discourse/lib/auth/open_id_authenticator.rb
David Taylor eda1462b3b
FEATURE: List, revoke and reconnect associated accounts. Phase 1 (#6099)
Listing connections is supported for all built-in auth providers. Revoke and reconnect is currently only implemented for Facebook.
2018-07-23 16:51:57 +01:00

73 lines
1.9 KiB
Ruby

class Auth::OpenIdAuthenticator < Auth::Authenticator
attr_reader :name, :identifier
def initialize(name, identifier, enabled_site_setting, opts = {})
@name = name
@identifier = identifier
@enabled_site_setting = enabled_site_setting
@opts = opts
end
def enabled?
SiteSetting.send(@enabled_site_setting)
end
def description_for_user(user)
info = UserOpenId.find_by(user_id: user.id)
info&.email || ""
end
def after_authenticate(auth_token)
result = Auth::Result.new
data = auth_token[:info]
identity_url = auth_token[:extra][:response].identity_url
result.email = email = data[:email]
raise Discourse::InvalidParameters.new(:email) if email.blank?
# If the auth supplies a name / username, use those. Otherwise start with email.
result.name = data[:name] || data[:email]
result.username = data[:nickname] || data[:email]
user_open_id = UserOpenId.find_by_url(identity_url)
if !user_open_id && @opts[:trusted] && user = User.find_by_email(email)
user_open_id = UserOpenId.create(url: identity_url , user_id: user.id, email: email, active: true)
end
result.user = user_open_id.try(:user)
result.extra_data = {
openid_url: identity_url,
# note email may change by the time after_create_account runs
email: email
}
result.email_valid = @opts[:trusted]
result
end
def after_create_account(user, auth)
data = auth[:extra_data]
UserOpenId.create(
user_id: user.id,
url: data[:openid_url],
email: data[:email],
active: true
)
end
def register_middleware(omniauth)
omniauth.provider :open_id,
setup: lambda { |env|
strategy = env["omniauth.strategy"]
strategy.options[:store] = OpenID::Store::Redis.new($redis)
},
name: name,
identifier: identifier,
require: "omniauth-openid"
end
end