feat: Authenticate by SSO tokens (#1439)

Co-authored-by: Pranav Raj Sreepuram <pranavrajs@gmail.com>

app/controllers/devise_overrides/sessions_controller.rb

@@ -2,8 +2,38 @@ class DeviseOverrides::SessionsController < ::DeviseTokenAuth::SessionsControlle
   # Prevent session parameter from being passed
   # Unpermitted parameter: session
   wrap_parameters format: []
+  before_action :process_sso_auth_token, only: [:create]
+
+  def create
+    # Authenticate user via the temporary sso auth token
+    if params[:sso_auth_token].present? && @resource.present?
+      authenticate_resource_with_sso_token
+      yield @resource if block_given?
+      render_create_success
+    else
+      super
+    end
+  end
 
   def render_create_success
     render partial: 'devise/auth.json', locals: { resource: @resource }
   end
+
+  private
+
+  def authenticate_resource_with_sso_token
+    @token = @resource.create_token
+    @resource.save
+
+    sign_in(:user, @resource, store: false, bypass: false)
+    # invalidate the token after the user is signed in
+    @resource.invalidate_sso_auth_token(params[:sso_auth_token])
+  end
+
+  def process_sso_auth_token
+    return if params[:email].blank?
+
+    user = User.find_by(email: params[:email])
+    @resource = user if user&.valid_sso_auth_token?(params[:sso_auth_token])
+  end
 end