before_filter :require_auth_scope_all, :only => [ :destroy ]
skip_before_filter :find_object_by_uuid
+ skip_before_filter :render_404_if_no_object
respond_to :html
end
user = User.find_by_identity_url(omniauth['info']['identity_url'])
+ if not user
+ # Check for permission to log in to an existing User record with
+ # a different identity_url
+ Link.where(link_class: 'permission',
+ name: 'can_login',
+ tail_kind: 'email',
+ tail_uuid: omniauth['info']['email'],
+ head_kind: 'arvados#user').each do |link|
+ if prefix = link.properties['identity_url_prefix']
+ if prefix == omniauth['info']['identity_url'][0..prefix.size-1]
+ user = User.find_by_uuid(link.head_uuid)
+ break if user
+ end
+ end
+ end
+ end
if not user
# New user registration
user = User.new(:email => omniauth['info']['email'],
user.email = omniauth['info']['email']
user.first_name = omniauth['info']['first_name']
user.last_name = omniauth['info']['last_name']
+ if user.identity_url.nil?
+ # First login to a pre-activated account
+ user.identity_url = omniauth['info']['identity_url']
+ end
end
# prevent ArvadosModel#before_create and _update from throwing
# Stub: automatically register all new API clients
api_client_url_prefix = callback_url.match(%r{^.*?://[^/]+})[0] + '/'
- api_client = ApiClient.find_or_create_by_url_prefix(api_client_url_prefix)
+ act_as_system_user do
+ @api_client = ApiClient.find_or_create_by_url_prefix api_client_url_prefix
+ end
api_client_auth = ApiClientAuthorization.
new(user: user,
- api_client: api_client,
- created_by_ip_address: remote_ip)
+ api_client: @api_client,
+ created_by_ip_address: remote_ip,
+ scopes: ["all"])
api_client_auth.save!
if callback_url.index('?')
- callback_url << '&'
+ callback_url += '&'
else
- callback_url << '?'
+ callback_url += '?'
end
- callback_url << 'api_token=' << api_client_auth.api_token
+ callback_url += 'api_token=' + api_client_auth.api_token
redirect_to callback_url
end
end
projects / arvados.git / blobdiff