Sha256: 59570d49067c48bfeb9d2ed1112712d7218ff59373a48515210970d45916c1a1
Contents?: true
Size: 1.6 KB
Versions: 6
Compression:
Stored size: 1.6 KB
Contents
# frozen_string_literal: true
module Admin
class SessionsController < Admin::AdminController
before_action :require_authentication, only: %i[destroy]
before_action :find_user, only: %i[create]
before_action :find_signed_user, only: %i[verify_otp]
before_action :require_user, only: %i[create verify_otp]
def new
redirect_to admin_default_url if logged_in?
end
def create
if @user.otp_enabled?
@signed_user_id = message_verifier.generate(
@user.id, expires_in: 1.hour
)
render template: "admin/sessions/verify_otp"
else
authenticate!(@user)
redirect_to admin_default_url
end
end
def destroy
flash[:notice] = t("pages_core.logged_out")
deauthenticate!
redirect_to admin_login_url
end
def verify_otp
@otp_secret = OtpSecret.new(@user)
if @otp_secret.validate_otp!(params[:otp])
authenticate!(@user)
redirect_to admin_default_url
else
flash[:notice] = t("pages_core.otp.invalid_code")
render template: "admin/sessions/verify_otp"
end
end
private
def find_signed_user
@signed_user_id = params[:signed_user_id]
@user = User.find(message_verifier.verify(@signed_user_id))
end
def find_user
@user = User.authenticate(params[:email], password: params[:password])
end
def message_verifier
Rails.application.message_verifier(:session)
end
def require_user
return if @user
flash[:notice] = t("pages_core.invalid_login")
redirect_to admin_login_url
end
end
end
Version data entries
6 entries across 6 versions & 1 rubygems