discourse/lib/auth/open_id_authenticator.rb

class Auth::OpenIdAuthenticator < Auth::Authenticator

  attr_reader :name, :identifier

  def initialize(name, identifier, opts = {})
    @name = name
    @identifier = identifier
    @opts = opts
  end

  def after_authenticate(auth_token)
    result = Auth::Result.new

    data = auth_token[:info]
    identity_url = auth_token[:extra][:response].identity_url
    result.email = email = data[:email]

    raise Discourse::InvalidParameters.new(:email) if email.blank?

    # If the auth supplies a name / username, use those. Otherwise start with email.
    result.name = data[:name] || data[:email]
    result.username = data[:nickname] || data[:email]

    user_open_id = UserOpenId.find_by_url(identity_url)

    if !user_open_id && @opts[:trusted] && user = User.find_by_email(email)
      user_open_id = UserOpenId.create(url: identity_url , user_id: user.id, email: email, active: true)
    end

    result.user = user_open_id.try(:user)
    result.extra_data = {
      openid_url: identity_url,
      # note email may change by the time after_create_account runs
      email: email
    }

    result.email_valid = @opts[:trusted]

    result
  end

  def after_create_account(user, auth)
    data = auth[:extra_data]
    UserOpenId.create(
      user_id: user.id,
      url: data[:openid_url],
      email: data[:email],
      active: true
    )
  end

  def register_middleware(omniauth)
    omniauth.provider :open_id,
           setup: lambda { |env|
             strategy = env["omniauth.strategy"]
              strategy.options[:store] = OpenID::Store::Redis.new($redis)
           },
           name: name,
           identifier: identifier,
           require: "omniauth-openid"
  end
end
major refactor of auth, break up the gigantic omniauth controller into sub classes for way better extensibitily 2013-08-23 02:20:43 -04:00			`class Auth::OpenIdAuthenticator < Auth::Authenticator`

Fixed all broken specs Moved middleware config into authenticators 2013-08-25 21:04:16 -04:00			`attr_reader :name, :identifier`

			`def initialize(name, identifier, opts = {})`
major refactor of auth, break up the gigantic omniauth controller into sub classes for way better extensibitily 2013-08-23 02:20:43 -04:00			`@name = name`
Fixed all broken specs Moved middleware config into authenticators 2013-08-25 21:04:16 -04:00			`@identifier = identifier`
major refactor of auth, break up the gigantic omniauth controller into sub classes for way better extensibitily 2013-08-23 02:20:43 -04:00			`@opts = opts`
			`end`

			`def after_authenticate(auth_token)`
			`result = Auth::Result.new`

			`data = auth_token[:info]`
BUGFIX: identity_url was not fished out correctly If I user logged in with Google and then changed email, they would no longer be able to log in with google 2014-03-25 23:52:50 -04:00			`identity_url = auth_token[:extra][:response].identity_url`
major refactor of auth, break up the gigantic omniauth controller into sub classes for way better extensibitily 2013-08-23 02:20:43 -04:00			`result.email = email = data[:email]`

FEATURE: raise an exception when the email is missing in the OpenId callback 2014-08-07 13:28:50 -04:00			`raise Discourse::InvalidParameters.new(:email) if email.blank?`

major refactor of auth, break up the gigantic omniauth controller into sub classes for way better extensibitily 2013-08-23 02:20:43 -04:00			`# If the auth supplies a name / username, use those. Otherwise start with email.`
BUGFIX: identity_url was not fished out correctly If I user logged in with Google and then changed email, they would no longer be able to log in with google 2014-03-25 23:52:50 -04:00			`result.name = data[:name] \|\| data[:email]`
			`result.username = data[:nickname] \|\| data[:email]`
major refactor of auth, break up the gigantic omniauth controller into sub classes for way better extensibitily 2013-08-23 02:20:43 -04:00
			`user_open_id = UserOpenId.find_by_url(identity_url)`

			`if !user_open_id && @opts[:trusted] && user = User.find_by_email(email)`
			`user_open_id = UserOpenId.create(url: identity_url , user_id: user.id, email: email, active: true)`
			`end`

			`result.user = user_open_id.try(:user)`
			`result.extra_data = {`
fix open id so it creates records properly 2013-08-23 03:00:01 -04:00			`openid_url: identity_url,`
			`# note email may change by the time after_create_account runs`
			`email: email`
major refactor of auth, break up the gigantic omniauth controller into sub classes for way better extensibitily 2013-08-23 02:20:43 -04:00			`}`
BUGFIX: identity_url was not fished out correctly If I user logged in with Google and then changed email, they would no longer be able to log in with google 2014-03-25 23:52:50 -04:00
major refactor of auth, break up the gigantic omniauth controller into sub classes for way better extensibitily 2013-08-23 02:20:43 -04:00			`result.email_valid = @opts[:trusted]`

			`result`
			`end`
fix open id so it creates records properly 2013-08-23 03:00:01 -04:00
			`def after_create_account(user, auth)`
			`data = auth[:extra_data]`
			`UserOpenId.create(`
			`user_id: user.id,`
			`url: data[:openid_url],`
			`email: data[:email],`
			`active: true`
			`)`
			`end`
Fixed all broken specs Moved middleware config into authenticators 2013-08-25 21:04:16 -04:00
			`def register_middleware(omniauth)`
			`omniauth.provider :open_id,`
Add rubocop to our build. (#5004) 2017-07-27 21:20:09 -04:00			`setup: lambda { \|env\|`
			`strategy = env["omniauth.strategy"]`
BUGFIX: When running under a forking server (apache or unicorn) openid strategy was caching a redis connection from the parent, this made "login with google" only work some of the time. 2013-08-27 00:44:06 -04:00			`strategy.options[:store] = OpenID::Store::Redis.new($redis)`
			`},`
Add rubocop to our build. (#5004) 2017-07-27 21:20:09 -04:00			`name: name,`
			`identifier: identifier,`
			`require: "omniauth-openid"`
Fixed all broken specs Moved middleware config into authenticators 2013-08-25 21:04:16 -04:00			`end`
major refactor of auth, break up the gigantic omniauth controller into sub classes for way better extensibitily 2013-08-23 02:20:43 -04:00			`end`