Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Skip authenticity token verification until I found a way to enable CS…
…RF token check for omniauth-ldap
- Loading branch information
Showing
1 changed file
with
109 additions
and
0 deletions.
There are no files selected for viewing
109 changes: 109 additions & 0 deletions
109
app/controllers/decidim/devise/omniauth_registrations_controller.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,109 @@ | ||
# frozen_string_literal: true | ||
|
||
module Decidim | ||
module Devise | ||
# This controller customizes the behaviour of Devise::Omniauthable. | ||
class OmniauthRegistrationsController < ::Devise::OmniauthCallbacksController | ||
skip_before_action :verify_authenticity_token | ||
include FormFactory | ||
include Decidim::DeviseControllers | ||
|
||
def new | ||
@form = form(OmniauthRegistrationForm).from_params(params[:user]) | ||
end | ||
|
||
def create | ||
form_params = user_params_from_oauth_hash || params[:user] | ||
|
||
@form = form(OmniauthRegistrationForm).from_params(form_params) | ||
@form.email ||= verified_email | ||
|
||
CreateOmniauthRegistration.call(@form, verified_email) do | ||
on(:ok) do |user| | ||
if user.active_for_authentication? | ||
sign_in_and_redirect user, event: :authentication | ||
set_flash_message :notice, :success, kind: @form.provider.capitalize | ||
else | ||
expire_data_after_sign_in! | ||
user.resend_confirmation_instructions unless user.confirmed? | ||
redirect_to decidim.root_path | ||
flash[:notice] = t("devise.registrations.signed_up_but_unconfirmed") | ||
end | ||
end | ||
|
||
on(:invalid) do | ||
set_flash_message :notice, :success, kind: @form.provider.capitalize | ||
render :new | ||
end | ||
|
||
on(:error) do |user| | ||
if user.errors[:email] | ||
set_flash_message :alert, :failure, kind: @form.provider.capitalize, reason: t("decidim.devise.omniauth_registrations.create.email_already_exists") | ||
end | ||
|
||
render :new | ||
end | ||
end | ||
end | ||
|
||
def after_sign_in_path_for(user) | ||
if !pending_redirect?(user) && first_login_and_not_authorized?(user) | ||
decidim_verifications.authorizations_path | ||
else | ||
super | ||
end | ||
end | ||
|
||
# Calling the `stored_location_for` method removes the key, so in order | ||
# to check if there's any pending redirect after login I need to call | ||
# this method and use the value to set a pending redirect. This is the | ||
# only way to do this without checking the session directly. | ||
def pending_redirect?(user) | ||
store_location_for(user, stored_location_for(user)) | ||
end | ||
|
||
def first_login_and_not_authorized?(user) | ||
user.is_a?(User) && user.sign_in_count == 1 && Decidim::Verifications.workflows.any? && user.verifiable? | ||
end | ||
|
||
def action_missing(action_name) | ||
return send(:create) if devise_mapping.omniauthable? && User.omniauth_providers.include?(action_name.to_sym) | ||
|
||
raise AbstractController::ActionNotFound, "The action '#{action_name}' could not be found for Decidim::Devise::OmniauthCallbacksController" | ||
end | ||
|
||
private | ||
|
||
def oauth_data | ||
@oauth_data ||= oauth_hash.slice(:provider, :uid, :info) | ||
end | ||
|
||
# Private: Create form params from omniauth hash | ||
# Since we are using trusted omniauth data we are generating a valid signature. | ||
def user_params_from_oauth_hash | ||
return nil if oauth_data.empty? | ||
|
||
{ | ||
provider: oauth_data[:provider], | ||
uid: oauth_data[:uid], | ||
name: oauth_data[:info][:name], | ||
nickname: oauth_data[:info][:nickname], | ||
oauth_signature: OmniauthRegistrationForm.create_signature(oauth_data[:provider], oauth_data[:uid]), | ||
avatar_url: oauth_data[:info][:image], | ||
raw_data: oauth_hash | ||
} | ||
end | ||
|
||
def verified_email | ||
@verified_email ||= oauth_data.dig(:info, :email) | ||
end | ||
|
||
def oauth_hash | ||
raw_hash = request.env["omniauth.auth"] | ||
return {} unless raw_hash | ||
|
||
raw_hash.deep_symbolize_keys | ||
end | ||
end | ||
end | ||
end |