diff options
Diffstat (limited to 'app/controllers/concerns/sessionless_authentication.rb')
-rw-r--r-- | app/controllers/concerns/sessionless_authentication.rb | 25 |
1 files changed, 15 insertions, 10 deletions
diff --git a/app/controllers/concerns/sessionless_authentication.rb b/app/controllers/concerns/sessionless_authentication.rb index 48daacc09c2..7ec9be6baaf 100644 --- a/app/controllers/concerns/sessionless_authentication.rb +++ b/app/controllers/concerns/sessionless_authentication.rb @@ -20,16 +20,21 @@ module SessionlessAuthentication end def sessionless_sign_in(user) - if user.can_log_in_with_non_expired_password? - # Notice we are passing store false, so the user is not - # actually stored in the session and a token is needed - # for every request. If you want the token to work as a - # sign in token, you can simply remove store: false. - sign_in(user, store: false, message: :sessionless_sign_in) - elsif request_authenticator.can_sign_in_bot?(user) - # we suppress callbacks to avoid redirecting the bot - sign_in(user, store: false, message: :sessionless_sign_in, run_callbacks: false) - end + signed_in_user = + if user.can_log_in_with_non_expired_password? + # Notice we are passing store false, so the user is not + # actually stored in the session and a token is needed + # for every request. If you want the token to work as a + # sign in token, you can simply remove store: false. + sign_in(user, store: false, message: :sessionless_sign_in) + elsif request_authenticator.can_sign_in_bot?(user) + # we suppress callbacks to avoid redirecting the bot + sign_in(user, store: false, message: :sessionless_sign_in, run_callbacks: false) + end + + reset_auth_user! if respond_to?(:reset_auth_user!, true) + + signed_in_user end def sessionless_bypass_admin_mode!(&block) |