aboutsummaryrefslogtreecommitdiff
path: root/app/controllers/auth/sessions_controller.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers/auth/sessions_controller.rb')
-rw-r--r--app/controllers/auth/sessions_controller.rb22
1 files changed, 21 insertions, 1 deletions
diff --git a/app/controllers/auth/sessions_controller.rb b/app/controllers/auth/sessions_controller.rb
index c1ea702ad..13d158c67 100644
--- a/app/controllers/auth/sessions_controller.rb
+++ b/app/controllers/auth/sessions_controller.rb
@@ -7,6 +7,7 @@ class Auth::SessionsController < Devise::SessionsController
skip_before_action :require_no_authentication, only: [:create]
skip_before_action :require_functional!
+ skip_before_action :update_user_sign_in
include TwoFactorAuthenticationConcern
include SignInTokenAuthenticationConcern
@@ -24,6 +25,7 @@ class Auth::SessionsController < Devise::SessionsController
def create
super do |resource|
+ resource.update_sign_in!(request, new_sign_in: true)
remember_me(resource)
flash.delete(:notice)
end
@@ -57,7 +59,7 @@ class Auth::SessionsController < Devise::SessionsController
def find_user
if session[:attempt_user_id]
- User.find(session[:attempt_user_id])
+ User.find_by(id: session[:attempt_user_id])
else
user = User.authenticate_with_ldap(user_params) if Devise.ldap_authentication
user ||= User.authenticate_with_pam(user_params) if Devise.pam_authentication
@@ -90,6 +92,7 @@ class Auth::SessionsController < Devise::SessionsController
def require_no_authentication
super
+
# Delete flash message that isn't entirely useful and may be confusing in
# most cases because /web doesn't display/clear flash messages.
flash.delete(:alert) if flash[:alert] == I18n.t('devise.failure.already_authenticated')
@@ -107,13 +110,30 @@ class Auth::SessionsController < Devise::SessionsController
def home_paths(resource)
paths = [about_path]
+
if single_user_mode? && resource.is_a?(User)
paths << short_account_path(username: resource.account)
end
+
paths
end
def continue_after?
truthy_param?(:continue)
end
+
+ def restart_session
+ clear_attempt_from_session
+ redirect_to new_user_session_path, alert: I18n.t('devise.failure.timeout')
+ end
+
+ def set_attempt_session(user)
+ session[:attempt_user_id] = user.id
+ session[:attempt_user_updated_at] = user.updated_at.to_s
+ end
+
+ def clear_attempt_from_session
+ session.delete(:attempt_user_id)
+ session.delete(:attempt_user_updated_at)
+ end
end
generated by cgit v1.2.3-70-g09d2 (git 2.50.0) at 2025-08-06 09:04:41 +0000