dkam/clinch
1
0
Fork 0
Code Issues 2 Pull Requests Actions 1 Packages Projects Releases Wiki Activity

User registation working. Sidebar built. Dashboard built. TOTP enable works - TOTP login works
Some checks failed
CI / scan_ruby (push) Has been cancelled
Details
CI / scan_js (push) Has been cancelled
Details
CI / lint (push) Has been cancelled
Details
CI / test (push) Has been cancelled
Details
CI / system-test (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Dan Milne
2025-10-23 18:07:27 +11:00
parent 56f7dd7b3c
commit 256cbe3a48
26 changed files with 1278 additions and 119 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
app/controllers/sessions_controller.rb
View File

@@ -1,21 +1,47 @@
class SessionsController < ApplicationController
allow_unauthenticated_access only: %i[ new create ]
rate_limit to: 10, within: 3.minutes, only: :create, with: -> { redirect_to new_session_path, alert: "Try again later." }
rate_limit to: 10, within: 3.minutes, only: :create, with: -> { redirect_to signin_path, alert: "Too many attempts. Try again later." }
def new
# Redirect to signup if this is first run
redirect_to signup_path if User.count.zero?
end
def create
if user = User.authenticate_by(params.permit(:email_address, :password))
start_new_session_for user
redirect_to after_authentication_url
else
redirect_to new_session_path, alert: "Try another email address or password."
user = User.authenticate_by(params.permit(:email_address, :password))
if user.nil?
redirect_to signin_path, alert: "Invalid email address or password."
return
end
# Check if user is active
unless user.status == "active"
redirect_to signin_path, alert: "Your account is not active. Please contact an administrator."
return
end
# Check if TOTP is required
if user.totp_enabled?
# TODO: Implement TOTP verification flow
# For now, reject login if TOTP is enabled
redirect_to signin_path, alert: "Two-factor authentication is enabled but not yet implemented. Please contact an administrator."
return
end
# Sign in successful
start_new_session_for user
redirect_to after_authentication_url, notice: "Signed in successfully."
end
def destroy
terminate_session
redirect_to new_session_path, status: :see_other
redirect_to signin_path, status: :see_other, notice: "Signed out successfully."
end
def destroy_other
session = Current.session.user.sessions.find(params[:id])
session.destroy
redirect_to profile_path, notice: "Session revoked successfully."
end
end