_to] == root_path && flash[:alert] == I18n.t('devise.failure.unauthenticated')
|
|
|
|
flash[:alert] = nil
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2020-06-30 20:16:00 +08:00
|
|
|
def redirect_2fa
|
|
|
|
user = User.find_by(email: params[:user][:email])
|
|
|
|
|
|
|
|
return unless user&.valid_password?(params[:user][:password])
|
|
|
|
|
|
|
|
if user&.two_factor_auth_enabled?
|
|
|
|
session[:otp_user_id] = user.id
|
|
|
|
render :two_factor_auth
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def generate_demo_project
|
|
|
|
# Schedule templates creation for user
|
|
|
|
TemplatesService.new.schedule_creation_for_user(current_user)
|
|
|
|
|
|
|
|
# Schedule demo project creation for user
|
|
|
|
current_user.created_teams.each do |team|
|
|
|
|
FirstTimeDataGenerator.delay(
|
|
|
|
queue: :new_demo_project,
|
|
|
|
priority: 10
|
|
|
|
).seed_demo_data_with_id(current_user.id, team.id)
|
|
|
|
end
|
|
|
|
rescue StandardError => e
|
|
|
|
Rails.logger.fatal("User ID #{current_user.id}: Error creating inital projects on sign_in: #{e.message}")
|
|
|
|
end
|
|
|
|
|
2019-11-29 00:00:43 +08:00
|
|
|
def session_layout
|
|
|
|
if @simple_sign_in
|
|
|
|
'sign_in_halt'
|
|
|
|
else
|
|
|
|
'layouts/main'
|
|
|
|
end
|
|
|
|
end
|
2016-02-12 23:52:43 +08:00
|
|
|
end
|