diff options
Diffstat (limited to 'app/controllers/auth')
-rw-r--r-- | app/controllers/auth/omniauth_callbacks_controller.rb | 9 | ||||
-rw-r--r-- | app/controllers/auth/sessions_controller.rb | 44 |
2 files changed, 46 insertions, 7 deletions
diff --git a/app/controllers/auth/omniauth_callbacks_controller.rb b/app/controllers/auth/omniauth_callbacks_controller.rb index 682c77016..7925e23cb 100644 --- a/app/controllers/auth/omniauth_callbacks_controller.rb +++ b/app/controllers/auth/omniauth_callbacks_controller.rb @@ -10,6 +10,15 @@ class Auth::OmniauthCallbacksController < Devise::OmniauthCallbacksController @user = User.find_for_oauth(request.env['omniauth.auth'], current_user) if @user.persisted? + LoginActivity.create( + user: user, + success: true, + authentication_method: :omniauth, + provider: provider, + ip: request.remote_ip, + user_agent: request.user_agent + ) + sign_in_and_redirect @user, event: :authentication set_flash_message(:notice, :success, kind: provider_id.capitalize) if is_navigational_format? else diff --git a/app/controllers/auth/sessions_controller.rb b/app/controllers/auth/sessions_controller.rb index 548832b21..f07f38075 100644 --- a/app/controllers/auth/sessions_controller.rb +++ b/app/controllers/auth/sessions_controller.rb @@ -27,9 +27,11 @@ class Auth::SessionsController < Devise::SessionsController def create super do |resource| - resource.update_sign_in!(request, new_sign_in: true) - remember_me(resource) - flash.delete(:notice) + # We only need to call this if this hasn't already been + # called from one of the two-factor or sign-in token + # authentication methods + + on_authentication_success(resource, :password) unless @on_authentication_success_called end end @@ -44,10 +46,8 @@ class Auth::SessionsController < Devise::SessionsController def webauthn_options user = find_user - if user.webauthn_enabled? - options_for_get = WebAuthn::Credential.options_for_get( - allow: user.webauthn_credentials.pluck(:external_id) - ) + if user&.webauthn_enabled? + options_for_get = WebAuthn::Credential.options_for_get(allow: user.webauthn_credentials.pluck(:external_id)) session[:webauthn_challenge] = options_for_get.challenge @@ -142,4 +142,34 @@ class Auth::SessionsController < Devise::SessionsController session.delete(:attempt_user_id) session.delete(:attempt_user_updated_at) end + + def on_authentication_success(user, security_measure) + @on_authentication_success_called = true + + clear_attempt_from_session + + user.update_sign_in!(request, new_sign_in: true) + remember_me(user) + sign_in(user) + flash.delete(:notice) + + LoginActivity.create( + user: user, + success: true, + authentication_method: security_measure, + ip: request.remote_ip, + user_agent: request.user_agent + ) + end + + def on_authentication_failure(user, security_measure, failure_reason) + LoginActivity.create( + user: user, + success: false, + authentication_method: security_measure, + failure_reason: failure_reason, + ip: request.remote_ip, + user_agent: request.user_agent + ) + end end |