Class: Users::OmniauthCallbacksController

Inherits:

ApplicationController

• Object
• ApplicationController
• Users::OmniauthCallbacksController

Defined in:

app/controllers/users/omniauth_callbacks_controller.rb

Class Method Summary

• .find_authenticator(name) ⇒ Object

Instance Method Summary

• #complete ⇒ Object
• #confirm_request ⇒ Object
• #failure ⇒ Object
• #valid_origin?(uri) ⇒ Boolean

Class Method Details

.find_authenticator(name) ⇒ Object

Raises:

• (Discourse::InvalidAccess)

# File 'app/controllers/users/omniauth_callbacks_controller.rb', line 112

def self.find_authenticator(name)
  Discourse.enabled_authenticators.each do |authenticator|
    return authenticator if authenticator.name == name
  end
  raise Discourse::InvalidAccess.new(I18n.t("authenticator_not_found"))
end

Instance Method Details

#complete ⇒ Object

Raises:

• (Discourse::NotFound)

# File 'app/controllers/users/omniauth_callbacks_controller.rb', line 23

def complete
  auth = request.env["omniauth.auth"]
  raise Discourse::NotFound unless request.env["omniauth.auth"]
  raise Discourse::ReadOnly if @readonly_mode && !staff_writes_only_mode?

  auth[:session] = session

  authenticator = self.class.find_authenticator(params[:provider])

  if session.delete(:auth_reconnect) && authenticator.can_connect_existing_user? && current_user
    path = persist_auth_token(auth)
    return redirect_to path
  else
    DiscourseEvent.trigger(:before_auth, authenticator, auth, session, cookies, request)
    @auth_result = authenticator.after_authenticate(auth)
    @auth_result.user = nil if @auth_result&.user&.staged # Treat staged users the same as unregistered users
    DiscourseEvent.trigger(:after_auth, authenticator, @auth_result, session, cookies, request)
  end

  preferred_origin = request.env["omniauth.origin"]

  if session[:destination_url].present?
    preferred_origin = session[:destination_url]
    session.delete(:destination_url)
  elsif SiteSetting.enable_discourse_connect_provider && payload = cookies.delete(:sso_payload)
    preferred_origin = session_sso_provider_url + "?" + payload
  elsif cookies[:destination_url].present?
    preferred_origin = cookies[:destination_url]
    cookies.delete(:destination_url)
  end

  if preferred_origin.present?
    parsed =
      begin
        URI.parse(preferred_origin)
      rescue URI::Error
      end

    if valid_origin?(parsed)
      @origin = +"#{parsed.path}"
      @origin << "?#{parsed.query}" if parsed.query
    end
  end

  @origin = Discourse.base_path("/") if @origin.blank?

  @auth_result.destination_url = @origin
  @auth_result.authenticator_name = authenticator.name

  return render_auth_result_failure if @auth_result.failed?

  raise Discourse::ReadOnly if staff_writes_only_mode? && !@auth_result.user&.staff?

  complete_response_data

  return render_auth_result_failure if @auth_result.failed?

  client_hash = @auth_result.to_client_hash
  if authenticator.can_connect_existing_user? &&
       (SiteSetting.enable_local_logins || Discourse.enabled_authenticators.count > 1)
    # There is more than one login method, and users are allowed to manage associations themselves
    client_hash[:associate_url] = persist_auth_token(auth)
  end

  cookies["_bypass_cache"] = true
  cookies[:authentication_data] = { value: client_hash.to_json, path: Discourse.base_path("/") }
  redirect_to @origin
end

#confirm_request ⇒ Object

# File 'app/controllers/users/omniauth_callbacks_controller.rb', line 18

def confirm_request
  self.class.find_authenticator(params[:provider])
  render locals: { hide_auth_buttons: true }
end

#failure ⇒ Object

# File 'app/controllers/users/omniauth_callbacks_controller.rb', line 100

def failure
  error_key = params[:message].to_s.gsub(/[^\w-]/, "")
  error_key = "generic" if error_key.blank?

  flash[:error] = I18n.t(
    "login.omniauth_error.#{error_key}",
    default: I18n.t("login.omniauth_error.generic"),
  ).html_safe

  render "failure"
end

#valid_origin?(uri) ⇒ Boolean

Returns:

• (Boolean)

# File 'app/controllers/users/omniauth_callbacks_controller.rb', line 92

def valid_origin?(uri)
  return false if uri.nil?
  return false if uri.host.present? && uri.host != Discourse.current_hostname
  return false if uri.path.start_with?("#{Discourse.base_path}/auth/")
  return false if uri.path.start_with?("#{Discourse.base_path}/login")
  true
end