Module: Sessions::ControllerBase

Extended by:
ActiveSupport::Concern
Included in:
SessionsController
Defined in:
app/controllers/concerns/sessions/controller_base.rb

Instance Method Summary collapse

Instance Method Details

#destroyObject



28
29
30
31
32
33
34
35
36
37
# File 'app/controllers/concerns/sessions/controller_base.rb', line 28

def destroy
  if params.include?(:onboard_logout)
    signed_out = (Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name))
    set_flash_message! :notice, :signed_out if signed_out
    yield if block_given?
    redirect_to root_path
  else
    super
  end
end

#newObject



16
17
18
19
20
21
22
23
24
25
26
# File 'app/controllers/concerns/sessions/controller_base.rb', line 16

def new
  # We allow people to pass in a URL to redirect to after sign in is complete. We have to do this because Safari
  # doesn't allow them to set this in a session before a redirect if there isn't already a session. However, for
  # security reasons we have to make sure we control the URL where we will redirect to, otherwise people could
  # trick folks into redirecting to a fake destination in a phishing scheme.
  if params[:return_url]&.start_with?(ENV["BASE_URL"])
    store_location_for(resource_name, params[:return_url])
  end

  super
end

#pre_otpObject



39
40
41
42
43
44
45
46
47
# File 'app/controllers/concerns/sessions/controller_base.rb', line 39

def pre_otp
  if (@email = params["user"]["email"].downcase.strip.presence)
    @user = User.find_by(email: @email)
  end

  respond_to do |format|
    format.js
  end
end

#user_return_to_is_oauthObject

If user_return_to points to an oauth path we disable Turbo on the sign in form. This makes it work when we need to redirect to external sites and/or custom protocols. With Turbo enabled the browser will block those redirects with a CORS error. github.com/bullet-train-co/bullet_train/issues/384



8
9
10
# File 'app/controllers/concerns/sessions/controller_base.rb', line 8

def user_return_to_is_oauth
  session["user_return_to"]&.match(/^\/oauth/)
end