Some token authentication refactoring and error handilng fixes. [closes SCI-689]

app/controllers/users/sessions_controller.rb

@@ -17,18 +17,27 @@ class Users::SessionsController < Devise::SessionsController
   # end
 
   # Singing in with authentication token (needed when signing in automatically
-  # from another website)
+  # from another website). NOTE: For some reason URL needs to end with '/'.
   def auth_token_create
     user = User.find_by_email(params[:user_email])
-    if user.authentication_token == params[:user_token][0..-2]
+    user_token = params[:user_token]
+    # Remove trailing slash if present
+    user_token.chop! if !user_token.nil? && user_token.end_with?('/')
+
+    if user && user.authentication_token == user_token
       sign_in(:user, user)
+      # This will cause new token to be generated
+      user.update(authentication_token: nil)
+
+      redirect_url = root_path
     else
-      flash[:error] = t('devise.sessions.auth_token_createwrong_credentials')
+      flash[:error] = t('devise.sessions.auth_token_create.wrong_credentials')
+      redirect_url = new_user_session_path
     end
 
     respond_to do |format|
       format.html do
-        redirect_to root_path
+        redirect_to redirect_url
       end
     end
   end
@@ -39,5 +48,4 @@ class Users::SessionsController < Devise::SessionsController
   def configure_sign_in_params
     devise_parameter_sanitizer.for(:sign_in) << :attribute
   end
-
 end

config/routes.rb

@@ -289,6 +289,6 @@ Rails.application.routes.draw do
   devise_scope :user do
     get 'avatar/:id/:style' => 'users/registrations#avatar', as: 'avatar'
     post 'avatar_signature' => 'users/registrations#signature'
-    get 'auth_token_sign_in' => 'users/sessions#auth_token_create'
+    get 'users/auth_token_sign_in' => 'users/sessions#auth_token_create'
   end
 end