X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/54d2df58b60ad760cbc235656b6f90744f420631..1498ac2bab4aabdd71066e4644ad20a6ac555827:/app/controllers/user_sessions_controller.rb diff --git a/app/controllers/user_sessions_controller.rb b/app/controllers/user_sessions_controller.rb index 31f691d333..28e7e795cd 100644 --- a/app/controllers/user_sessions_controller.rb +++ b/app/controllers/user_sessions_controller.rb @@ -25,17 +25,22 @@ class UserSessionsController < ApplicationController user = User.find_by_identity_url(omniauth['info']['identity_url']) if not user # New user registration - user = User.create!(:email => omniauth['info']['email'], - :first_name => omniauth['info']['first_name'], - :last_name => omniauth['info']['last_name'], - :identity_url => omniauth['info']['identity_url']) + user = User.new(:email => omniauth['info']['email'], + :first_name => omniauth['info']['first_name'], + :last_name => omniauth['info']['last_name'], + :identity_url => omniauth['info']['identity_url']) else user.email = omniauth['info']['email'] user.first_name = omniauth['info']['first_name'] user.last_name = omniauth['info']['last_name'] - user.save end + # prevent OrvosModel#before_create and _update from throwing + # "unauthorized": + Thread.current[:user] = user + + user.save! + omniauth.delete('extra') # Give the authenticated user a cookie for direct API access @@ -61,7 +66,8 @@ class UserSessionsController < ApplicationController session[:user_id] = nil flash[:notice] = 'You have logged off' - redirect_to "#{CUSTOM_PROVIDER_URL}/users/sign_out?redirect_uri=#{root_url}" + return_to = params[:return_to] || root_url + redirect_to "#{CUSTOM_PROVIDER_URL}/users/sign_out?redirect_uri=#{CGI.escape return_to}" end # login - Just bounce to /auth/joshid. The only purpose of this function is