2013-02-12 08:47:22 -05:00
|
|
|
# -*- encoding : utf-8 -*-
|
|
|
|
require_dependency 'email'
|
2013-03-04 13:44:41 -05:00
|
|
|
require_dependency 'enum'
|
2013-06-06 10:40:10 -04:00
|
|
|
require_dependency 'user_name_suggester'
|
2013-03-04 13:44:41 -05:00
|
|
|
|
2013-02-12 08:47:22 -05:00
|
|
|
class Users::OmniauthCallbacksController < ApplicationController
|
2013-08-23 02:20:43 -04:00
|
|
|
|
|
|
|
BUILTIN_AUTH = [
|
|
|
|
Auth::FacebookAuthenticator.new,
|
2014-05-21 18:19:40 -04:00
|
|
|
Auth::GoogleOAuth2Authenticator.new,
|
2013-08-25 21:04:16 -04:00
|
|
|
Auth::OpenIdAuthenticator.new("yahoo", "https://me.yahoo.com", trusted: true),
|
2013-08-23 02:20:43 -04:00
|
|
|
Auth::GithubAuthenticator.new,
|
2016-02-24 20:21:59 -05:00
|
|
|
Auth::TwitterAuthenticator.new,
|
|
|
|
Auth::InstagramAuthenticator.new
|
2013-08-23 02:20:43 -04:00
|
|
|
]
|
|
|
|
|
2017-08-31 00:06:56 -04:00
|
|
|
skip_before_action :redirect_to_login_if_required
|
2013-02-12 08:47:22 -05:00
|
|
|
|
2017-11-15 14:04:26 -05:00
|
|
|
layout 'no_ember'
|
2013-02-12 08:47:22 -05:00
|
|
|
|
2013-03-04 13:44:41 -05:00
|
|
|
def self.types
|
2016-02-24 20:21:59 -05:00
|
|
|
@types ||= Enum.new(:facebook, :instagram, :twitter, :google, :yahoo, :github, :persona, :cas)
|
2013-03-04 13:44:41 -05:00
|
|
|
end
|
|
|
|
|
2013-02-12 08:47:22 -05:00
|
|
|
# need to be able to call this
|
2017-08-31 00:06:56 -04:00
|
|
|
skip_before_action :check_xhr
|
2013-02-12 08:47:22 -05:00
|
|
|
|
2013-07-29 01:13:13 -04:00
|
|
|
# this is the only spot where we allow CSRF, our openid / oauth redirect
|
|
|
|
# will not have a CSRF token, however the payload is all validated so its safe
|
2017-08-31 00:06:56 -04:00
|
|
|
skip_before_action :verify_authenticity_token, only: :complete
|
2013-02-12 08:47:22 -05:00
|
|
|
|
|
|
|
def complete
|
2013-08-23 02:20:43 -04:00
|
|
|
auth = request.env["omniauth.auth"]
|
2017-05-04 15:35:03 -04:00
|
|
|
raise Discourse::NotFound unless request.env["omniauth.auth"]
|
|
|
|
|
2013-11-19 12:58:12 -05:00
|
|
|
auth[:session] = session
|
2013-08-01 01:59:57 -04:00
|
|
|
|
2013-08-23 02:20:43 -04:00
|
|
|
authenticator = self.class.find_authenticator(params[:provider])
|
2017-07-27 21:20:09 -04:00
|
|
|
provider = Discourse.auth_providers && Discourse.auth_providers.find { |p| p.name == params[:provider] }
|
2013-03-04 13:44:41 -05:00
|
|
|
|
2015-06-24 12:12:43 -04:00
|
|
|
@auth_result = authenticator.after_authenticate(auth)
|
2013-08-01 01:59:57 -04:00
|
|
|
|
2015-10-12 21:23:34 -04:00
|
|
|
origin = request.env['omniauth.origin']
|
2016-09-15 23:48:50 -04:00
|
|
|
if cookies[:destination_url].present?
|
|
|
|
origin = cookies[:destination_url]
|
|
|
|
cookies.delete(:destination_url)
|
|
|
|
end
|
|
|
|
|
2015-10-12 21:23:34 -04:00
|
|
|
if origin.present?
|
2016-09-15 23:48:50 -04:00
|
|
|
parsed = URI.parse(origin) rescue nil
|
2015-10-12 21:23:34 -04:00
|
|
|
if parsed
|
2016-09-15 23:48:50 -04:00
|
|
|
@origin = "#{parsed.path}?#{parsed.query}"
|
2015-10-12 21:23:34 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
unless @origin.present?
|
2017-05-25 14:04:28 -04:00
|
|
|
@origin = Discourse.base_uri("/")
|
2015-10-12 21:23:34 -04:00
|
|
|
end
|
|
|
|
|
2015-06-24 12:12:43 -04:00
|
|
|
if @auth_result.failed?
|
|
|
|
flash[:error] = @auth_result.failed_reason.html_safe
|
|
|
|
return render('failure')
|
|
|
|
else
|
|
|
|
@auth_result.authenticator_name = authenticator.name
|
|
|
|
complete_response_data
|
2015-10-12 23:49:09 -04:00
|
|
|
|
2016-08-28 21:12:24 -04:00
|
|
|
if (provider && provider.full_screen_login) || cookies['fsl']
|
2016-08-28 20:13:32 -04:00
|
|
|
cookies.delete('fsl')
|
2015-10-28 17:16:56 -04:00
|
|
|
cookies['_bypass_cache'] = true
|
2015-10-12 23:49:09 -04:00
|
|
|
flash[:authentication_data] = @auth_result.to_client_hash.to_json
|
|
|
|
redirect_to @origin
|
|
|
|
else
|
|
|
|
respond_to do |format|
|
|
|
|
format.html
|
|
|
|
format.json { render json: @auth_result.to_client_hash }
|
|
|
|
end
|
2015-06-24 12:12:43 -04:00
|
|
|
end
|
2013-03-01 14:22:54 -05:00
|
|
|
end
|
2013-02-12 08:47:22 -05:00
|
|
|
end
|
|
|
|
|
2013-02-14 14:11:13 -05:00
|
|
|
def failure
|
2015-01-06 00:28:29 -05:00
|
|
|
flash[:error] = I18n.t("login.omniauth_error")
|
2017-11-15 14:04:26 -05:00
|
|
|
render 'failure'
|
2013-02-14 14:11:13 -05:00
|
|
|
end
|
|
|
|
|
2013-08-23 02:20:43 -04:00
|
|
|
def self.find_authenticator(name)
|
|
|
|
BUILTIN_AUTH.each do |authenticator|
|
|
|
|
if authenticator.name == name
|
|
|
|
raise Discourse::InvalidAccess.new("provider is not enabled") unless SiteSetting.send("enable_#{name}_logins?")
|
|
|
|
return authenticator
|
2013-08-18 00:43:59 -04:00
|
|
|
end
|
|
|
|
end
|
2013-02-12 08:47:22 -05:00
|
|
|
|
2013-08-23 02:20:43 -04:00
|
|
|
Discourse.auth_providers.each do |provider|
|
2013-11-01 18:57:50 -04:00
|
|
|
return provider.authenticator if provider.name == name
|
2013-02-12 08:47:22 -05:00
|
|
|
end
|
2013-03-01 10:23:21 -05:00
|
|
|
|
2013-08-23 02:20:43 -04:00
|
|
|
raise Discourse::InvalidAccess.new("provider is not found")
|
2013-02-12 08:47:22 -05:00
|
|
|
end
|
|
|
|
|
2013-08-23 02:20:43 -04:00
|
|
|
protected
|
2013-02-25 23:28:32 -05:00
|
|
|
|
2014-09-30 12:24:22 -04:00
|
|
|
def complete_response_data
|
2015-06-24 12:12:43 -04:00
|
|
|
if @auth_result.user
|
|
|
|
user_found(@auth_result.user)
|
2014-09-30 12:24:22 -04:00
|
|
|
elsif SiteSetting.invite_only?
|
2015-06-24 12:12:43 -04:00
|
|
|
@auth_result.requires_invite = true
|
2014-09-30 12:24:22 -04:00
|
|
|
else
|
2015-06-24 12:12:43 -04:00
|
|
|
session[:authentication] = @auth_result.session_data
|
2014-09-30 12:24:22 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2013-08-23 02:20:43 -04:00
|
|
|
def user_found(user)
|
2016-04-04 13:04:10 -04:00
|
|
|
# automatically activate/unstage any account if a provider marked the email valid
|
2017-02-28 22:58:24 -05:00
|
|
|
if @auth_result.email_valid && @auth_result.email == user.email
|
2017-04-12 14:29:32 -04:00
|
|
|
user.update!(staged: false)
|
2017-06-07 19:05:33 -04:00
|
|
|
# ensure there is an active email token
|
2017-09-13 08:04:01 -04:00
|
|
|
user.email_tokens.create(email: user.email) unless EmailToken.where(email: user.email, confirmed: true).present? || user.email_tokens.active.where(email: user.email).exists?
|
2017-04-12 14:29:32 -04:00
|
|
|
user.activate
|
2017-12-12 07:08:57 -05:00
|
|
|
user.update!(registration_ip_address: request.remote_ip) if user.registration_ip_address.blank?
|
2013-08-01 22:03:53 -04:00
|
|
|
end
|
|
|
|
|
2015-03-02 12:13:10 -05:00
|
|
|
if ScreenedIpAddress.should_block?(request.remote_ip)
|
2015-06-24 12:12:43 -04:00
|
|
|
@auth_result.not_allowed_from_ip_address = true
|
2015-03-02 12:13:10 -05:00
|
|
|
elsif ScreenedIpAddress.block_admin_login?(user, request.remote_ip)
|
2015-06-24 12:12:43 -04:00
|
|
|
@auth_result.admin_not_allowed_from_ip_address = true
|
2014-09-04 18:50:27 -04:00
|
|
|
elsif Guardian.new(user).can_access_forum? && user.active # log on any account that is active with forum access
|
2013-08-23 02:20:43 -04:00
|
|
|
log_on_user(user)
|
2014-01-21 16:53:46 -05:00
|
|
|
Invite.invalidate_for_email(user.email) # invite link can't be used to log in anymore
|
|
|
|
session[:authentication] = nil # don't carry around old auth info, perhaps move elsewhere
|
2015-06-24 12:12:43 -04:00
|
|
|
@auth_result.authenticated = true
|
2013-03-01 10:23:21 -05:00
|
|
|
else
|
2013-08-28 03:18:31 -04:00
|
|
|
if SiteSetting.must_approve_users? && !user.approved?
|
2015-06-24 12:12:43 -04:00
|
|
|
@auth_result.awaiting_approval = true
|
2013-07-11 02:02:18 -04:00
|
|
|
else
|
2015-06-24 12:12:43 -04:00
|
|
|
@auth_result.awaiting_activation = true
|
2013-07-11 02:02:18 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2013-02-12 08:47:22 -05:00
|
|
|
end
|