From 45202f79ef45f0d141b1e2911b4fa34950777cad Mon Sep 17 00:00:00 2001
From: ThibG <thib@sitedethib.com>
Date: Sun, 10 May 2020 10:16:39 +0200
Subject: [PATCH] =?UTF-8?q?Remove=20confusing=20=E2=80=9CYou=20are=20alrea?=
 =?UTF-8?q?dy=20signed=20in.=E2=80=9D=20flash=20message=20(#13547)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

When attempting to access the log-in page while already logged in,
Devise's `require_no_authentication` kicks in and sets a flash
message “You are already signed in.”

In almost all cases, this also causes a redirect to /web, which
does not display or clear flash messages, thus leaving the message
to a potentially much later date, like for instance, accessing
/preferences several minutes after being redirected to /web.
---
 app/controllers/auth/sessions_controller.rb | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/app/controllers/auth/sessions_controller.rb b/app/controllers/auth/sessions_controller.rb
index f48b17c79..e95909447 100644
--- a/app/controllers/auth/sessions_controller.rb
+++ b/app/controllers/auth/sessions_controller.rb
@@ -111,6 +111,13 @@ class Auth::SessionsController < Devise::SessionsController
     render :two_factor
   end
 
+  def require_no_authentication
+    super
+    # Delete flash message that isn't entirely useful and may be confusing in
+    # most cases because /web doesn't display/clear flash messages.
+    flash.delete(:alert) if flash[:alert] == I18n.t('devise.failure.already_authenticated')
+  end
+
   private
 
   def set_instance_presenter