Class: DeviseTokenAuth::OmniauthCallbacksController

Inherits:

ApplicationController

Object
DeviseController
ApplicationController
DeviseTokenAuth::OmniauthCallbacksController

show all

Defined in:: app/controllers/devise_token_auth/omniauth_callbacks_controller.rb

Instance Attribute Summary collapse

#auth_params ⇒ Object readonly

Returns the value of attribute auth_params.

Instance Method Summary collapse

#default_devise_mapping ⇒ Object

This method will only be called if ‘get_devise_mapping` cannot find the mapping in `omniauth.params`.
#get_devise_mapping ⇒ Object
#get_redirect_route(devise_mapping) ⇒ Object
#omniauth_failure ⇒ Object
#omniauth_success {|@resource| ... } ⇒ Object
#redirect_callbacks ⇒ Object

intermediary route for successful omniauth authentication.
#validate_auth_origin_url_param ⇒ Object

Methods inherited from ApplicationController

#resource_data, #resource_errors

Instance Attribute Details

#auth_params ⇒ `Object` (readonly)

Returns the value of attribute auth_params.



5
6
7

# File 'app/controllers/devise_token_auth/omniauth_callbacks_controller.rb', line 5

def auth_params
  @auth_params
end

Instance Method Details

#default_devise_mapping ⇒ `Object`

This method will only be called if ‘get_devise_mapping` cannot find the mapping in `omniauth.params`.

One example use-case here is for IDP-initiated SAML login. In that case, there will have been no initial request in which to save the devise mapping. If you are in a situation like that, and your app allows for you to determine somehow what the devise mapping should be (because, for example, it is always the same), then you can handle it by overriding this method.

Raises:

(NotImplementedError)



53
54
55

# File 'app/controllers/devise_token_auth/omniauth_callbacks_controller.rb', line 53

def default_devise_mapping
  raise NotImplementedError.new('no default_devise_mapping set')
end

#get_devise_mapping ⇒ `Object`

# File 'app/controllers/devise_token_auth/omniauth_callbacks_controller.rb', line 35

def get_devise_mapping
   # derive target redirect route from 'resource_class' param, which was set
   # before authentication.
   devise_mapping = [request.env['omniauth.params']['namespace_name'],
                     request.env['omniauth.params']['resource_class'].underscore.gsub('/', '_')].compact.join('_')
rescue NoMethodError => err
  default_devise_mapping
end

#get_redirect_route(devise_mapping) ⇒ `Object`

# File 'app/controllers/devise_token_auth/omniauth_callbacks_controller.rb', line 29

def get_redirect_route(devise_mapping)
  path = "#{Devise.mappings[devise_mapping.to_sym].fullpath}/#{params[:provider]}/callback"
  klass = request.scheme == 'https' ? URI::HTTPS : URI::HTTP
  redirect_route = klass.build(host: request.host, port: request.port, path: path).to_s
end

#omniauth_failure ⇒ `Object`

# File 'app/controllers/devise_token_auth/omniauth_callbacks_controller.rb', line 80

def omniauth_failure
  @error = params[:message]
  render_data_or_redirect('authFailure', error: @error)
end

#omniauth_success {|@resource| ... } ⇒ `Object`

Yields:

(@resource)

# File 'app/controllers/devise_token_auth/omniauth_callbacks_controller.rb', line 57

def omniauth_success
  get_resource_from_auth_hash
  set_token_on_resource
  create_auth_params

  if confirmable_enabled?
    # don't send confirmation email!!!
    @resource.skip_confirmation!
  end

  sign_in(:user, @resource, store: false, bypass: false)

  @resource.save!

  yield @resource if block_given?

  if DeviseTokenAuth.cookie_enabled
    set_token_in_cookie(@resource, @token)
  end

  render_data_or_redirect('deliverCredentials', @auth_params.as_json, @resource.as_json)
end

#redirect_callbacks ⇒ `Object`

intermediary route for successful omniauth authentication. omniauth does not support multiple models, so we must resort to this terrible hack.

# File 'app/controllers/devise_token_auth/omniauth_callbacks_controller.rb', line 14

def redirect_callbacks

  # derive target redirect route from 'resource_class' param, which was set
  # before authentication.
  devise_mapping = get_devise_mapping
  redirect_route = get_redirect_route(devise_mapping)

  # preserve omniauth info for success route. ignore 'extra' in twitter
  # auth response to avoid CookieOverflow.
  session['dta.omniauth.auth'] = request.env['omniauth.auth'].except('extra')
  session['dta.omniauth.params'] = request.env['omniauth.params']

  redirect_to redirect_route, status: 307
end

#validate_auth_origin_url_param ⇒ `Object`



85
86
87

# File 'app/controllers/devise_token_auth/omniauth_callbacks_controller.rb', line 85

def validate_auth_origin_url_param
  return render_error_not_allowed_auth_origin_url if auth_origin_url && blacklisted_redirect_url?(auth_origin_url)
end

Class: DeviseTokenAuth::OmniauthCallbacksController

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods inherited from ApplicationController

Instance Attribute Details

#auth_params ⇒ Object (readonly)

Instance Method Details

#default_devise_mapping ⇒ Object

#get_devise_mapping ⇒ Object

#get_redirect_route(devise_mapping) ⇒ Object

#omniauth_failure ⇒ Object

#omniauth_success {|@resource| ... } ⇒ Object

#redirect_callbacks ⇒ Object

#validate_auth_origin_url_param ⇒ Object