Class: Decidim::Mpassid::OmniauthCallbacksController
- Inherits:
-
Devise::OmniauthRegistrationsController
- Object
- Devise::OmniauthRegistrationsController
- Decidim::Mpassid::OmniauthCallbacksController
- Defined in:
- app/controllers/decidim/mpassid/omniauth_callbacks_controller.rb
Instance Method Summary collapse
- #failure ⇒ Object
-
#mpassid ⇒ Object
This is called always after the user returns from the authentication flow from the MPASSid identity provider.
-
#sign_in_and_redirect(resource_or_scope, *args) ⇒ Object
This is overridden method from the Devise controller helpers This is called when the user is successfully authenticated which means that we also need to add the authorization for the user automatically because a succesful MPASSid authentication means the user has been successfully authorized as well.
Instance Method Details
#failure ⇒ Object
62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 |
# File 'app/controllers/decidim/mpassid/omniauth_callbacks_controller.rb', line 62 def failure strategy = failed_strategy saml_response = strategy.response_object if strategy return super unless saml_response # In case we want more info about the returned status codes, use the # code below. # # Status codes: # Requester = A problem with the request OR the user cancelled the # request at the identity provider. # Responder = The handling of the request failed. # VersionMismatch = Wrong version in the request. # # Additional state codes: # AuthnFailed = The authentication failed OR the user cancelled # the process at the identity provider. # RequestDenied = The authenticating endpoint (which the # identity provider redirects to) rejected the # authentication. # if !saml_response.send(:validate_success_status) && !saml_response.status_code.nil? # codes = saml_response.status_code.split(" | ").map do |full_code| # full_code.split(":").last # end # end # Some extra validation checks validations = [ # The success status validation fails in case the response status # code is something else than "Success". This is most likely because # of one the reasons explained above. In general there are few # possible explanations for this: # 1. The user cancelled the request and returned to the service. # 2. The underlying identity service the IdP redirects to rejected # the request for one reason or another. E.g. the user cancelled # the request at the identity service. # 3. There is some technical problem with the identity provider # service or the XML request sent to there is malformed. :success_status, # Checks if the local session should be expired, i.e. if the user # took too long time to go through the authorization endpoint. :session_expiration, # The NotBefore and NotOnOrAfter conditions failed, i.e. whether the # request is handled within the allowed timeframe by the IdP. :conditions ] validations.each do |key| next if saml_response.send("validate_#{key}") flash[:alert] = t(".#{key}") return redirect_to after_omniauth_failure_path_for(resource_name) end super end |
#mpassid ⇒ Object
This is called always after the user returns from the authentication flow from the MPASSid identity provider.
15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 |
# File 'app/controllers/decidim/mpassid/omniauth_callbacks_controller.rb', line 15 def mpassid if user_signed_in? # The user is most likely returning from an authorization request # because they are already signed in. In this case, add the # authorization and redirect the user back to the authorizations view. # Make sure the user has an identity created in order to aid future # MPASSid sign ins. identity = current_user.identities.find_by( organization: current_organization, provider: oauth_data[:provider], uid: user_identifier ) unless identity # Check that the identity is not already bound to another user. id = Decidim::Identity.find_by( organization: current_organization, provider: oauth_data[:provider], uid: user_identifier ) return (:identity_bound_to_other_user) if id current_user.identities.create!( organization: current_organization, provider: oauth_data[:provider], uid: user_identifier ) end # Add the authorization for the user return unless (current_user) # Show the success message and redirect back to the authorizations flash[:notice] = t( "authorizations.create.success", scope: "decidim.mpassid.verification" ) return redirect_to( stored_location_for(resource || :user) || decidim_verifications. ) end # Normal authentication request, proceed with Decidim's internal logic. send(:create) end |
#sign_in_and_redirect(resource_or_scope, *args) ⇒ Object
This is overridden method from the Devise controller helpers This is called when the user is successfully authenticated which means that we also need to add the authorization for the user automatically because a succesful MPASSid authentication means the user has been successfully authorized as well.
123 124 125 126 127 128 129 130 |
# File 'app/controllers/decidim/mpassid/omniauth_callbacks_controller.rb', line 123 def sign_in_and_redirect(resource_or_scope, *args) # Add authorization for the user if resource_or_scope.is_a?(::Decidim::User) return unless (resource_or_scope) end super end |