diff --git a/app/builders/account_builder.rb b/app/builders/account_builder.rb index 85a391c62..3d81a8e68 100644 --- a/app/builders/account_builder.rb +++ b/app/builders/account_builder.rb @@ -67,7 +67,8 @@ class AccountBuilder end def create_user - password = Time.now.to_i + password = SecureRandom.alphanumeric(12) + @user = User.new(email: @email, password: password, password_confirmation: password, diff --git a/app/controllers/devise_overrides/sessions_controller.rb b/app/controllers/devise_overrides/sessions_controller.rb index 9ebb3b435..289684f17 100644 --- a/app/controllers/devise_overrides/sessions_controller.rb +++ b/app/controllers/devise_overrides/sessions_controller.rb @@ -2,8 +2,38 @@ class DeviseOverrides::SessionsController < ::DeviseTokenAuth::SessionsControlle # Prevent session parameter from being passed # Unpermitted parameter: session wrap_parameters format: [] + before_action :process_sso_auth_token, only: [:create] + + def create + # Authenticate user via the temporary sso auth token + if params[:sso_auth_token].present? && @resource.present? + authenticate_resource_with_sso_token + yield @resource if block_given? + render_create_success + else + super + end + end def render_create_success render partial: 'devise/auth.json', locals: { resource: @resource } end + + private + + def authenticate_resource_with_sso_token + @token = @resource.create_token + @resource.save + + sign_in(:user, @resource, store: false, bypass: false) + # invalidate the token after the user is signed in + @resource.invalidate_sso_auth_token(params[:sso_auth_token]) + end + + def process_sso_auth_token + return if params[:email].blank? + + user = User.find_by(email: params[:email]) + @resource = user if user&.valid_sso_auth_token?(params[:sso_auth_token]) + end end diff --git a/app/javascript/dashboard/routes/login/Login.vue b/app/javascript/dashboard/routes/login/Login.vue index a905864f4..1dfa6625d 100644 --- a/app/javascript/dashboard/routes/login/Login.vue +++ b/app/javascript/dashboard/routes/login/Login.vue @@ -13,7 +13,7 @@