diff options
| author | Robert Speicher <rspeicher@gmail.com> | 2015-05-10 00:04:02 +0300 |
|---|---|---|
| committer | Robert Speicher <rspeicher@gmail.com> | 2015-05-10 00:32:49 +0300 |
| commit | 5cd526f77fa51347ec66ab094b778ca4b83b8fce (patch) | |
| tree | 78e80614977bfb927dad044670e65d7be508ca93 /app/controllers/sessions_controller.rb | |
| parent | 76873ce4a49be9a591082f7b96482ebdc9cace9d (diff) | |
Prevent "You are already signed in." error message upon 2FA login
Diffstat (limited to 'app/controllers/sessions_controller.rb')
| -rw-r--r-- | app/controllers/sessions_controller.rb | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index b9757143119..d4ff0d97561 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -1,5 +1,11 @@ class SessionsController < Devise::SessionsController - prepend_before_action :authenticate_with_two_factor, only: :create + prepend_before_action :authenticate_with_two_factor, only: [:create] + + # This action comes from DeviseController, but because we call `sign_in` + # manually inside `authenticate_with_two_factor`, not skipping this action + # would cause a "You are already signed in." error message to be shown upon + # successful login. + skip_before_action :require_no_authentication, only: [:create] def new redirect_path = @@ -61,7 +67,7 @@ class SessionsController < Devise::SessionsController # Remove any lingering user data from login session.delete(:otp_user_id) - sign_in(user) + sign_in(user) and return else flash.now[:alert] = 'Invalid two-factor code.' render :two_factor and return |