OpenProject is the leading open source project management software.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
openproject/app/controllers/concerns/omniauth_login.rb

83 lines
2.7 KiB

##
# Intended to be used by the AccountController to handle omniauth logins
module OmniauthLogin
def omniauth_login
auth_hash = request.env['omniauth.auth']
return render_400 unless auth_hash.valid?
# Set back url to page the omniauth login link was clicked on
params[:back_url] = request.env['omniauth.origin']
user = User.find_or_initialize_by_identity_url(identity_url_from_omniauth(auth_hash))
if user.new_record?
create_user_from_omniauth(user, auth_hash)
else
user.log_successful_login if user.active?
login_user_if_active(user)
end
end
def omniauth_failure
logger.warn(params[:message]) if params[:message]
flash[:error] = I18n.t(:error_external_authentication_failed)
redirect_to :action => 'login'
end
private
# a user may login via omniauth and (if that user does not exist
# in our database) will be created using this method.
def create_user_from_omniauth(user, auth_hash)
# Self-registration off
return self_registration_disabled unless Setting.self_registration?
# Create on the fly
fill_user_fields_from_omniauth(user, auth_hash)
register_user_according_to_setting(user) do
# Allow registration form to show provider-specific title
@omniauth_strategy = auth_hash[:provider]
# Store a timestamp so we can later make sure that authentication information can
# only be reused for a short time.
session_info = auth_hash.merge(omniauth: true, timestamp: Time.new)
onthefly_creation_failed(user, session_info)
end
end
def register_via_omniauth(user, session, permitted_params)
auth = session[:auth_source_registration]
return if handle_omniauth_registration_expired(auth)
fill_user_fields_from_omniauth(@user, auth)
@user.update_attributes(permitted_params.user_register_via_omniauth)
register_user_according_to_setting(@user)
end
def fill_user_fields_from_omniauth(user, auth)
info = auth[:info]
user.update_attributes login: info[:email],
mail: info[:email],
firstname: info[:first_name] || info[:name],
lastname: info[:last_name],
identity_url: identity_url_from_omniauth(auth)
user.register
user
end
def identity_url_from_omniauth(auth)
"#{auth[:provider]}:#{auth[:uid]}"
end
# if the omni auth registration happened too long ago,
# we don't accept it anymore.
def handle_omniauth_registration_expired(auth)
if auth['timestamp'] < Time.now - 30.minutes
flash[:error] = I18n.t(:error_omniauth_registration_timed_out)
redirect_to(signin_url)
end
end
end