POST /resource/sign_in
# File app/controllers/devise/sessions_controller.rb, line 16 def create self.resource = warden.authenticate!(auth_options) set_flash_message(:notice, :signed_in) if is_flashing_format? sign_in(resource_name, resource) yield resource if block_given? respond_with resource, location: after_sign_in_path_for(resource) end
DELETE /resource/sign_out
# File app/controllers/devise/sessions_controller.rb, line 25 def destroy signed_out = (Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name)) set_flash_message :notice, :signed_out if signed_out && is_flashing_format? yield if block_given? respond_to_on_destroy end
GET /resource/sign_in
# File app/controllers/devise/sessions_controller.rb, line 8 def new self.resource = resource_class.new(sign_in_params) clean_up_passwords(resource) yield resource if block_given? respond_with(resource, serialize_options(resource)) end
# File app/controllers/devise/sessions_controller.rb, line 45 def auth_options { scope: resource_name, recall: "#{controller_path}#new" } end
# File app/controllers/devise/sessions_controller.rb, line 38 def serialize_options(resource) methods = resource_class.authentication_keys.dup methods = methods.keys if methods.is_a?(Hash) methods << :password if resource.respond_to?(:password) { methods: methods, only: [:password] } end
# File app/controllers/devise/sessions_controller.rb, line 34 def sign_in_params devise_parameter_sanitizer.sanitize(:sign_in) end
# File app/controllers/devise/sessions_controller.rb, line 49 def translation_scope 'devise.sessions' end
# File app/controllers/devise/sessions_controller.rb, line 67 def all_signed_out? users = Devise.mappings.keys.map { |s| warden.user(scope: s, run_callbacks: false) } users.all?(&:blank?) end
# File app/controllers/devise/sessions_controller.rb, line 73 def respond_to_on_destroy # We actually need to hardcode this as Rails default responder doesn't # support returning empty response on GET request respond_to do |format| format.all { head :no_content } format.any(*navigational_formats) { redirect_to after_sign_out_path_for(resource_name) } end end
Check if there is no signed in user before doing the sign out.
If there is no signed in user, it will set the flash message and redirect to the after_sign_out path.
# File app/controllers/devise/sessions_controller.rb, line 59 def verify_signed_out_user if all_signed_out? set_flash_message :notice, :already_signed_out if is_flashing_format? respond_to_on_destroy end end