|
|
@@ -27,11 +27,13 @@ class SessionsController < ApplicationController
|
|
|
end
|
|
|
|
|
|
raise Exceptions::NotAuthorized, __("Neither an SSO environment variable 'REMOTE_USER' nor a 'X-Forwarded-User' header could be found.") if login.blank?
|
|
|
- raise Exceptions::NotAuthorized, "Uuser '#{login}' could not be found." if user.blank?
|
|
|
+ raise Exceptions::NotAuthorized, "User '#{login}' could not be found." if user.blank?
|
|
|
|
|
|
session.delete(:switched_from_user_id)
|
|
|
authentication_check_prerequesits(user, 'SSO', {})
|
|
|
|
|
|
+ initiate_session_for(user)
|
|
|
+
|
|
|
redirect_to '/#'
|
|
|
end
|
|
|
|
|
|
@@ -39,8 +41,6 @@ class SessionsController < ApplicationController
|
|
|
user = authentication_check_only
|
|
|
raise Exceptions::NotAuthorized, 'no valid session' if user.blank?
|
|
|
|
|
|
- initiate_session_for(user)
|
|
|
-
|
|
|
# return current session
|
|
|
render json: SessionHelper.json_hash(user).merge(config: config_frontend)
|
|
|
rescue Exceptions::NotAuthorized => e
|
|
|
@@ -227,7 +227,11 @@ class SessionsController < ApplicationController
|
|
|
|
|
|
def initiate_session_for(user)
|
|
|
request.env['rack.session.options'][:expire_after] = 1.year if params[:remember_me]
|
|
|
+
|
|
|
+ # Mark the session as "persistent". Non-persistent sessions (e.g. sessions generated by curl API call) are
|
|
|
+ # deleted periodically in SessionHelper.cleanup_expired.
|
|
|
session[:persistent] = true
|
|
|
+
|
|
|
user.activity_stream_log('session started', user.id, true)
|
|
|
end
|
|
|
|
Dominik Klein