app/controllers/user_sessions_controller.rb

   1 class UserSessionsController < ApplicationController
   2   before_filter :login_required, :only => [ :destroy ]
   3
   4   skip_before_filter :uncamelcase_params_hash_keys
   5   skip_before_filter :find_object_by_uuid
   6   skip_before_filter :authenticate_api_token
   7
   8   respond_to :html
   9
  10   # omniauth callback method
  11   def create
  12     omniauth = env['omniauth.auth']
  13     #logger.debug "+++ #{omniauth}"
  14
  15     identity_url_ok = (omniauth['info']['identity_url'].length > 0) rescue false
  16     unless identity_url_ok
  17       # Whoa. This should never happen.
  18
  19       @title = "UserSessionsController.create: omniauth object missing/invalid"
  20       @body = "omniauth.pretty_inspect():\n\n#{omniauth.pretty_inspect()}"
  21
  22       view_context.fatal_error(@title,@body)
  23       return redirect_to openid_login_error_url
  24     end
  25
  26     user = User.find_by_identity_url(omniauth['info']['identity_url'])
  27     if not user
  28       # New user registration
  29       user = User.create!(:email => omniauth['info']['email'],
  30                           :first_name => omniauth['info']['first_name'],
  31                           :last_name => omniauth['info']['last_name'],
  32                           :identity_url => omniauth['info']['identity_url'])
  33     else
  34       user.email = omniauth['info']['email']
  35       user.first_name = omniauth['info']['first_name']
  36       user.last_name = omniauth['info']['last_name']
  37       user.save
  38     end
  39
  40     omniauth.delete('extra')
  41
  42     session[:user_id] = user.id
  43
  44     @redirect_to = root_path
  45     if session.has_key?('redirect_to') then
  46       @redirect_to = session[:redirect_to]
  47       session.delete(:redirect_to)
  48     end
  49     redirect_to @redirect_to
  50   end
  51
  52   # Omniauth failure callback
  53   def failure
  54     flash[:notice] = params[:message]
  55   end
  56
  57   # logout - Clear our rack session BUT essentially redirect to the provider
  58   # to clean up the Devise session from there too !
  59   def logout
  60     session[:user_id] = nil
  61
  62     flash[:notice] = 'You have logged off'
  63     redirect_to "#{CUSTOM_PROVIDER_URL}/users/sign_out?redirect_uri=#{root_url}"
  64   end
  65
  66   # login - Just bounce to /auth/joshid. The only purpose of this function is
  67   # to save the redirect_to parameter (if it exists; see the application
  68   # controller). /auth/joshid bypasses the application controller.
  69   def login
  70     redirect_to "/auth/joshid"
  71   end
  72 end