discourse/app/controllers/users/omniauth_callbacks_controller.rb

# -*- encoding : utf-8 -*-
require_dependency 'email'
require_dependency 'enum'
require_dependency 'user_name_suggester'

class Users::OmniauthCallbacksController < ApplicationController

  BUILTIN_AUTH = [
    Auth::FacebookAuthenticator.new,
    Auth::OpenIdAuthenticator.new("google", "https://www.google.com/accounts/o8/id", trusted: true),
    Auth::OpenIdAuthenticator.new("yahoo", "https://me.yahoo.com", trusted: true),
    Auth::GithubAuthenticator.new,
    Auth::TwitterAuthenticator.new,
    Auth::PersonaAuthenticator.new,
    Auth::CasAuthenticator.new
  ]

  skip_before_filter :redirect_to_login_if_required

  layout false

  def self.types
    @types ||= Enum.new(:facebook, :twitter, :google, :yahoo, :github, :persona, :cas)
  end

  # need to be able to call this
  skip_before_filter :check_xhr

  # this is the only spot where we allow CSRF, our openid / oauth redirect
  # will not have a CSRF token, however the payload is all validated so its safe
  skip_before_filter :verify_authenticity_token, only: :complete

  def complete
    auth = request.env["omniauth.auth"]

    authenticator = self.class.find_authenticator(params[:provider])

    @data = authenticator.after_authenticate(auth)
    @data.authenticator_name = authenticator.name

    if @data.user
      user_found(@data.user)
    elsif SiteSetting.invite_only?
      @data.requires_invite = true
    else
      session[:authentication] = @data.session_data
    end

    respond_to do |format|
      format.html
      format.json { render json: @data }
    end
  end

  def failure
    flash[:error] = I18n.t("login.omniauth_error", strategy: params[:strategy].titleize)
    render layout: 'no_js'
  end


  def self.find_authenticator(name)
    BUILTIN_AUTH.each do |authenticator|
      if authenticator.name == name
        raise Discourse::InvalidAccess.new("provider is not enabled") unless SiteSetting.send("enable_#{name}_logins?")

        return authenticator
      end
    end

    Discourse.auth_providers.each do |provider|
      if provider.name == name

        return provider.authenticator
      end
    end

    raise Discourse::InvalidAccess.new("provider is not found")
  end

  protected

  def user_found(user)
    # automatically activate any account if a provider marked the email valid
    if !user.active && @data.email_valid
      user.toggle(:active).save
    end

    # log on any account that is active with forum access
    if Guardian.new(user).can_access_forum? && user.active
      log_on_user(user)
      # don't carry around old auth info, perhaps move elsewhere
      session[:authentication] = nil
      @data.authenticated = true
    else
      if SiteSetting.must_approve_users? && !user.approved?
        @data.awaiting_approval = true
      else
        @data.awaiting_activation = true
      end
    end
  end

end
move all logic to omniauth implement omniauth-facebook / omniauth-twitter 2013-02-12 21:47:22 +08:00			`# -- encoding : utf-8 --`
			`require_dependency 'email'`
Check when logging in whether a auth provider is enabled, including specs 2013-03-04 13:44:41 -05:00			`require_dependency 'enum'`
Refactored user_name suggestion methods into a module to reduce the complexity of User model 2013-06-06 16:40:10 +02:00			`require_dependency 'user_name_suggester'`
Check when logging in whether a auth provider is enabled, including specs 2013-03-04 13:44:41 -05:00
move all logic to omniauth implement omniauth-facebook / omniauth-twitter 2013-02-12 21:47:22 +08:00			`class Users::OmniauthCallbacksController < ApplicationController`
major refactor of auth, break up the gigantic omniauth controller into sub classes for way better extensibitily 2013-08-23 16:20:43 +10:00
			`BUILTIN_AUTH = [`
			`Auth::FacebookAuthenticator.new,`
Fixed all broken specs Moved middleware config into authenticators 2013-08-26 11:04:16 +10:00			`Auth::OpenIdAuthenticator.new("google", "https://www.google.com/accounts/o8/id", trusted: true),`
			`Auth::OpenIdAuthenticator.new("yahoo", "https://me.yahoo.com", trusted: true),`
major refactor of auth, break up the gigantic omniauth controller into sub classes for way better extensibitily 2013-08-23 16:20:43 +10:00			`Auth::GithubAuthenticator.new,`
			`Auth::TwitterAuthenticator.new,`
Allow CAS authentication 2013-08-28 14:32:51 +02:00			`Auth::PersonaAuthenticator.new,`
			`Auth::CasAuthenticator.new`
major refactor of auth, break up the gigantic omniauth controller into sub classes for way better extensibitily 2013-08-23 16:20:43 +10:00			`]`

missing skip filter for omniauth 2013-06-05 10:30:51 +10:00			`skip_before_filter :redirect_to_login_if_required`
move all logic to omniauth implement omniauth-facebook / omniauth-twitter 2013-02-12 21:47:22 +08:00
			`layout false`

Check when logging in whether a auth provider is enabled, including specs 2013-03-04 13:44:41 -05:00			`def self.types`
add cas support with a few tests 2013-05-23 13:40:50 -07:00			`@types \|\|= Enum.new(:facebook, :twitter, :google, :yahoo, :github, :persona, :cas)`
Check when logging in whether a auth provider is enabled, including specs 2013-03-04 13:44:41 -05:00			`end`

move all logic to omniauth implement omniauth-facebook / omniauth-twitter 2013-02-12 21:47:22 +08:00			`# need to be able to call this`
			`skip_before_filter :check_xhr`

SECURITY: correct our CSRF implementation to be much more aggressive 2013-07-29 15:13:13 +10:00			`# this is the only spot where we allow CSRF, our openid / oauth redirect`
			`# will not have a CSRF token, however the payload is all validated so its safe`
Convert a lot of :a => b to a: b and bring peace to the world 2013-03-23 20:32:59 +05:30			`skip_before_filter :verify_authenticity_token, only: :complete`
move all logic to omniauth implement omniauth-facebook / omniauth-twitter 2013-02-12 21:47:22 +08:00
			`def complete`
major refactor of auth, break up the gigantic omniauth controller into sub classes for way better extensibitily 2013-08-23 16:20:43 +10:00			`auth = request.env["omniauth.auth"]`
working plugin interface for custom openid auth, custom css and custom js 2013-08-01 15:59:57 +10:00
major refactor of auth, break up the gigantic omniauth controller into sub classes for way better extensibitily 2013-08-23 16:20:43 +10:00			`authenticator = self.class.find_authenticator(params[:provider])`
Check when logging in whether a auth provider is enabled, including specs 2013-03-04 13:44:41 -05:00
major refactor of auth, break up the gigantic omniauth controller into sub classes for way better extensibitily 2013-08-23 16:20:43 +10:00			`@data = authenticator.after_authenticate(auth)`
			`@data.authenticator_name = authenticator.name`
working plugin interface for custom openid auth, custom css and custom js 2013-08-01 15:59:57 +10:00
invite only forums had very wonky logic, invited users were not being activated, invite_only forums were still registering users 2013-08-28 17:18:31 +10:00			`if @data.user`
			`user_found(@data.user)`
			`elsif SiteSetting.invite_only?`
			`@data.requires_invite = true`
			`else`
			`session[:authentication] = @data.session_data`
			`end`
Disable OmniAuth account creation if 'invite only' 2013-06-05 11:11:02 -07:00
Use AJAX for submitting Persona credentials. Fixes issue with needing to unblock popups. 2013-03-01 13:22:54 -06:00			`respond_to do \|format\|`
			`format.html`
Use consistent new-style hashes in render calls twitch 2013-03-22 14:08:11 -04:00			`format.json { render json: @data }`
Use AJAX for submitting Persona credentials. Fixes issue with needing to unblock popups. 2013-03-01 13:22:54 -06:00			`end`
move all logic to omniauth implement omniauth-facebook / omniauth-twitter 2013-02-12 21:47:22 +08:00			`end`

This commit adds a callback route to handle omniauth failure and removes a few unneccessary entries in en.yml 2013-02-14 11:11:13 -08:00			`def failure`
			`flash[:error] = I18n.t("login.omniauth_error", strategy: params[:strategy].titleize)`
Use consistent new-style hashes in render calls twitch 2013-03-22 14:08:11 -04:00			`render layout: 'no_js'`
This commit adds a callback route to handle omniauth failure and removes a few unneccessary entries in en.yml 2013-02-14 11:11:13 -08:00			`end`

Authenticate with Discourse via OAuth2 See https://github.com/michaelkirk/discourse_oauth2_example for an example of how you might integrate your existing oauth2 provider's authentication via a Discourse plugin. 2013-08-17 21:43:59 -07:00
major refactor of auth, break up the gigantic omniauth controller into sub classes for way better extensibitily 2013-08-23 16:20:43 +10:00			`def self.find_authenticator(name)`
			`BUILTIN_AUTH.each do \|authenticator\|`
			`if authenticator.name == name`
			`raise Discourse::InvalidAccess.new("provider is not enabled") unless SiteSetting.send("enable_#{name}_logins?")`
Authenticate with Discourse via OAuth2 See https://github.com/michaelkirk/discourse_oauth2_example for an example of how you might integrate your existing oauth2 provider's authentication via a Discourse plugin. 2013-08-17 21:43:59 -07:00
major refactor of auth, break up the gigantic omniauth controller into sub classes for way better extensibitily 2013-08-23 16:20:43 +10:00			`return authenticator`
Authenticate with Discourse via OAuth2 See https://github.com/michaelkirk/discourse_oauth2_example for an example of how you might integrate your existing oauth2 provider's authentication via a Discourse plugin. 2013-08-17 21:43:59 -07:00			`end`
			`end`
move all logic to omniauth implement omniauth-facebook / omniauth-twitter 2013-02-12 21:47:22 +08:00
major refactor of auth, break up the gigantic omniauth controller into sub classes for way better extensibitily 2013-08-23 16:20:43 +10:00			`Discourse.auth_providers.each do \|provider\|`
			`if provider.name == name`
move all logic to omniauth implement omniauth-facebook / omniauth-twitter 2013-02-12 21:47:22 +08:00
major refactor of auth, break up the gigantic omniauth controller into sub classes for way better extensibitily 2013-08-23 16:20:43 +10:00			`return provider.authenticator`
move all logic to omniauth implement omniauth-facebook / omniauth-twitter 2013-02-12 21:47:22 +08:00			`end`
			`end`
Add basic Persona functionality 1. No session integration yet, so automatic login/logout events are suppressed. 2. Popup blockers must be disabled: submits form to target="_blank" 2013-03-01 09:23:21 -06:00
major refactor of auth, break up the gigantic omniauth controller into sub classes for way better extensibitily 2013-08-23 16:20:43 +10:00			`raise Discourse::InvalidAccess.new("provider is not found")`
move all logic to omniauth implement omniauth-facebook / omniauth-twitter 2013-02-12 21:47:22 +08:00			`end`

major refactor of auth, break up the gigantic omniauth controller into sub classes for way better extensibitily 2013-08-23 16:20:43 +10:00			`protected`
Added Github authentication option, disabled by default with enable options in settings. 2013-02-26 04:28:32 +00:00
major refactor of auth, break up the gigantic omniauth controller into sub classes for way better extensibitily 2013-08-23 16:20:43 +10:00			`def user_found(user)`
			`# automatically activate any account if a provider marked the email valid`
			`if !user.active && @data.email_valid`
			`user.toggle(:active).save`
Fixed GitHub auth, GitHub can provide us with a valid email - so automatically log in for those cases 2013-08-02 12:03:53 +10:00			`end`

major refactor of auth, break up the gigantic omniauth controller into sub classes for way better extensibitily 2013-08-23 16:20:43 +10:00			`# log on any account that is active with forum access`
			`if Guardian.new(user).can_access_forum? && user.active`
			`log_on_user(user)`
recover from bad CSRF tokens without requiring a hard refresh of the browser 2013-08-27 15:56:12 +10:00			`# don't carry around old auth info, perhaps move elsewhere`
			`session[:authentication] = nil`
major refactor of auth, break up the gigantic omniauth controller into sub classes for way better extensibitily 2013-08-23 16:20:43 +10:00			`@data.authenticated = true`
Add basic Persona functionality 1. No session integration yet, so automatic login/logout events are suppressed. 2. Popup blockers must be disabled: submits form to target="_blank" 2013-03-01 09:23:21 -06:00			`else`
invite only forums had very wonky logic, invited users were not being activated, invite_only forums were still registering users 2013-08-28 17:18:31 +10:00			`if SiteSetting.must_approve_users? && !user.approved?`
major refactor of auth, break up the gigantic omniauth controller into sub classes for way better extensibitily 2013-08-23 16:20:43 +10:00			`@data.awaiting_approval = true`
remove duplicate code 2013-07-11 16:02:18 +10:00			`else`
major refactor of auth, break up the gigantic omniauth controller into sub classes for way better extensibitily 2013-08-23 16:20:43 +10:00			`@data.awaiting_activation = true`
remove duplicate code 2013-07-11 16:02:18 +10:00			`end`
			`end`
			`end`

move all logic to omniauth implement omniauth-facebook / omniauth-twitter 2013-02-12 21:47:22 +08:00			`end`
No results found.