Class: SessionsController
- Inherits:
-
ApplicationController
- Object
- ApplicationController
- SessionsController
- Defined in:
- app/controllers/sessions_controller.rb
Class Method Summary collapse
Instance Method Summary collapse
- #callback ⇒ Object
- #callback_if_account_found(account, auth) ⇒ Object
- #callback_if_account_not_found(auth) ⇒ Object
- #failure ⇒ Object
-
#login ⇒ Object
各プロバイダごとのログイン用urlを返す.
-
#logout ⇒ Object
GET /users/logout.
Class Method Details
.create_user_by_auth(auth) ⇒ Object
64 65 66 |
# File 'app/controllers/sessions_controller.rb', line 64 def self.create_user_by_auth(auth) User.create!(email: auth.info[:email], user_img_url: auth.info[:image], lang_id: Lang[I18n.locale].id) end |
Instance Method Details
#callback ⇒ Object
11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
# File 'app/controllers/sessions_controller.rb', line 11 def callback auth = request.env['omniauth.auth'] user = nil if account = UserAccount.where(provider: auth['provider'], uid: auth['uid']).first user = callback_if_account_found(account,auth) else user = callback_if_account_not_found(auth) end set_user_id(user.id) if user && !logged_in? if user else end ensure redirect_to(session[:redirect_to] || root_path) and return end |
#callback_if_account_found(account, auth) ⇒ Object
27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 |
# File 'app/controllers/sessions_controller.rb', line 27 def callback_if_account_found(account,auth) if logged_in? if account.user && account.user_id != current_user.id # 既に他のユーザーが使っている # ユーザーが切り替わるようにしてもいいような気がするかもしれないが、セキュリティ上のリスクを考慮して許可しないようにしている。 # 例えば、あるユーザーAは、googleアカウントとtwitterアカウントの両方でログイン可能であり、かつgoogleアカウントは他社との共有のアカウント、twitterアカウントは自分だけが使える場合、googleのアカウントでログインできる人ならだれでもAになりすますことができてしまうので危険。しかもAはそのことに気が付かない可能性が高い # error403 "#{account.provider} is used by other user." redirect_to root_path return nil # ログインユーザーが切り替わる # account.user end current_user else user = account.user if !user # if account is exists but user is deleted user = self.class.create_user_by_auth(auth) account.update(user_id: user.id) if account.user_id != user.id end user end end |
#callback_if_account_not_found(auth) ⇒ Object
50 51 52 53 54 55 56 57 58 59 60 61 62 |
# File 'app/controllers/sessions_controller.rb', line 50 def callback_if_account_not_found(auth) user = nil UserAccount.transaction do if logged_in? user = current_user else user = self.class.create_user_by_auth(auth) user.text.update!(nick_name: auth.info[:name]) end UserAccount.create_with_omniauth!(auth, user.id) end user end |
#failure ⇒ Object
68 69 70 71 |
# File 'app/controllers/sessions_controller.rb', line 68 def failure flash[:notice]='login failed' redirect_to action: :login end |
#login ⇒ Object
各プロバイダごとのログイン用urlを返す
4 5 6 7 8 9 |
# File 'app/controllers/sessions_controller.rb', line 4 def login @providers = [] WeBridgeRailsEngineUsers::ProviderSettings.availables do |name| @providers << {path_method: WeBridgeRailsEngineUsers::ProviderSettings.auth_path_method(name), display: name.to_s.capitalize } end end |
#logout ⇒ Object
GET /users/logout
74 75 76 77 78 79 80 81 |
# File 'app/controllers/sessions_controller.rb', line 74 def logout set_user_id(nil) # flash[:notice]=(logged_in? ? "logout" : "not logged in") # flash[:status]=:ok # render status: :ok, location: root_path # request.referrer[:redirect_to] || redirect_to(params["redirect_to"] || root_path) and return end |