Sha256: f918f9e5eb1ec2a94e4fceae79edaf2e38cb07870572dfd1f23ccff1335b4aac
Contents?: true
Size: 1.69 KB
Versions: 14
Compression:
Stored size: 1.69 KB
Contents
# frozen_string_literal: true
module Decidim
module Devise
# Custom Devise SessionsController to avoid namespace problems.
class SessionsController < ::Devise::SessionsController
include Decidim::DeviseControllers
include Decidim::DeviseAuthenticationMethods
before_action :check_sign_in_enabled, only: :create
def create
super do |user|
if user.admin?
# Check that the admin password passes the validation and clear the
# `password_updated_at` field when the password is weak to force a
# password update on the user.
#
# Handles a case when the user registers through the registration
# form and they are promoted to an admin after that. In this case,
# the newly promoted admin user would otherwise have to change their
# password straight away even if they originally registered with a
# strong password.
validator = PasswordValidator.new({ attributes: :password })
user.update!(password_updated_at: nil) unless validator.validate_each(user, :password, sign_in_params[:password])
end
end
end
def destroy
current_user.invalidate_all_sessions!
if params[:translation_suffix].present?
super { set_flash_message! :notice, params[:translation_suffix], { scope: "decidim.devise.sessions" } }
else
super
end
end
def after_sign_out_path_for(user)
request.referer || super
end
private
def check_sign_in_enabled
redirect_to new_user_session_path unless current_organization.sign_in_enabled?
end
end
end
end
Version data entries
14 entries across 14 versions & 1 rubygems