user = User.find_by_identity_url(omniauth['info']['identity_url'])
if not user
# New user registration
- user = User.create!(:email => omniauth['info']['email'],
- :first_name => omniauth['info']['first_name'],
- :last_name => omniauth['info']['last_name'],
- :identity_url => omniauth['info']['identity_url'])
+ user = User.new(:email => omniauth['info']['email'],
+ :first_name => omniauth['info']['first_name'],
+ :last_name => omniauth['info']['last_name'],
+ :identity_url => omniauth['info']['identity_url'])
else
user.email = omniauth['info']['email']
user.first_name = omniauth['info']['first_name']
user.last_name = omniauth['info']['last_name']
- user.save
end
+ # prevent OrvosModel#before_create and _update from throwing
+ # "unauthorized":
+ Thread.current[:user] = user
+
+ user.save!
+
omniauth.delete('extra')
# Give the authenticated user a cookie for direct API access
session[:api_client_trusted] = true # full permission to see user's secrets
@redirect_to = root_path
- if session.has_key? :return_to
- return send_api_token_to(session.delete(:return_to), user)
+ if params.has_key?(:return_to)
+ return send_api_token_to(params[:return_to], user)
end
redirect_to @redirect_to
end
session[:user_id] = nil
flash[:notice] = 'You have logged off'
- redirect_to "#{CUSTOM_PROVIDER_URL}/users/sign_out?redirect_uri=#{root_url}"
+ return_to = params[:return_to] || root_url
+ redirect_to "#{CUSTOM_PROVIDER_URL}/users/sign_out?redirect_uri=#{CGI.escape return_to}"
end
# login - Just bounce to /auth/joshid. The only purpose of this function is
- # to save the redirect_to parameter (if it exists; see the application
+ # to save the return_to parameter (if it exists; see the application
# controller). /auth/joshid bypasses the application controller.
def login
if current_user and params[:return_to]
# ask for confirmation here!
send_api_token_to(params[:return_to], current_user)
+ elsif params[:return_to]
+ redirect_to "/auth/joshid?return_to=#{CGI.escape(params[:return_to])}"
else
- # TODO: make joshid propagate return_to as a GET parameter, and
- # use that GET parameter instead of session[] when redirecting
- # in create(). Using session[] is inappropriate: completing a
- # login in browser window A can cause a token to be sent to a
- # different API client who has requested a token in window B.
-
- session[:return_to] = params[:return_to]
redirect_to "/auth/joshid"
end
end