Commit 98bbd24a authored by Michael Rose's avatar Michael Rose

auth: set remember cookie for SSO, auto-check 'Remember Me' in login

parent e3479c65
......@@ -4,13 +4,14 @@ class SsoController < DeviseController
skip_before_action :verify_authenticity_token
prepend_before_action :require_no_authentication, :only => [:create]
include Devise::Controllers::Helpers
include Devise::Controllers::Rememberable
before_action :decode_jwt
respond_to :json
def create
if current_user and user.dlp_id == nil
merge_user_and_login current_user
link_dlp_account_and_login current_user
return
else
create_or_login
......@@ -38,41 +39,35 @@ class SsoController < DeviseController
# Check for existing account with DLP email.
user = User.where(email: @jwt['dlp_email']).first
return merge_user_and_login(user) if user
return jwt_sign_in_and_redirect(link_dlp_account(user),
"Your DLP account #{@jwt['dlp_username']} was linked to this account.") if user
# Create a new user
user = create_user_from_jwt
sign_in(user, scope: :user)
redirect_to root_path, notice: 'Thanks for creating an account!'
jwt_sign_in_and_redirect(user, 'Thanks for creating an account!')
end
def merge_user_and_login(user)
merge_user user
jwt_sign_in_and_redirect(user, "Your DLP account #{@jwt['dlp_username']} was linked to this account.")
# Applies the DLP account id to the user.
def link_dlp_account(user)
user.dlp_id = @jwt['dlp_id']
user.save!
user
end
# Signs in the user, applies the login cookie, and redirects back to root.
def jwt_sign_in_and_redirect(user, message)
sign_in(user, scope: :user)
remember_me(user)
redirect_to root_path, notice: message
end
def merge_user(user)
user.dlp_id = @jwt['dlp_id']
user.save!
end
# Creates a new user from the attested user with a random password. These accounts are SSO-only.
def create_user_from_jwt
# TODO: Check if there's already a username.
user = User.new(:email => @jwt['dlp_email'], username: @jwt['dlp_username'], password: SecureRandom.uuid.gsub(/\-/,''), dlp_id: @jwt['dlp_id'], origin: 'sso')
user = User.new(:email => @jwt['dlp_email'], username: @jwt['dlp_username'], password: SecureRandom.uuid.gsub(/\-/, ''), dlp_id: @jwt['dlp_id'], origin: 'sso')
user.skip_confirmation!
user.save!
user
end
def invalid_login_attempt
warden.custom_failure!
redirect_to root_path, alert: 'Auth token expired.'
render :json => {:success => false, :message => "Error with your login or password"}, :status => 401
end
end
......@@ -19,7 +19,7 @@
= f.password_field :password, placeholder: 'Enter password', class: 'form-control'
- if devise_mapping.rememberable?
.form-group
= f.check_box :remember_me
= f.check_box :remember_me, checked: true
= f.label :remember_me
%button.btn.btn-default{:type => 'submit'}
Sign in
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment