discourse/lib/auth/oauth2_authenticator.rb

# frozen_string_literal: true

class Auth::OAuth2Authenticator < Auth::Authenticator

  def name
    @name
  end

  # only option at the moment is :trusted
  def initialize(name, opts = {})
    Discourse.deprecate("OAuth2Authenticator is deprecated. Use `ManagedAuthenticator` and `UserAssociatedAccount` instead. For more information, see https://meta.discourse.org/t/106695", drop_from: '2.9.0', output_in_test: true)
    @name = name
    @opts = opts
  end

  def after_authenticate(auth_token)

    result = Auth::Result.new

    oauth2_provider = auth_token[:provider]
    oauth2_uid = auth_token[:uid]
    data = auth_token[:info]
    result.email = email = data[:email]
    result.name = name = data[:name]

    oauth2_user_info = Oauth2UserInfo.find_by(uid: oauth2_uid, provider: oauth2_provider)

    if !oauth2_user_info && @opts[:trusted] && user = User.find_by_email(email)
      oauth2_user_info = Oauth2UserInfo.create(uid: oauth2_uid,
                                               provider: oauth2_provider,
                                               name: name,
                                               email: email,
                                               user: user)
    end

    result.user = oauth2_user_info.try(:user)
    result.email_valid = @opts[:trusted]

    result.extra_data = {
      uid: oauth2_uid,
      provider: oauth2_provider
    }

    result
  end

  def after_create_account(user, auth)
    data = auth[:extra_data]
    association = Oauth2UserInfo.find_or_initialize_by(provider: data[:provider], uid: data[:uid])
    association.user = user
    association.email = auth[:email]
    association.save!
  end

  def description_for_user(user)
    info = Oauth2UserInfo.find_by(user_id: user.id, provider: @name)
    info&.email || info&.name || info&.uid || ""
  end
end
DEV: enable frozen string literal on all files This reduces chances of errors where consumers of strings mutate inputs and reduces memory usage of the app. Test suite passes now, but there may be some stuff left, so we will run a few sites on a branch prior to merging 2019-05-02 18:17:27 -04:00			`# frozen_string_literal: true`

major refactor of auth, break up the gigantic omniauth controller into sub classes for way better extensibitily 2013-08-23 02:20:43 -04:00			`class Auth::OAuth2Authenticator < Auth::Authenticator`

			`def name`
			`@name`
			`end`

			`# only option at the moment is :trusted`
			`def initialize(name, opts = {})`
DEV: Deprecate OAuth2Authenticator and OAuth2UserInfo (#15427) These have been superseded by ManagedAuthenticator and UserAssociatedAccount. For more information, see https://meta.discourse.org/t/106695 2022-01-06 11:50:18 -05:00			Discourse.deprecate("OAuth2Authenticator is deprecated. Use `ManagedAuthenticator` and `UserAssociatedAccount` instead. For more information, see https://meta.discourse.org/t/106695", drop_from: '2.9.0', output_in_test: true)
major refactor of auth, break up the gigantic omniauth controller into sub classes for way better extensibitily 2013-08-23 02:20:43 -04:00			`@name = name`
			`@opts = opts`
			`end`

			`def after_authenticate(auth_token)`

			`result = Auth::Result.new`

			`oauth2_provider = auth_token[:provider]`
			`oauth2_uid = auth_token[:uid]`
			`data = auth_token[:info]`
			`result.email = email = data[:email]`
			`result.name = name = data[:name]`

Perform the where(...).first to find_by(...) refactoring. This refactoring was automated using the command: bundle exec "ruby refactorings/where_dot_first_to_find_by/app.rb" 2014-05-06 09:41:59 -04:00			`oauth2_user_info = Oauth2UserInfo.find_by(uid: oauth2_uid, provider: oauth2_provider)`
major refactor of auth, break up the gigantic omniauth controller into sub classes for way better extensibitily 2013-08-23 02:20:43 -04:00
			`if !oauth2_user_info && @opts[:trusted] && user = User.find_by_email(email)`
			`oauth2_user_info = Oauth2UserInfo.create(uid: oauth2_uid,`
			`provider: oauth2_provider,`
			`name: name,`
			`email: email,`
			`user: user)`
			`end`

			`result.user = oauth2_user_info.try(:user)`
			`result.email_valid = @opts[:trusted]`

			`result.extra_data = {`
			`uid: oauth2_uid,`
			`provider: oauth2_provider`
			`}`

			`result`
			`end`

			`def after_create_account(user, auth)`
			`data = auth[:extra_data]`
FIX: Allow OAuth2Authenticator to handle existing associations (#15259) OAuth2Authenticator is considered deprecated, and isn't used in core. However, some plugins still depend on it, and this was breaking the signup of previously-staged users. There is no easy way to make an end-end test of this in core, but I will be adding an integration test in the SAML plugin. 2021-12-10 14:53:14 -05:00			`association = Oauth2UserInfo.find_or_initialize_by(provider: data[:provider], uid: data[:uid])`
			`association.user = user`
			`association.email = auth[:email]`
			`association.save!`
major refactor of auth, break up the gigantic omniauth controller into sub classes for way better extensibitily 2013-08-23 02:20:43 -04:00			`end`

FEATURE: List, revoke and reconnect associated accounts. Phase 1 (#6099) Listing connections is supported for all built-in auth providers. Revoke and reconnect is currently only implemented for Facebook. 2018-07-23 11:51:57 -04:00			`def description_for_user(user)`
			`info = Oauth2UserInfo.find_by(user_id: user.id, provider: @name)`
			`info&.email \|\| info&.name \|\| info&.uid \|\| ""`
			`end`
major refactor of auth, break up the gigantic omniauth controller into sub classes for way better extensibitily 2013-08-23 02:20:43 -04:00			`end`