Module: Sessions::ControllerBase
- Extended by:
- ActiveSupport::Concern
- Included in:
- SessionsController
- Defined in:
- app/controllers/concerns/sessions/controller_base.rb
Instance Method Summary collapse
- #destroy ⇒ Object
- #new ⇒ Object
- #pre_otp ⇒ Object
-
#user_return_to_is_oauth ⇒ Object
If user_return_to points to an oauth path we disable Turbo on the sign in form.
Instance Method Details
#destroy ⇒ Object
28 29 30 31 32 33 34 35 36 37 |
# File 'app/controllers/concerns/sessions/controller_base.rb', line 28 def destroy if params.include?(:onboard_logout) signed_out = (Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name)) :notice, :signed_out if signed_out yield if block_given? redirect_to root_path else super end end |
#new ⇒ Object
16 17 18 19 20 21 22 23 24 25 26 |
# File 'app/controllers/concerns/sessions/controller_base.rb', line 16 def new # We allow people to pass in a URL to redirect to after sign in is complete. We have to do this because Safari # doesn't allow them to set this in a session before a redirect if there isn't already a session. However, for # security reasons we have to make sure we control the URL where we will redirect to, otherwise people could # trick folks into redirecting to a fake destination in a phishing scheme. if params[:return_url]&.start_with?(ENV["BASE_URL"]) store_location_for(resource_name, params[:return_url]) end super end |
#pre_otp ⇒ Object
39 40 41 42 43 44 45 46 47 |
# File 'app/controllers/concerns/sessions/controller_base.rb', line 39 def pre_otp if (@email = params["user"]["email"].downcase.strip.presence) @user = User.find_by(email: @email) end respond_to do |format| format.js end end |
#user_return_to_is_oauth ⇒ Object
If user_return_to points to an oauth path we disable Turbo on the sign in form. This makes it work when we need to redirect to external sites and/or custom protocols. With Turbo enabled the browser will block those redirects with a CORS error. github.com/bullet-train-co/bullet_train/issues/384
8 9 10 |
# File 'app/controllers/concerns/sessions/controller_base.rb', line 8 def user_return_to_is_oauth session["user_return_to"]&.match(/^\/oauth/) end |