| 
									
										
										
										
											2016-11-15 16:56:29 +01:00
										 |  |  | # frozen_string_literal: true | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-03-05 22:43:05 +01:00
										 |  |  | class Auth::SessionsController < Devise::SessionsController | 
					
						
							| 
									
										
										
										
											2016-03-28 00:06:52 +02:00
										 |  |  |   include Devise::Controllers::Rememberable | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-03-05 22:43:05 +01:00
										 |  |  |   layout 'auth' | 
					
						
							| 
									
										
										
										
											2016-03-28 00:06:52 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-01-28 20:43:38 +01:00
										 |  |  |   skip_before_action :require_no_authentication, only: [:create] | 
					
						
							| 
									
										
										
										
											2017-05-02 17:37:58 -04:00
										 |  |  |   skip_before_action :check_suspension, only: [:destroy] | 
					
						
							| 
									
										
										
										
											2017-01-28 20:43:38 +01:00
										 |  |  |   prepend_before_action :authenticate_with_two_factor, if: :two_factor_enabled?, only: [:create] | 
					
						
							| 
									
										
										
										
											2017-01-27 20:28:46 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-03-28 00:06:52 +02:00
										 |  |  |   def create | 
					
						
							|  |  |  |     super do |resource| | 
					
						
							|  |  |  |       remember_me(resource) | 
					
						
							| 
									
										
										
										
											2017-05-27 20:04:28 +09:00
										 |  |  |       flash.delete(:notice) | 
					
						
							| 
									
										
										
										
											2016-03-28 00:06:52 +02:00
										 |  |  |     end | 
					
						
							|  |  |  |   end | 
					
						
							| 
									
										
										
										
											2016-09-26 23:55:21 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-01-28 20:43:38 +01:00
										 |  |  |   def destroy | 
					
						
							|  |  |  |     super | 
					
						
							| 
									
										
										
										
											2017-05-27 20:04:28 +09:00
										 |  |  |     flash.delete(:notice) | 
					
						
							| 
									
										
										
										
											2017-01-28 20:43:38 +01:00
										 |  |  |   end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-09-26 23:55:21 +02:00
										 |  |  |   protected | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-01-28 20:43:38 +01:00
										 |  |  |   def find_user | 
					
						
							|  |  |  |     if session[:otp_user_id] | 
					
						
							|  |  |  |       User.find(session[:otp_user_id]) | 
					
						
							|  |  |  |     elsif user_params[:email] | 
					
						
							| 
									
										
										
										
											2017-06-11 02:29:08 +02:00
										 |  |  |       User.find_for_authentication(email: user_params[:email]) | 
					
						
							| 
									
										
										
										
											2017-01-28 20:43:38 +01:00
										 |  |  |     end | 
					
						
							|  |  |  |   end | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   def user_params | 
					
						
							|  |  |  |     params.require(:user).permit(:email, :password, :otp_attempt) | 
					
						
							| 
									
										
										
										
											2017-01-27 20:28:46 +01:00
										 |  |  |   end | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-05-26 21:14:03 +09:00
										 |  |  |   def after_sign_in_path_for(resource) | 
					
						
							| 
									
										
										
										
											2016-10-03 16:38:22 +02:00
										 |  |  |     last_url = stored_location_for(:user) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-05-26 21:14:03 +09:00
										 |  |  |     if home_paths(resource).include?(last_url) | 
					
						
							| 
									
										
										
										
											2016-10-03 16:38:22 +02:00
										 |  |  |       root_path | 
					
						
							|  |  |  |     else | 
					
						
							|  |  |  |       last_url || root_path | 
					
						
							|  |  |  |     end | 
					
						
							| 
									
										
										
										
											2016-09-26 23:55:21 +02:00
										 |  |  |   end | 
					
						
							| 
									
										
										
										
											2017-01-28 20:43:38 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  |   def two_factor_enabled? | 
					
						
							|  |  |  |     find_user.try(:otp_required_for_login?) | 
					
						
							|  |  |  |   end | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   def valid_otp_attempt?(user) | 
					
						
							| 
									
										
										
										
											2017-04-15 13:26:03 +02:00
										 |  |  |     user.validate_and_consume_otp!(user_params[:otp_attempt]) || | 
					
						
							|  |  |  |       user.invalidate_otp_backup_code!(user_params[:otp_attempt]) | 
					
						
							| 
									
										
										
										
											2017-05-01 23:31:02 +09:00
										 |  |  |   rescue OpenSSL::Cipher::CipherError => _error | 
					
						
							| 
									
										
										
										
											2017-04-27 09:18:21 -04:00
										 |  |  |     false | 
					
						
							| 
									
										
										
										
											2017-01-28 20:43:38 +01:00
										 |  |  |   end | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   def authenticate_with_two_factor | 
					
						
							|  |  |  |     user = self.resource = find_user | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     if user_params[:otp_attempt].present? && session[:otp_user_id] | 
					
						
							|  |  |  |       authenticate_with_two_factor_via_otp(user) | 
					
						
							|  |  |  |     elsif user && user.valid_password?(user_params[:password]) | 
					
						
							|  |  |  |       prompt_for_two_factor(user) | 
					
						
							|  |  |  |     end | 
					
						
							|  |  |  |   end | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   def authenticate_with_two_factor_via_otp(user) | 
					
						
							|  |  |  |     if valid_otp_attempt?(user) | 
					
						
							|  |  |  |       session.delete(:otp_user_id) | 
					
						
							|  |  |  |       remember_me(user) | 
					
						
							|  |  |  |       sign_in(user) | 
					
						
							|  |  |  |     else | 
					
						
							|  |  |  |       flash.now[:alert] = I18n.t('users.invalid_otp_token') | 
					
						
							|  |  |  |       prompt_for_two_factor(user) | 
					
						
							|  |  |  |     end | 
					
						
							|  |  |  |   end | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   def prompt_for_two_factor(user) | 
					
						
							|  |  |  |     session[:otp_user_id] = user.id | 
					
						
							|  |  |  |     render :two_factor | 
					
						
							|  |  |  |   end | 
					
						
							| 
									
										
										
										
											2017-05-26 21:14:03 +09:00
										 |  |  | 
 | 
					
						
							|  |  |  |   private | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   def home_paths(resource) | 
					
						
							|  |  |  |     paths = [about_path] | 
					
						
							|  |  |  |     if single_user_mode? && resource.is_a?(User) | 
					
						
							|  |  |  |       paths << short_account_path(username: resource.account) | 
					
						
							|  |  |  |     end | 
					
						
							|  |  |  |     paths | 
					
						
							|  |  |  |   end | 
					
						
							| 
									
										
										
										
											2016-03-05 22:43:05 +01:00
										 |  |  | end |