# frozen_string_literal: true class Auth::SessionsController < Auth::BaseController skip_before_action :verify_authenticity_token prepend_before_action :require_no_authentication, only: [:new, :create] prepend_before_action :allow_params_authentication!, only: :create prepend_before_action { request.env['devise.skip_timeout'] = true } respond_to :json, only: [:create, :destroy] # # GET /auths/new # def new # self.resource = resource_class.new(sign_in_params) # clean_up_passwords(resource) # respond_with(resource, serialize_options(resource)) # end # POST /auths def create self.resource = warden.authenticate!(auth_options) _signed = sign_in(resource_name, resource) respond_with resource, template: 'account/sessions/show', location: after_sign_in_path_for(resource) end # DELETE /auths def destroy redirect_path = after_sign_out_path_for(resource_name) signed_out = sign_out(resource_name) set_flash_message :notice, :signed_out if signed_out && is_navigational_format? # We actually need to hardcode this as Rails default responder doesn't # support returning empty response on GET request respond_to do |format| format.any(*navigational_formats) { redirect_to redirect_path } format.all { head :no_content } end end # GET /migrations/:token def migrations self.resource = warden.authenticate!(:migration_token, auth_options) _signed = sign_in(resource_name, resource) redirect_to after_sign_in_path_for(resource) end protected def migrations_params params.permit(:token, :email) end def sign_in_params devise_parameter_sanitizer.sanitize(:sign_in) end def serialize_options(resource) methods = resource_class.authentication_keys.dup methods = methods.keys if methods.is_a?(Hash) methods << :password if resource.respond_to?(:password) { methods: methods, only: [:password] } end def auth_options { scope: resource_name, recall: "#{controller_path}#new" } end end