11557: Merge branch 'master' into 11557-acr-output-col-perms

[arvados.git] / services / api / app / controllers / user_sessions_controller.rb

diff --git a/services/api/app/controllers/user_sessions_controller.rb b/services/api/app/controllers/user_sessions_controller.rb
index 3e79915f3cb4fff1438702aa4b70bdd3ca97511c..c5507045c42e222ba3bd09ae08b41d45bccd52b8 100644 (file)
--- a/services/api/app/controllers/user_sessions_controller.rb
+++ b/services/api/app/controllers/user_sessions_controller.rb
@@ -1,6 +1,7 @@
 class UserSessionsController < ApplicationController
   before_filter :require_auth_scope, :only => [ :destroy ]
 
+  skip_before_filter :set_cors_headers
   skip_before_filter :find_object_by_uuid
   skip_before_filter :render_404_if_no_object
 
@@ -14,7 +15,7 @@ class UserSessionsController < ApplicationController
     unless identity_url_ok
       # Whoa. This should never happen.
       logger.error "UserSessionsController.create: omniauth object missing/invalid"
-      logger.error "omniauth.pretty_inspect():\n\n#{omniauth.pretty_inspect()}"
+      logger.error "omniauth: "+omniauth.pretty_inspect
 
       return redirect_to login_failure_url
     end
@@ -44,6 +45,9 @@ class UserSessionsController < ApplicationController
                       :identity_url => omniauth['info']['identity_url'],
                       :is_active => Rails.configuration.new_users_are_active,
                       :owner_uuid => system_user_uuid)
+      if omniauth['info']['username']
+        user.set_initial_username(requested: omniauth['info']['username'])
+      end
       act_as_system_user do
         user.save or raise Exception.new(user.errors.messages)
       end
@@ -92,13 +96,15 @@ class UserSessionsController < ApplicationController
 
     flash[:notice] = 'You have logged off'
     return_to = params[:return_to] || root_url
-    redirect_to "#{CUSTOM_PROVIDER_URL}/users/sign_out?redirect_uri=#{CGI.escape return_to}"
+    redirect_to "#{Rails.configuration.sso_provider_url}/users/sign_out?redirect_uri=#{CGI.escape return_to}"
   end
 
   # login - Just bounce to /auth/joshid. The only purpose of this function is
   # to save the return_to parameter (if it exists; see the application
   # controller). /auth/joshid bypasses the application controller.
   def login
+    auth_provider = if params[:auth_provider] then "auth_provider=#{CGI.escape(params[:auth_provider])}" else "" end
+
     if current_user and params[:return_to]
       # Already logged in; just need to send a token to the requesting
       # API client.
@@ -108,9 +114,9 @@ class UserSessionsController < ApplicationController
 
       send_api_token_to(params[:return_to], current_user)
     elsif params[:return_to]
-      redirect_to "/auth/joshid?return_to=#{CGI.escape(params[:return_to])}"
+      redirect_to "/auth/joshid?return_to=#{CGI.escape(params[:return_to])}&#{auth_provider}"
     else
-      redirect_to "/auth/joshid"
+      redirect_to "/auth/joshid?#{auth_provider}"
     end
   end
 
@@ -121,7 +127,8 @@ class UserSessionsController < ApplicationController
     # Stub: automatically register all new API clients
     api_client_url_prefix = callback_url.match(%r{^.*?://[^/]+})[0] + '/'
     act_as_system_user do
-      @api_client = ApiClient.find_or_create_by_url_prefix api_client_url_prefix
+      @api_client = ApiClient.
+        find_or_create_by(url_prefix: api_client_url_prefix)
     end
 
     api_client_auth = ApiClientAuthorization.
@@ -139,4 +146,8 @@ class UserSessionsController < ApplicationController
     callback_url += 'api_token=' + api_client_auth.api_token
     redirect_to callback_url
   end
+
+  def cross_origin_forbidden
+    send_error 'Forbidden', status: 403
+  end
 end