Refactor SessionsController to use a controller concern

author: Robert Speicher <rspeicher@gmail.com> 2015-05-14 21:24:05 +0300
committer: Robert Speicher <rspeicher@gmail.com> 2015-05-14 21:24:05 +0300
commit: c802d8eee171d3e4c0cd7e6a16f69f1001255d07 (patch)
tree: c3f41c33e644b04a4cd9bf2aaa5f3084ac62e0c7 /app/controllers/sessions_controller.rb
parent: 37bc4bb19934c4a0eb84fd5e2556363f55d4d601 (diff)
1 files changed, 3 insertions, 9 deletions
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index d4ff0d97561..b89b4c27350 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -1,11 +1,7 @@
 class SessionsController < Devise::SessionsController
-  prepend_before_action :authenticate_with_two_factor, only: [:create]
+  include AuthenticatesWithTwoFactor
 
-  # This action comes from DeviseController, but because we call `sign_in`
-  # manually inside `authenticate_with_two_factor`, not skipping this action
-  # would cause a "You are already signed in." error message to be shown upon
-  # successful login.
-  skip_before_action :require_no_authentication, only: [:create]
+  prepend_before_action :authenticate_with_two_factor, only: [:create]
 
   def new
     redirect_path =
@@ -74,9 +70,7 @@ class SessionsController < Devise::SessionsController
       end
     else
       if user && user.valid_password?(user_params[:password])
-        # Save the user's ID to session so we can ask for a one-time password
-        session[:otp_user_id] = user.id
-        render :two_factor and return
+        prompt_for_two_factor(user)
       end
     end
   end
author	Robert Speicher <rspeicher@gmail.com>	2015-05-14 21:24:05 +0300
committer	Robert Speicher <rspeicher@gmail.com>	2015-05-14 21:24:05 +0300
commit	c802d8eee171d3e4c0cd7e6a16f69f1001255d07 (patch)
tree	c3f41c33e644b04a4cd9bf2aaa5f3084ac62e0c7 /app/controllers/sessions_controller.rb
parent	37bc4bb19934c4a0eb84fd5e2556363f55d4d601 (diff)