X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/be4852ec32e5eeed1af9a62017cfc39ed66ac186..85c13201abf4a9f19dd112992a04fa65da63369c:/services/api/app/controllers/user_sessions_controller.rb diff --git a/services/api/app/controllers/user_sessions_controller.rb b/services/api/app/controllers/user_sessions_controller.rb index c5507045c4..b8fe294892 100644 --- a/services/api/app/controllers/user_sessions_controller.rb +++ b/services/api/app/controllers/user_sessions_controller.rb @@ -1,3 +1,7 @@ +# Copyright (C) The Arvados Authors. All rights reserved. +# +# SPDX-License-Identifier: AGPL-3.0 + class UserSessionsController < ApplicationController before_filter :require_auth_scope, :only => [ :destroy ] @@ -20,7 +24,11 @@ class UserSessionsController < ApplicationController return redirect_to login_failure_url end - user = User.find_by_identity_url(omniauth['info']['identity_url']) + # Only local users can create sessions, hence uuid_like_pattern + # here. + user = User.unscoped.where('identity_url = ? and uuid like ?', + omniauth['info']['identity_url'], + User.uuid_like_pattern).first if not user # Check for permission to log in to an existing User record with # a different identity_url @@ -37,6 +45,7 @@ class UserSessionsController < ApplicationController end end end + if not user # New user registration user = User.new(:email => omniauth['info']['email'], @@ -59,6 +68,13 @@ class UserSessionsController < ApplicationController # First login to a pre-activated account user.identity_url = omniauth['info']['identity_url'] end + + while (uuid = user.redirect_to_user_uuid) + user = User.unscoped.where(uuid: uuid).first + if !user + raise Exception.new("identity_url #{omniauth['info']['identity_url']} redirects to nonexistent uuid #{uuid}") + end + end end # For the benefit of functional and integration tests: