projects
/
arvados.git
/ blobdiff
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Merge branch '8016-crunchrun-crunchstat'
[arvados.git]
/
services
/
api
/
app
/
controllers
/
user_sessions_controller.rb
diff --git
a/services/api/app/controllers/user_sessions_controller.rb
b/services/api/app/controllers/user_sessions_controller.rb
index 30ef63fd8f6e64815dce0c4b89d8c1f2153b6e26..795b114bf91930447fd777686015ef97ce001a49 100644
(file)
--- a/
services/api/app/controllers/user_sessions_controller.rb
+++ b/
services/api/app/controllers/user_sessions_controller.rb
@@
-1,6
+1,7
@@
class UserSessionsController < ApplicationController
before_filter :require_auth_scope, :only => [ :destroy ]
class UserSessionsController < ApplicationController
before_filter :require_auth_scope, :only => [ :destroy ]
+ skip_before_filter :set_cors_headers
skip_before_filter :find_object_by_uuid
skip_before_filter :render_404_if_no_object
skip_before_filter :find_object_by_uuid
skip_before_filter :render_404_if_no_object
@@
-14,7
+15,7
@@
class UserSessionsController < ApplicationController
unless identity_url_ok
# Whoa. This should never happen.
logger.error "UserSessionsController.create: omniauth object missing/invalid"
unless identity_url_ok
# Whoa. This should never happen.
logger.error "UserSessionsController.create: omniauth object missing/invalid"
- logger.error "omniauth
.pretty_inspect():\n\n#{omniauth.pretty_inspect()}"
+ logger.error "omniauth
: "+omniauth.pretty_inspect
return redirect_to login_failure_url
end
return redirect_to login_failure_url
end
@@
-92,7
+93,7
@@
class UserSessionsController < ApplicationController
flash[:notice] = 'You have logged off'
return_to = params[:return_to] || root_url
flash[:notice] = 'You have logged off'
return_to = params[:return_to] || root_url
- redirect_to "#{
CUSTOM_PROVIDER_URL
}/users/sign_out?redirect_uri=#{CGI.escape return_to}"
+ redirect_to "#{
Rails.configuration.sso_provider_url
}/users/sign_out?redirect_uri=#{CGI.escape return_to}"
end
# login - Just bounce to /auth/joshid. The only purpose of this function is
end
# login - Just bounce to /auth/joshid. The only purpose of this function is
@@
-141,4
+142,8
@@
class UserSessionsController < ApplicationController
callback_url += 'api_token=' + api_client_auth.api_token
redirect_to callback_url
end
callback_url += 'api_token=' + api_client_auth.api_token
redirect_to callback_url
end
+
+ def cross_origin_forbidden
+ send_error 'Forbidden', status: 403
+ end
end
end