Retrospring/app/controllers/user/sessions_controller.rb

51 lines
1.7 KiB
Ruby
Raw Normal View History

2020-10-18 01:39:46 -07:00
class User::SessionsController < Devise::SessionsController
2020-10-23 11:45:06 -07:00
def new
session.delete(:user_sign_in_uid)
super
end
2020-10-18 01:39:46 -07:00
def create
if session.has_key?(:user_sign_in_uid)
2020-10-23 11:45:06 -07:00
self.resource = User.find(session.delete(:user_sign_in_uid))
2020-10-18 01:39:46 -07:00
else
self.resource = warden.authenticate!(auth_options)
end
if resource.active_for_authentication? && resource.otp_module_enabled?
2020-10-18 01:39:46 -07:00
if params[:user][:otp_attempt].blank?
session[:user_sign_in_uid] = resource.id
sign_out(resource)
2020-10-23 11:45:06 -07:00
warden.lock!
render "auth/two_factor_authentication"
2020-10-18 01:39:46 -07:00
else
if params[:user][:otp_attempt].length == 8
found = TotpRecoveryCode.where(user_id: resource.id, code: params[:user][:otp_attempt].downcase).delete_all
if found == 1
flash[:info] = "You have #{TotpRecoveryCode.where(user_id: resource.id).count} recovery codes remaining."
continue_sign_in(resource, resource_name)
else
flash[:error] = t(".error")
redirect_to new_user_session_url
end
elsif resource.authenticate_otp(params[:user][:otp_attempt], drift: APP_CONFIG.fetch(:otp_drift_period, 30).to_i)
2020-10-18 01:39:46 -07:00
continue_sign_in(resource, resource_name)
else
sign_out(resource)
flash[:error] = t(".error")
2020-10-23 11:45:06 -07:00
redirect_to new_user_session_url
2020-10-18 01:39:46 -07:00
end
end
else
continue_sign_in(resource, resource_name)
end
end
private
def continue_sign_in(resource, resource_name)
set_flash_message!(:notice, :signed_in)
sign_in(resource_name, resource)
yield resource if block_given?
respond_with resource, location: after_sign_in_path_for(resource)
end
end