Chatwoot/app/controllers/devise_overrides/sessions_controller.rb

class DeviseOverrides::SessionsController < ::DeviseTokenAuth::SessionsController
  # Prevent session parameter from being passed
  # Unpermitted parameter: session
  wrap_parameters format: []
  before_action :process_sso_auth_token, only: [:create]

  def create
    # Authenticate user via the temporary sso auth token
    if params[:sso_auth_token].present? && @resource.present?
      authenticate_resource_with_sso_token
      yield @resource if block_given?
      render_create_success
    else
      super
    end
  end

  def render_create_success
    render partial: 'devise/auth.json', locals: { resource: @resource }
  end

  private

  def authenticate_resource_with_sso_token
    @token = @resource.create_token
    @resource.save

    sign_in(:user, @resource, store: false, bypass: false)
    # invalidate the token after the user is signed in
    @resource.invalidate_sso_auth_token(params[:sso_auth_token])
  end

  def process_sso_auth_token
    return if params[:email].blank?

    user = User.find_by(email: params[:email])
    @resource = user if user&.valid_sso_auth_token?(params[:sso_auth_token])
  end
end
Bugfix: Fix password reset (#455) 2020-02-02 17:22:38 +00:00			`class DeviseOverrides::SessionsController < ::DeviseTokenAuth::SessionsController`
Upgrade to rails 6 💎 (#11) - upgraded to rails 6 - fixes various issues 2019-08-19 08:19:57 +00:00			`# Prevent session parameter from being passed`
			`# Unpermitted parameter: session`
			`wrap_parameters format: []`
feat: Authenticate by SSO tokens (#1439) Co-authored-by: Pranav Raj Sreepuram <pranavrajs@gmail.com> 2020-11-25 08:29:38 +00:00			`before_action :process_sso_auth_token, only: [:create]`

			`def create`
			`# Authenticate user via the temporary sso auth token`
			`if params[:sso_auth_token].present? && @resource.present?`
			`authenticate_resource_with_sso_token`
			`yield @resource if block_given?`
			`render_create_success`
			`else`
			`super`
			`end`
			`end`
Chore: Include avatar url in sign_in response (#501) - include avatar url in sign_in response ( fixes #500 ) - fix circle ci builds 2020-02-15 17:27:48 +00:00
			`def render_create_success`
Feature: Ability to switch between multiple accounts (#881) * Feature: Ability to switch between multiple accounts * Fix rubocop * Fix assigned inboxes * fix auth json * Add account switcher in UI * fix ordering on administrate * Add switch accounts to sidebar * add account id * Fix schema.rb timestamp * Revert "add account id" This reverts commit 27570f50ef584cb9a5f69454f43f630b318c8807. * Add a check for account Co-authored-by: Pranav Raj Sreepuram <pranavrajs@gmail.com> 2020-05-26 17:08:48 +00:00			`render partial: 'devise/auth.json', locals: { resource: @resource }`
Chore: Include avatar url in sign_in response (#501) - include avatar url in sign_in response ( fixes #500 ) - fix circle ci builds 2020-02-15 17:27:48 +00:00			`end`
feat: Authenticate by SSO tokens (#1439) Co-authored-by: Pranav Raj Sreepuram <pranavrajs@gmail.com> 2020-11-25 08:29:38 +00:00
			`private`

			`def authenticate_resource_with_sso_token`
			`@token = @resource.create_token`
			`@resource.save`

			`sign_in(:user, @resource, store: false, bypass: false)`
			`# invalidate the token after the user is signed in`
			`@resource.invalidate_sso_auth_token(params[:sso_auth_token])`
			`end`

			`def process_sso_auth_token`
			`return if params[:email].blank?`

			`user = User.find_by(email: params[:email])`
			`@resource = user if user&.valid_sso_auth_token?(params[:sso_auth_token])`
			`end`
Upgrade to rails 6 💎 (#11) - upgraded to rails 6 - fixes various issues 2019-08-19 08:19:57 +00:00			`end`