Class: Mcp::SessionsController

Inherits:

ActionController::Base

• Object
• ActionController::Base
• Mcp::SessionsController

Defined in:

app/controllers/mcp/sessions_controller.rb

Instance Method Summary

• #destroy ⇒ Object

  DELETE /accounts/sign_out.

• #google_callback ⇒ Object

  GET/POST /accounts/auth/:provider/callback.

• #new ⇒ Object

  GET /accounts/sign_in.

Instance Method Details

#destroy ⇒ Object

DELETE /accounts/sign_out

# File 'app/controllers/mcp/sessions_controller.rb', line 77

def destroy
  session.delete(:mcp_account_id)
  redirect_to mcp_sign_in_path, notice: 'Signed out.'
end

#google_callback ⇒ Object

GET/POST /accounts/auth/:provider/callback

# File 'app/controllers/mcp/sessions_controller.rb', line 38

def google_callback
  auth_data = request.env['omniauth.auth']

  if auth_data.nil?
    flash[:alert] = 'Authentication failed. Please try again.'
    redirect_to mcp_sign_in_path
    return
  end

  # Find the account via the Authentication model (same lookup as CRM)
  authentication = Authentication.find_by(
    provider: auth_data['provider'],
    uid: auth_data['uid']
  )

  account = authentication&.account

  # Verify the account is an employee with MCP access
  unless account&.is_employee? && account.has_role?('mcp_access')
    flash[:alert] = 'Access denied. You must be a WarmlyYours employee with MCP access.'
    redirect_to mcp_sign_in_path
    return
  end

  # Create MCP subdomain session (isolated from CRM/WWW)
  session[:mcp_account_id] = account.id

  # Redirect back to the OAuth authorize page (set by Doorkeeper before login)
  return_to = session.delete(:oauth_return_to)
  if return_to.present?
    redirect_to return_to
  else
    # Direct sign-in (not via Doorkeeper flow) -- show a simple confirmation
    flash[:notice] = "Signed in as #{account.email}. You can now authorize MCP clients."
    redirect_to mcp_sign_in_path
  end
end

#new ⇒ Object

GET /accounts/sign_in

# File 'app/controllers/mcp/sessions_controller.rb', line 21

def new
  # If already authenticated for MCP, redirect to the pending OAuth flow
  if session[:mcp_account_id].present?
    return_to = session.delete(:oauth_return_to)
    if return_to.present?
      redirect_to return_to
      return
    end
    # Already signed in but no pending OAuth flow -- show status
    @account = Account.find_by(id: session[:mcp_account_id])
  end

  # Build the Google OAuth URL for the MCP subdomain
  @google_oauth_url = "/accounts/auth/google_oauth2"
end