X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/3ef580c47029ff0fbf959b044f29c183f41cb609..0fe4cadebeb5910e553b69fce955283168758e34:/services/api/app/controllers/user_sessions_controller.rb

diff --git a/services/api/app/controllers/user_sessions_controller.rb b/services/api/app/controllers/user_sessions_controller.rb
index c5507045c4..020dfa53b8 100644
--- a/services/api/app/controllers/user_sessions_controller.rb
+++ b/services/api/app/controllers/user_sessions_controller.rb
@@ -1,3 +1,7 @@
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
 class UserSessionsController < ApplicationController
   before_filter :require_auth_scope, :only => [ :destroy ]
 
@@ -20,7 +24,11 @@ class UserSessionsController < ApplicationController
       return redirect_to login_failure_url
     end
 
-    user = User.find_by_identity_url(omniauth['info']['identity_url'])
+    # Only local users can create sessions, hence uuid_like_pattern
+    # here.
+    user = User.unscoped.where('identity_url = ? and uuid like ?',
+                               omniauth['info']['identity_url'],
+                               User.uuid_like_pattern).first
     if not user
       # Check for permission to log in to an existing User record with
       # a different identity_url
@@ -37,6 +45,7 @@ class UserSessionsController < ApplicationController
         end
       end
     end
+
     if not user
       # New user registration
       user = User.new(:email => omniauth['info']['email'],
@@ -59,6 +68,13 @@ class UserSessionsController < ApplicationController
         # First login to a pre-activated account
         user.identity_url = omniauth['info']['identity_url']
       end
+
+      while (uuid = user.redirect_to_user_uuid)
+        user = User.unscoped.where(uuid: uuid).first
+        if !user
+          raise Exception.new("identity_url #{omniauth['info']['identity_url']} redirects to nonexistent uuid #{uuid}")
+        end
+      end
     end
 
     # For the benefit of functional and integration tests:
@@ -143,7 +159,7 @@ class UserSessionsController < ApplicationController
     else
       callback_url += '?'
     end
-    callback_url += 'api_token=' + api_client_auth.api_token
+    callback_url += 'api_token=' + api_client_auth.token
     redirect_to callback_url
   end