2013-02-12 21:47:22 +08:00
|
|
|
# -*- encoding : utf-8 -*-
|
|
|
|
require_dependency 'email'
|
2013-03-05 02:44:41 +08:00
|
|
|
require_dependency 'enum'
|
2013-06-06 22:40:10 +08:00
|
|
|
require_dependency 'user_name_suggester'
|
2013-03-05 02:44:41 +08:00
|
|
|
|
2013-02-12 21:47:22 +08:00
|
|
|
class Users::OmniauthCallbacksController < ApplicationController
|
2013-08-23 14:20:43 +08:00
|
|
|
|
|
|
|
BUILTIN_AUTH = [
|
|
|
|
Auth::FacebookAuthenticator.new,
|
2013-08-26 09:04:16 +08:00
|
|
|
Auth::OpenIdAuthenticator.new("google", "https://www.google.com/accounts/o8/id", trusted: true),
|
|
|
|
Auth::OpenIdAuthenticator.new("yahoo", "https://me.yahoo.com", trusted: true),
|
2013-08-23 14:20:43 +08:00
|
|
|
Auth::GithubAuthenticator.new,
|
|
|
|
Auth::TwitterAuthenticator.new,
|
2013-08-28 20:32:51 +08:00
|
|
|
Auth::PersonaAuthenticator.new,
|
|
|
|
Auth::CasAuthenticator.new
|
2013-08-23 14:20:43 +08:00
|
|
|
]
|
|
|
|
|
2013-06-05 08:30:51 +08:00
|
|
|
skip_before_filter :redirect_to_login_if_required
|
2013-02-12 21:47:22 +08:00
|
|
|
|
|
|
|
layout false
|
|
|
|
|
2013-03-05 02:44:41 +08:00
|
|
|
def self.types
|
2013-05-24 04:40:50 +08:00
|
|
|
@types ||= Enum.new(:facebook, :twitter, :google, :yahoo, :github, :persona, :cas)
|
2013-03-05 02:44:41 +08:00
|
|
|
end
|
|
|
|
|
2013-02-12 21:47:22 +08:00
|
|
|
# need to be able to call this
|
|
|
|
skip_before_filter :check_xhr
|
|
|
|
|
2013-07-29 13:13:13 +08:00
|
|
|
# this is the only spot where we allow CSRF, our openid / oauth redirect
|
|
|
|
# will not have a CSRF token, however the payload is all validated so its safe
|
2013-03-23 23:02:59 +08:00
|
|
|
skip_before_filter :verify_authenticity_token, only: :complete
|
2013-02-12 21:47:22 +08:00
|
|
|
|
|
|
|
def complete
|
2013-08-23 14:20:43 +08:00
|
|
|
auth = request.env["omniauth.auth"]
|
2013-11-20 01:58:12 +08:00
|
|
|
auth[:session] = session
|
2013-08-01 13:59:57 +08:00
|
|
|
|
2013-08-23 14:20:43 +08:00
|
|
|
authenticator = self.class.find_authenticator(params[:provider])
|
2013-03-05 02:44:41 +08:00
|
|
|
|
2013-08-23 14:20:43 +08:00
|
|
|
@data = authenticator.after_authenticate(auth)
|
|
|
|
@data.authenticator_name = authenticator.name
|
2013-08-01 13:59:57 +08:00
|
|
|
|
2013-08-28 15:18:31 +08:00
|
|
|
if @data.user
|
|
|
|
user_found(@data.user)
|
|
|
|
elsif SiteSetting.invite_only?
|
|
|
|
@data.requires_invite = true
|
|
|
|
else
|
|
|
|
session[:authentication] = @data.session_data
|
|
|
|
end
|
2013-06-06 02:11:02 +08:00
|
|
|
|
2013-03-02 03:22:54 +08:00
|
|
|
respond_to do |format|
|
|
|
|
format.html
|
2013-09-24 00:46:25 +08:00
|
|
|
format.json { render json: @data.to_client_hash }
|
2013-03-02 03:22:54 +08:00
|
|
|
end
|
2013-02-12 21:47:22 +08:00
|
|
|
end
|
|
|
|
|
2013-02-15 03:11:13 +08:00
|
|
|
def failure
|
|
|
|
flash[:error] = I18n.t("login.omniauth_error", strategy: params[:strategy].titleize)
|
2013-03-23 02:08:11 +08:00
|
|
|
render layout: 'no_js'
|
2013-02-15 03:11:13 +08:00
|
|
|
end
|
|
|
|
|
2013-08-18 12:43:59 +08:00
|
|
|
|
2013-08-23 14:20:43 +08:00
|
|
|
def self.find_authenticator(name)
|
|
|
|
BUILTIN_AUTH.each do |authenticator|
|
|
|
|
if authenticator.name == name
|
|
|
|
raise Discourse::InvalidAccess.new("provider is not enabled") unless SiteSetting.send("enable_#{name}_logins?")
|
|
|
|
return authenticator
|
2013-08-18 12:43:59 +08:00
|
|
|
end
|
|
|
|
end
|
2013-02-12 21:47:22 +08:00
|
|
|
|
2013-08-23 14:20:43 +08:00
|
|
|
Discourse.auth_providers.each do |provider|
|
2013-11-02 06:57:50 +08:00
|
|
|
return provider.authenticator if provider.name == name
|
2013-02-12 21:47:22 +08:00
|
|
|
end
|
2013-03-01 23:23:21 +08:00
|
|
|
|
2013-08-23 14:20:43 +08:00
|
|
|
raise Discourse::InvalidAccess.new("provider is not found")
|
2013-02-12 21:47:22 +08:00
|
|
|
end
|
|
|
|
|
2013-08-23 14:20:43 +08:00
|
|
|
protected
|
2013-02-26 12:28:32 +08:00
|
|
|
|
2013-08-23 14:20:43 +08:00
|
|
|
def user_found(user)
|
|
|
|
# automatically activate any account if a provider marked the email valid
|
|
|
|
if !user.active && @data.email_valid
|
|
|
|
user.toggle(:active).save
|
2013-08-02 10:03:53 +08:00
|
|
|
end
|
|
|
|
|
2013-08-23 14:20:43 +08:00
|
|
|
# log on any account that is active with forum access
|
|
|
|
if Guardian.new(user).can_access_forum? && user.active
|
|
|
|
log_on_user(user)
|
2014-01-22 05:53:46 +08:00
|
|
|
Invite.invalidate_for_email(user.email) # invite link can't be used to log in anymore
|
|
|
|
session[:authentication] = nil # don't carry around old auth info, perhaps move elsewhere
|
2013-08-23 14:20:43 +08:00
|
|
|
@data.authenticated = true
|
2013-03-01 23:23:21 +08:00
|
|
|
else
|
2013-08-28 15:18:31 +08:00
|
|
|
if SiteSetting.must_approve_users? && !user.approved?
|
2013-08-23 14:20:43 +08:00
|
|
|
@data.awaiting_approval = true
|
2013-07-11 14:02:18 +08:00
|
|
|
else
|
2013-08-23 14:20:43 +08:00
|
|
|
@data.awaiting_activation = true
|
2013-07-11 14:02:18 +08:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2013-02-12 21:47:22 +08:00
|
|
|
end
|