Class: DeviseTokenAuth::OmniauthCallbacksController

Inherits:

ApplicationController

• Object
• DeviseController
• ApplicationController
• DeviseTokenAuth::OmniauthCallbacksController

Defined in:

app/controllers/devise_token_auth/omniauth_callbacks_controller.rb

Instance Method Summary

• #assert_is_devise_resource! ⇒ Object

  ensure that this controller responds to :devise_controller? conditionals.

• #assign_provider_attrs(user, auth_hash) ⇒ Object

  break out provider attribute assignment for easy method extension.

• #auth_hash ⇒ Object

  this sesison value is set by the redirect_callbacks method.

• #devise_mapping ⇒ Object

  necessary for access to devise_parameter_sanitizers.

• #generate_url(url, params = {}) ⇒ Object
• #omniauth_failure ⇒ Object
• #omniauth_params ⇒ Object

  this will be determined differently depending on the action that calls it.

• #omniauth_success ⇒ Object
• #redirect_callbacks ⇒ Object

  intermediary route for successful omniauth authentication.

• #resource_class ⇒ Object

  pull resource class from omniauth return.

• #resource_name ⇒ Object
• #whitelisted_params ⇒ Object

  derive allowed params from the standard devise parameter sanitizer.

Methods inherited from ApplicationController

#error_messages, #error_serializer, #success_message

Instance Method Details

#assert_is_devise_resource! ⇒ Object

ensure that this controller responds to :devise_controller? conditionals. this is used primarily for access to the parameter sanitizers.

# File 'app/controllers/devise_token_auth/omniauth_callbacks_controller.rb', line 142

def assert_is_devise_resource!
  true
end

#assign_provider_attrs(user, auth_hash) ⇒ Object

break out provider attribute assignment for easy method extension

# File 'app/controllers/devise_token_auth/omniauth_callbacks_controller.rb', line 73

def assign_provider_attrs(user, auth_hash)
  user.assign_attributes({
    nickname: auth_hash['info']['nickname'],
    name:     auth_hash['info']['name'],
    image:    auth_hash['info']['image'],
    email:    auth_hash['info']['email']
  })
end

#auth_hash ⇒ Object

this sesison value is set by the redirect_callbacks method. its purpose is to persist the omniauth auth hash value thru a redirect. the value must be destroyed immediatly after it is accessed by omniauth_success

# File 'app/controllers/devise_token_auth/omniauth_callbacks_controller.rb', line 135

def auth_hash
  @_auth_hash ||= session.delete('dta.omniauth.auth')
  @_auth_hash
end

#devise_mapping ⇒ Object

necessary for access to devise_parameter_sanitizers

# File 'app/controllers/devise_token_auth/omniauth_callbacks_controller.rb', line 147

def devise_mapping
  if omniauth_params
    Devise.mappings[omniauth_params['resource_class'].underscore.to_sym]
  else
    request.env['devise.mapping']
  end
end

#generate_url(url, params = {}) ⇒ Object

# File 'app/controllers/devise_token_auth/omniauth_callbacks_controller.rb', line 155

def generate_url(url, params = {})
  auth_url = url

  # ensure that hash-bang is present BEFORE querystring for angularjs
  unless url.match(/#/)
    auth_url += '#'
  end

  # add query AFTER hash-bang
  auth_url += "?#{params.to_query}"

  return auth_url
end

#omniauth_failure ⇒ Object

# File 'app/controllers/devise_token_auth/omniauth_callbacks_controller.rb', line 83

def omniauth_failure
  @error = params[:message]

  respond_to do |format|
    format.html { render :layout => "omniauth_response", :template => "devise_token_auth/omniauth_failure" }
  end
end

#omniauth_params ⇒ Object

this will be determined differently depending on the action that calls it. redirect_callbacks is called upon returning from successful omniauth authentication, and the target params live in an omniauth-specific request.env variable. this variable is then persisted thru the redirect using our own dta.omniauth.params session var. the omniauth_success method will access that session var and then destroy it immediately after use.

# File 'app/controllers/devise_token_auth/omniauth_callbacks_controller.rb', line 123

def omniauth_params
  if request.env['omniauth.params']
    request.env['omniauth.params']
  else
    @_omniauth_params ||= session.delete('dta.omniauth.params')
    @_omniauth_params
  end
end

#omniauth_success ⇒ Object

# File 'app/controllers/devise_token_auth/omniauth_callbacks_controller.rb', line 21

def omniauth_success
  # find or create user by provider and provider uid
  @user = resource_class.where({
    uid:      auth_hash['uid'],
    provider: auth_hash['provider']
  }).first_or_initialize

  # create token info
  @client_id = SecureRandom.urlsafe_base64(nil, false)
  @token     = SecureRandom.urlsafe_base64(nil, false)
  @expiry    = (Time.now + DeviseTokenAuth.token_lifespan).to_i

  @auth_origin_url = generate_url(omniauth_params['auth_origin_url'], {
    token:     @token,
    client_id: @client_id,
    uid:       @user.uid,
    expiry:    @expiry
  })

  # set crazy password for new oauth users. this is only used to prevent
  # access via email sign-in.
  unless @user.id
    p = SecureRandom.urlsafe_base64(nil, false)
    @user.password = p
    @user.password_confirmation = p
  end

  @user.tokens[@client_id] = {
    token: BCrypt::Password.create(@token),
    expiry: @expiry
  }

  # sync user info with provider, update/generate auth token
  assign_provider_attrs(@user, auth_hash)

  # assign any additional (whitelisted) attributes
  extra_params = whitelisted_params
  @user.assign_attributes(extra_params) if extra_params

  # don't send confirmation email!!!
  @user.skip_confirmation!

  @user.save!

  # render user info to javascript postMessage communication window
  respond_to do |format|
    format.html { render :layout => "omniauth_response", :template => "devise_token_auth/omniauth_success" }
  end
end

#redirect_callbacks ⇒ Object

intermediary route for successful omniauth authentication. omniauth does not support multiple models, so we must resort to this terrible hack.

# File 'app/controllers/devise_token_auth/omniauth_callbacks_controller.rb', line 8

def redirect_callbacks
  # derive target redirect route from 'resource_class' param, which was set
  # before authentication.
  devise_mapping = request.env['omniauth.params']['resource_class'].underscore.to_sym
  redirect_route = "#{Devise.mappings[devise_mapping].as_json["path_prefix"]}/#{params[:provider]}/callback"

  # preserve omniauth info for success route
  session['dta.omniauth.auth'] = request.env['omniauth.auth']
  session['dta.omniauth.params'] = request.env['omniauth.params']

  redirect_to redirect_route
end

#resource_class ⇒ Object

pull resource class from omniauth return

# File 'app/controllers/devise_token_auth/omniauth_callbacks_controller.rb', line 106

def resource_class
  if omniauth_params
    omniauth_params['resource_class'].constantize
  end
end

#resource_name ⇒ Object

# File 'app/controllers/devise_token_auth/omniauth_callbacks_controller.rb', line 112

def resource_name
  resource_class
end

#whitelisted_params ⇒ Object

derive allowed params from the standard devise parameter sanitizer

# File 'app/controllers/devise_token_auth/omniauth_callbacks_controller.rb', line 93

def whitelisted_params
  whitelist = devise_parameter_sanitizer.for(:sign_up)

  whitelist.inject({}){|coll, key|
    param = omniauth_params[key.to_s]
    if param
      coll[key] = param
    end
    coll
  }
end