Use around_action to preserve stored location in auth/sessions#destroy (#35716)

2025-08-08 11:31:50 -04:00
parent 5d934c2835
commit b8982cb881
1 changed files with 8 additions and 2 deletions
--- a/app/controllers/auth/sessions_controller.rb
+++ b/app/controllers/auth/sessions_controller.rb
@@ -12,6 +12,8 @@ class Auth::SessionsController < Devise::SessionsController
  skip_before_action :require_functional!
  skip_before_action :update_user_sign_in

+  around_action :preserve_stored_location, only: :destroy, if: :continue_after?
+
  prepend_before_action :check_suspicious!, only: [:create]

  include Auth::TwoFactorAuthenticationConcern
@@ -31,11 +33,9 @@ class Auth::SessionsController < Devise::SessionsController
  end

  def destroy
-    tmp_stored_location = stored_location_for(:user)
    super
    session.delete(:challenge_passed_at)
    flash.delete(:notice)
-    store_location_for(:user, tmp_stored_location) if continue_after?
  end

  def webauthn_options
@@ -96,6 +96,12 @@ class Auth::SessionsController < Devise::SessionsController

  private

+  def preserve_stored_location
+    original_stored_location = stored_location_for(:user)
+    yield
+    store_location_for(:user, original_stored_location)
+  end
+
  def check_suspicious!
    user = find_user
    @login_is_suspicious = suspicious_sign_in?(user) unless user.nil?