X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/14baeb15c9a703a7c7b5c36b2ddcbf44c35c4c7a..a6c0e01403377311a12f6d9ae587d92dbc00e1fd:/services/api/app/controllers/user_sessions_controller.rb

diff --git a/services/api/app/controllers/user_sessions_controller.rb b/services/api/app/controllers/user_sessions_controller.rb
index 3ac47d46cf..0b80877bc2 100644
--- a/services/api/app/controllers/user_sessions_controller.rb
+++ b/services/api/app/controllers/user_sessions_controller.rb
@@ -1,14 +1,14 @@
 class UserSessionsController < ApplicationController
-  before_filter :require_auth_scope_all, :only => [ :destroy ]
+  before_filter :require_auth_scope, :only => [ :destroy ]
 
   skip_before_filter :find_object_by_uuid
+  skip_before_filter :render_404_if_no_object
 
   respond_to :html
 
   # omniauth callback method
   def create
     omniauth = env['omniauth.auth']
-    #logger.debug "+++ #{omniauth}"
 
     identity_url_ok = (omniauth['info']['identity_url'].length > 0) rescue false
     unless identity_url_ok
@@ -23,12 +23,12 @@ class UserSessionsController < ApplicationController
     if not user
       # Check for permission to log in to an existing User record with
       # a different identity_url
-      Link.where(link_class: 'permission',
-                 name: 'can_login',
-                 tail_kind: 'email',
-                 tail_uuid: omniauth['info']['email'],
-                 head_kind: 'arvados#user').each do |link|
-        if prefix = link.properties[:identity_url_prefix]
+      Link.where("link_class = ? and name = ? and tail_uuid = ? and head_uuid like ?",
+                 'permission',
+                 'can_login',
+                 omniauth['info']['email'],
+                 User.uuid_like_pattern).each do |link|
+        if prefix = link.properties['identity_url_prefix']
           if prefix == omniauth['info']['identity_url'][0..prefix.size-1]
             user = User.find_by_uuid(link.head_uuid)
             break if user
@@ -57,7 +57,7 @@ class UserSessionsController < ApplicationController
     # "unauthorized":
     Thread.current[:user] = user
 
-    user.save!
+    user.save or raise Exception.new(user.errors.messages)
 
     omniauth.delete('extra')
 
@@ -120,7 +120,8 @@ class UserSessionsController < ApplicationController
     api_client_auth = ApiClientAuthorization.
       new(user: user,
           api_client: @api_client,
-          created_by_ip_address: remote_ip)
+          created_by_ip_address: remote_ip,
+          scopes: ["all"])
     api_client_auth.save!
 
     if callback_url.index('?')