diff --git a/app/controllers/users/sessions_controller.rb b/app/controllers/users/sessions_controller.rb index 895bb7027..5110baee9 100644 --- a/app/controllers/users/sessions_controller.rb +++ b/app/controllers/users/sessions_controller.rb @@ -17,18 +17,27 @@ class Users::SessionsController < Devise::SessionsController # end # Singing in with authentication token (needed when signing in automatically - # from another website) + # from another website). NOTE: For some reason URL needs to end with '/'. def auth_token_create user = User.find_by_email(params[:user_email]) - if user.authentication_token == params[:user_token][0..-2] + user_token = params[:user_token] + # Remove trailing slash if present + user_token.chop! if !user_token.nil? && user_token.end_with?('/') + + if user && user.authentication_token == user_token sign_in(:user, user) + # This will cause new token to be generated + user.update(authentication_token: nil) + + redirect_url = root_path else - flash[:error] = t('devise.sessions.auth_token_createwrong_credentials') + flash[:error] = t('devise.sessions.auth_token_create.wrong_credentials') + redirect_url = new_user_session_path end respond_to do |format| format.html do - redirect_to root_path + redirect_to redirect_url end end end @@ -39,5 +48,4 @@ class Users::SessionsController < Devise::SessionsController def configure_sign_in_params devise_parameter_sanitizer.for(:sign_in) << :attribute end - end diff --git a/config/routes.rb b/config/routes.rb index ea9051b8f..a2f8e2447 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -289,6 +289,6 @@ Rails.application.routes.draw do devise_scope :user do get 'avatar/:id/:style' => 'users/registrations#avatar', as: 'avatar' post 'avatar_signature' => 'users/registrations#signature' - get 'auth_token_sign_in' => 'users/sessions#auth_token_create' + get 'users/auth_token_sign_in' => 'users/sessions#auth_token_create' end end