Class: Users::SessionsController

Inherits:
Devise::SessionsController
  • Object
show all
Defined in:
app/controllers/users/sessions_controller.rb

Overview

Lesli

Copyright © 2025, Lesli Technologies, S. A.

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see www.gnu.org/licenses/.

Lesli · Ruby on Rails SaaS Development Framework.

Made with ♥ by LesliTech Building a better future, one line of code at a time.

// · ~·~ ~·~ ~·~ ~·~ ~·~ ~·~ ~·~ ~·~ ~·~ // ·

Instance Method Summary collapse

Instance Method Details

#createObject

Creates a new session for the user and allows them access to the platform.

Devise provides extension points such as Warden hooks and a custom FailureApp to modify the authentication flow. However, in this case we need full and explicit control over each step of the login process, including validation, logging, session creation, and redirection.

For that reason, the default Devise session logic is intentionally overridden and reimplemented here. While this approach is less conventional and may introduce compatibility risks with future Devise releases, it provides a predictable and fully controlled authentication pipeline, which is important for the needs of this framework.

This trade-off is accepted as part of the framework’s lifecycle: any incompatibilities introduced by Devise updates will be addressed and maintained as needed.



51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
 
# File 'app/controllers/users/sessions_controller.rb', line 51

def create

    # Use guarden to check if the users credetials are valid 
    self.resource = warden.authenticate(auth_options)

    # respond with a no valid credentials generic error if warden
    # cannot validate the user
    unless resource
        danger(I18n.t("lesli_shield.devise/sessions.message_not_valid_credentials"))
        redirect_to user_session_path(r: [:redirect]) and return
    end

    user = resource

    # check if user has a valid account
    unless user.
        danger(I18n.t("lesli_shield.devise/sessions.message_not_confirmed_account"))
        redirect_to user_session_path(r: [:redirect]) and return
    end

    log = nil 

    # Save a log for the current login attempt 
    log = user.log(
        engine: LesliShield,
        source: self.class.name,
        action: action_name,
        operation: 'session_new',
        description: 'Session creation attempt'
    ) if defined?(LesliAudit)

    # check if user meet requirements to create a new session
    LesliShield::UserValidatorService.new(user).valid? do |valid, failures|

        # if user do not meet requirements to login
        unless valid

            failures_string = failures.join(", ")
            danger(failures_string)
            log.update(description: failures_string) if log
            redirect_to user_session_path(r: [:redirect]) and return
        end
    end

    # create a new session for the user
    current_session = LesliShield::UserSessionService.new(user)
    .create(request.remote_ip, (get_user_agent(false) if log))
    .result

    # make session id globally available
    session[:user_session_id] = current_session[:id]

    # do a user login
    (resource_name, user)

    # update logs with a successful login
    log.update(
        description: "Session creation successful", 
        session_id: current_session[:id]
    ) if log

    # respond successful and send the path user should go
    # respond_with_successful({ default_path: user.has_role_with_default_path?() })
    # respond_with_successful({ default_path: Lesli.config.path_after_login || "/" })
    redirect_to safe_redirect_path([:redirect])

    # Save the user_agent for every new session
    log_devices if log
end