| 1 | # frozen_string_literal: true |
| 2 | |
| 3 | class SessionsController < ApplicationController |
| 4 | before_action :noindex! |
| 5 | before_action :redirect_if_signed_in, only: [ :new, :create ] |
| 6 | |
| 7 | # GET /auth/smbcloud |
| 8 | # Shows the email/password sign-in form. |
| 9 | def new |
| 10 | end |
| 11 | |
| 12 | # POST /auth/smbcloud |
| 13 | # Authenticates against smbCloud Auth using the native gem, then |
| 14 | # fetches the user's profile and upserts a local User record. |
| 15 | def create |
| 16 | email = params[:email].to_s.strip |
| 17 | password = params[:password].to_s |
| 18 | |
| 19 | if email.blank? || password.blank? |
| 20 | flash.now[:alert] = "Email and password are required." |
| 21 | render :new, status: :unprocessable_entity |
| 22 | return |
| 23 | end |
| 24 | |
| 25 | # Step 1 — authenticate; raises SmbcloudAuthService::AuthenticationError on failure |
| 26 | access_token = SmbcloudAuthService.login(email: email, password: password) |
| 27 | |
| 28 | # Step 2 — fetch profile: { id: Integer, email: String, created_at:, updated_at: } |
| 29 | profile = SmbcloudAuthService.me(access_token: access_token) |
| 30 | |
| 31 | # Step 3 — upsert local user |
| 32 | user = User.find_or_create_from_smbcloud(profile.merge(access_token: access_token)) |
| 33 | |
| 34 | # Step 4 — establish session |
| 35 | reset_session |
| 36 | session[:user_id] = user.id |
| 37 | |
| 38 | return_to = session.delete(:return_to) |
| 39 | redirect_to(return_to || root_path, notice: "Welcome, #{user.display_name_or_username}!") |
| 40 | |
| 41 | rescue SmbcloudAuthService::AccountNotFoundError |
| 42 | flash.now[:alert] = "No account found for that email address." |
| 43 | render :new, status: :unprocessable_entity |
| 44 | |
| 45 | rescue SmbcloudAuthService::AccountIncompleteError => e |
| 46 | flash.now[:alert] = e.message.presence || |
| 47 | "Your account is not yet active. Please check your email for a verification link." |
| 48 | render :new, status: :unprocessable_entity |
| 49 | |
| 50 | rescue SmbcloudAuthService::AuthenticationError => e |
| 51 | Rails.logger.warn("smbCloud auth error for #{email.inspect}: #{e.message}") |
| 52 | flash.now[:alert] = "Sign-in failed. Please check your credentials and try again." |
| 53 | render :new, status: :unprocessable_entity |
| 54 | |
| 55 | rescue KeyError => e |
| 56 | # Missing SIGITSI_SMBCLOUD_APP_ID / SIGITSI_SMBCLOUD_APP_SECRET env vars |
| 57 | Rails.logger.error("smbCloud configuration error: #{e.message}") |
| 58 | flash.now[:alert] = "Authentication service is not configured. Please contact support." |
| 59 | render :new, status: :internal_server_error |
| 60 | |
| 61 | rescue => e |
| 62 | Rails.logger.error("Unexpected sign-in error for #{email.inspect}: #{e.message}\n" \ |
| 63 | "#{e.backtrace.first(5).join("\n")}") |
| 64 | flash.now[:alert] = "An unexpected error occurred. Please try again." |
| 65 | render :new, status: :internal_server_error |
| 66 | end |
| 67 | |
| 68 | # DELETE /auth/signout |
| 69 | def destroy |
| 70 | access_token = current_user&.access_token |
| 71 | SmbcloudAuthService.logout(access_token: access_token) if access_token.present? |
| 72 | reset_session |
| 73 | redirect_to root_path, notice: "You have been signed out." |
| 74 | end |
| 75 | |
| 76 | private |
| 77 | |
| 78 | def redirect_if_signed_in |
| 79 | redirect_to root_path, notice: "You are already signed in." if signed_in? |
| 80 | end |
| 81 | end |