closed-social
/
mastodon
3
0
Fork 2
Code Issues 5 Pull Requests 0 Projects 0 Releases 3 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9265 Commits
4 Branches
567 MiB
Tree: 6a96af4d20
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '6a96af4d20'
${ noResults }
mastodon/app/controllers/auth/sessions_controller.rb

103 lines
2.5 KiB
Raw Normal View History

Fix rubocop issues, introduce usage of frozen literal to improve performance
7 years ago
Customizing devise views and controllers
8 years ago
Remember me enabled by default
8 years ago
Customizing devise views and controllers
8 years ago
Remember me enabled by default
8 years ago
Split 2FA login into two prompts
7 years ago
Change unconfirmed user login behaviour (#11375) Allow access to account settings, 2FA, authorized applications, and account deletions to unconfirmed and pending users, as well as users who had their accounts disabled. Suspended users cannot update their e-mail or password or delete their account. Display account status on account settings page, for example, when an account is frozen, limited, unconfirmed or pending review. After sign up, login users straight away and show a simple page that tells them the status of their account with links to account settings and logout, to reduce onboarding friction and allow users to correct wrongly typed e-mail addresses. Move the final sign-up step of SSO integrations to be the same as above to reduce code duplication.
4 years ago
Add e-mail-based sign in challenge for users with disabled 2FA (#14013)
3 years ago
Fix authentication before 2FA challenge (#11943) Regression from #11831
4 years ago
sign_in and sign_up views present og meta infos (#5308)
6 years ago
Compensate for scrollbar disappearing when media modal visible (#8100) * Compensate for scrollbar disappearing when media modal visible Make auth pages backgrounds lighter * Fix typo
5 years ago
Added optional two-factor authentication
7 years ago
New variable OAUTH_REDIRECT_AT_SIGN_IN + Ref #6538 (not only SAML strategies) (#6540)
6 years ago
If login redirects to omniauth, redirect logout to root_path (#6694) Fix #6670
6 years ago
New variable OAUTH_REDIRECT_AT_SIGN_IN + Ref #6538 (not only SAML strategies) (#6540)
6 years ago
If login redirects to omniauth, redirect logout to root_path (#6694) Fix #6670
6 years ago
New variable OAUTH_REDIRECT_AT_SIGN_IN + Ref #6538 (not only SAML strategies) (#6540)
6 years ago
Remember me enabled by default
8 years ago
Fix authentication before 2FA challenge (#11943) Regression from #11831
4 years ago
Remember me enabled by default
8 years ago
Replace logo, fix #57 - delete/unreblog/unfavourite API, fix #45 - app registration API
7 years ago
Split 2FA login into two prompts
7 years ago
Add force_login option to OAuth authorize page (#8655) * Add force_login option to OAuth authorize page For when a user needs to sign into an app from multiple accounts on the same server * When logging out from modal header, redirect back after re-login
5 years ago
Split 2FA login into two prompts
7 years ago
Add password challenge to 2FA settings, e-mail notifications (#11878) Fix #3961
4 years ago
Fix empty flash message on the settings page (#3345)
7 years ago
Add force_login option to OAuth authorize page (#8655) * Add force_login option to OAuth authorize page For when a user needs to sign into an app from multiple accounts on the same server * When logging out from modal header, redirect back after re-login
5 years ago
Split 2FA login into two prompts
7 years ago
Replace logo, fix #57 - delete/unreblog/unfavourite API, fix #45 - app registration API
7 years ago
Fix authentication before 2FA challenge (#11943) Regression from #11831
4 years ago
Add e-mail-based sign in challenge for users with disabled 2FA (#14013)
3 years ago
Fix authentication before 2FA challenge (#11943) Regression from #11831
4 years ago
Fix rubocop warning (#14288) * Fix rubocop warning * use limit variable * use ContextCreatingMethods option
3 years ago
Fix authentication before 2FA challenge (#11943) Regression from #11831
4 years ago
Split 2FA login into two prompts
7 years ago
Add e-mail-based sign in challenge for users with disabled 2FA (#14013)
3 years ago
Added optional two-factor authentication
7 years ago
Go to root after login in single user mode (#3289) In single user mode, visitors are redirected to the single user's profile page. So, if you are the owner without a session, you start from that page, click the login button and authenticate yourself expecting you'll soon get started with the home page, but in reality you'll get redirected back to where you started from -- your own profile page. This fixes the behavior by redirecting you home after login if you have started from your own profile page.
7 years ago
Adding e-mail confirmations
7 years ago
Go to root after login in single user mode (#3289) In single user mode, visitors are redirected to the single user's profile page. So, if you are the owner without a session, you start from that page, click the login button and authenticate yourself expecting you'll soon get started with the home page, but in reality you'll get redirected back to where you started from -- your own profile page. This fixes the behavior by redirecting you home after login if you have started from your own profile page.
7 years ago
Adding e-mail confirmations
7 years ago
Replace logo, fix #57 - delete/unreblog/unfavourite API, fix #45 - app registration API
7 years ago
Split 2FA login into two prompts
7 years ago
If login redirects to omniauth, redirect logout to root_path (#6694) Fix #6670
6 years ago
Remove confusing “You are already signed in.” flash message (#13547) When attempting to access the log-in page while already logged in, Devise's `require_no_authentication` kicks in and sets a flash message “You are already signed in.” In almost all cases, this also causes a redirect to /web, which does not display or clear flash messages, thus leaving the message to a potentially much later date, like for instance, accessing /preferences several minutes after being redirected to /web.
4 years ago
Go to root after login in single user mode (#3289) In single user mode, visitors are redirected to the single user's profile page. So, if you are the owner without a session, you start from that page, click the login button and authenticate yourself expecting you'll soon get started with the home page, but in reality you'll get redirected back to where you started from -- your own profile page. This fixes the behavior by redirecting you home after login if you have started from your own profile page.
7 years ago
sign_in and sign_up views present og meta infos (#5308)
6 years ago
Compensate for scrollbar disappearing when media modal visible (#8100) * Compensate for scrollbar disappearing when media modal visible Make auth pages backgrounds lighter * Fix typo
5 years ago
Go to root after login in single user mode (#3289) In single user mode, visitors are redirected to the single user's profile page. So, if you are the owner without a session, you start from that page, click the login button and authenticate yourself expecting you'll soon get started with the home page, but in reality you'll get redirected back to where you started from -- your own profile page. This fixes the behavior by redirecting you home after login if you have started from your own profile page.
7 years ago
feat(auth/session_controller): Send Clear-Site-Data when logging out (#8627) Will clear the browser's cache, cookies and storage. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Clear-Site-Data https://w3c.github.io/webappsec-clear-site-data/
5 years ago
Add force_login option to OAuth authorize page (#8655) * Add force_login option to OAuth authorize page For when a user needs to sign into an app from multiple accounts on the same server * When logging out from modal header, redirect back after re-login
5 years ago
Customizing devise views and controllers
8 years ago
 
  1. # frozen_string_literal: true
  2. 

  3. class Auth::SessionsController < Devise::SessionsController
  4.   include Devise::Controllers::Rememberable
  5. 

  6.   layout 'auth'
  7. 

  8.   skip_before_action :require_no_authentication, only: [:create]
  9.   skip_before_action :require_functional!
  10. 

  11.   include TwoFactorAuthenticationConcern
  12.   include SignInTokenAuthenticationConcern
  13. 

  14.   before_action :set_instance_presenter, only: [:new]
  15.   before_action :set_body_classes
  16. 

  17.   def new
  18.     Devise.omniauth_configs.each do |provider, config|
  19.       return redirect_to(omniauth_authorize_path(resource_name, provider)) if config.strategy.redirect_at_sign_in
  20.     end
  21. 

  22.     super
  23.   end
  24. 

  25.   def create
  26.     super do |resource|
  27.       remember_me(resource)
  28.       flash.delete(:notice)
  29.     end
  30.   end
  31. 

  32.   def destroy
  33.     tmp_stored_location = stored_location_for(:user)
  34.     super
  35.     session.delete(:challenge_passed_at)
  36.     flash.delete(:notice)
  37.     store_location_for(:user, tmp_stored_location) if continue_after?
  38.   end
  39. 

  40.   protected
  41. 

  42.   def find_user
  43.     if session[:attempt_user_id]
  44.       User.find(session[:attempt_user_id])
  45.     else
  46.       user   = User.authenticate_with_ldap(user_params) if Devise.ldap_authentication
  47.       user ||= User.authenticate_with_pam(user_params) if Devise.pam_authentication
  48.       user ||= User.find_for_authentication(email: user_params[:email])
  49.       user
  50.     end
  51.   end
  52. 

  53.   def user_params
  54.     params.require(:user).permit(:email, :password, :otp_attempt, :sign_in_token_attempt)
  55.   end
  56. 

  57.   def after_sign_in_path_for(resource)
  58.     last_url = stored_location_for(:user)
  59. 

  60.     if home_paths(resource).include?(last_url)
  61.       root_path
  62.     else
  63.       last_url || root_path
  64.     end
  65.   end
  66. 

  67.   def after_sign_out_path_for(_resource_or_scope)
  68.     Devise.omniauth_configs.each_value do |config|
  69.       return root_path if config.strategy.redirect_at_sign_in
  70.     end
  71. 

  72.     super
  73.   end
  74. 

  75.   def require_no_authentication
  76.     super
  77.     # Delete flash message that isn't entirely useful and may be confusing in
  78.     # most cases because /web doesn't display/clear flash messages.
  79.     flash.delete(:alert) if flash[:alert] == I18n.t('devise.failure.already_authenticated')
  80.   end
  81. 

  82.   private
  83. 

  84.   def set_instance_presenter
  85.     @instance_presenter = InstancePresenter.new
  86.   end
  87. 

  88.   def set_body_classes
  89.     @body_classes = 'lighter'
  90.   end
  91. 

  92.   def home_paths(resource)
  93.     paths = [about_path]
  94.     if single_user_mode? && resource.is_a?(User)
  95.       paths << short_account_path(username: resource.account)
  96.     end
  97.     paths
  98.   end
  99. 

  100.   def continue_after?
  101.     truthy_param?(:continue)
  102.   end
  103. end