1class Admin::UserSessionsController < Admin::AdminController |
|
2 skip_before_filter :require_admin, only: [:new, :create, :destroy, :status] |
|
3 skip_before_filter :check_for_password_change |
|
5 def new |
|
6 @user_session = AdminUserSession.new |
|
7 end |
|
9 def create |
|
10 @user_session = AdminUserSession.new(user_session_params) |
|
12 if @user_session.save |
|
13 redirect_to_target_or_default
|
|
14 elsif @user_session.last_login_attempt? |
|
15 render :new, alert: :last_login |
|
16 elsif @user_session.being_brute_force_protected? |
|
17 render :new, alert: :disabled_login |
|
18 else |
|
19 render :new, alert: :invalid_login |
|
20 end |
|
21 end |
|
23 def destroy |
|
24 current_session.destroy if logged_in? |
|
25 redirect_to admin_login_url, notice: :logged_out |
|
26 end |
|
28 def status |
|
29 end |
|
31 def continue |
|
32 current_user.touch(:last_request_at) |
|
33 end |
|
35 private
|
|
37 def user_session_params |
|
38 params.require(:admin_user_session).permit(:email, :password) |
|
39 end |
|
41 def last_request_update_allowed? |
|
42 action_name != 'status' |
|
43 end |
|
44end |