Class: Decidim::Devise::SessionsController

Inherits:

Devise::SessionsController

• Object
• Devise::SessionsController
• Decidim::Devise::SessionsController

Includes:

Decidim::DeviseControllers

Defined in:

decidim-core/app/controllers/decidim/devise/sessions_controller.rb

Overview

Custom Devise SessionsController to avoid namespace problems.

Instance Method Summary

• #after_sign_in_path_for(user) ⇒ Object
• #after_sign_out_path_for(user) ⇒ Object
• #create ⇒ Object
• #destroy ⇒ Object
• #first_login_and_not_authorized?(user) ⇒ Boolean
• #pending_redirect?(user) ⇒ Boolean

  Calling the ‘stored_location_for` method removes the key, so in order to check if there is any pending redirect after login I need to call this method and use the value to set a pending redirect.

Instance Method Details

#after_sign_in_path_for(user) ⇒ Object

# File 'decidim-core/app/controllers/decidim/devise/sessions_controller.rb', line 38

def after_sign_in_path_for(user)
  if user.present? && user.blocked?
    check_user_block_status(user)
  elsif user.needs_password_update?
    change_password_path
  elsif first_login_and_not_authorized?(user) && !user.admin? && !pending_redirect?(user)
    decidim_verifications.first_login_authorizations_path
  else
    super
  end
end

#after_sign_out_path_for(user) ⇒ Object

# File 'decidim-core/app/controllers/decidim/devise/sessions_controller.rb', line 62

def after_sign_out_path_for(user)
  request.referer || super
end

#create ⇒ Object

# File 'decidim-core/app/controllers/decidim/devise/sessions_controller.rb', line 11

def create
  super do |user|
    if user.admin?
      # Check that the admin password passes the validation and clear the
      # `password_updated_at` field when the password is weak to force a
      # password update on the user.
      #
      # Handles a case when the user registers through the registration
      # form and they are promoted to an admin after that. In this case,
      # the newly promoted admin user would otherwise have to change their
      # password straight away even if they originally registered with a
      # strong password.
      validator = PasswordValidator.new({ attributes: :password })
      user.update!(password_updated_at: nil) unless validator.validate_each(user, :password, sign_in_params[:password])
    end
  end
end

#destroy ⇒ Object

# File 'decidim-core/app/controllers/decidim/devise/sessions_controller.rb', line 29

def destroy
  current_user.invalidate_all_sessions!
  if params[:translation_suffix].present?
    super { set_flash_message! :notice, params[:translation_suffix], { scope: "decidim.devise.sessions" } }
  else
    super
  end
end

#first_login_and_not_authorized?(user) ⇒ Boolean

Returns:

• (Boolean)

# File 'decidim-core/app/controllers/decidim/devise/sessions_controller.rb', line 58

def first_login_and_not_authorized?(user)
  user.is_a?(User) && user.sign_in_count == 1 && current_organization.available_authorizations.any? && user.verifiable?
end

#pending_redirect?(user) ⇒ Boolean

Calling the ‘stored_location_for` method removes the key, so in order to check if there is any pending redirect after login I need to call this method and use the value to set a pending redirect. This is the only way to do this without checking the session directly.

Returns:

• (Boolean)

# File 'decidim-core/app/controllers/decidim/devise/sessions_controller.rb', line 54

def pending_redirect?(user)
  store_location_for(user, stored_location_for(user))
end