mirror/canine
1
0
Fork 0
mirror of https://github.com/czhu12/canine.git synced 2025-12-16 16:35:10 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
bb2682ff4a4f8dccd24e3e3f6fe73041822bc914
canine/app/controllers/users/sessions_controller.rb
Chris d302172904 added oidc impementation
2025-12-12 12:59:47 -08:00

88 lines
2.5 KiB
Ruby
Raw Blame History

class Users::SessionsController < Devise::SessionsController
layout 'homepage', only: [ :new, :create, :account_login, :account_create ]
before_action :require_no_authentication, only: [ :account_login ]
before_action :load_account_from_slug, only: [ :account_login, :account_create ]
before_action :check_if_default_sign_in_allowed, only: [ :new ]
def new
super
end
def create
super
end
def destroy
account = current_account
super do
# If the account has a stack manager that provides authentication,
# redirect to the custom account login URL after logout
redirect_url = if account.custom_login?
account_sign_in_path(account.slug)
else
root_path
end
respond_to do |format|
format.html { redirect_to redirect_url, notice: "Signed out successfully." }
format.json { render json: { redirect_url: redirect_url }, status: :ok }
end
return
end
end
def account_login
self.resource = resource_class.new(sign_in_params)
clean_up_passwords(resource)
@sso_provider = @account.sso_provider if @account.sso_enabled?
if @account.sso_provider&.ldap?
render "devise/sessions/ldap"
elsif @account.sso_provider&.oidc?
render "devise/sessions/oidc"
else
render :new
end
end
def account_create
# If account has SSO provider with LDAP, use LDAP authentication
if @account.sso_provider&.ldap?
session[:ldap_account_id] = @account.id
resource = warden.authenticate(:ldap_authenticatable, scope: :user)
if resource
sign_in(resource)
session[:account_id] = @account.id
redirect_to after_sign_in_path_for(resource), notice: "Logged in successfully"
else
flash[:alert] = "Invalid email or password"
self.resource = resource_class.new(sign_in_params)
clean_up_passwords(self.resource)
render "devise/sessions/ldap"
end
elsif @account.sso_provider&.oidc?
# OIDC uses a redirect flow, so this shouldn't be called directly
redirect_to account_sign_in_path(@account.slug)
else
redirect_to new_user_session_path
end
end
private
def check_if_default_sign_in_allowed
if Rails.application.config.account_sign_in_only
redirect_to account_select_local_onboarding_index_path
end
end
def load_account_from_slug
@account = Account.friendly.find(params[:slug])
rescue ActiveRecord::RecordNotFound
flash[:alert] = "Account not found"
redirect_to new_user_session_path
end
end
Reference in New Issue View Git Blame Copy Permalink