X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/fb3c02b38a24cda422de95f2f8b49002b841cc72..385f300ba44bc186aa679d5aba543260e8ffee1e:/services/api/app/controllers/user_sessions_controller.rb

diff --git a/services/api/app/controllers/user_sessions_controller.rb b/services/api/app/controllers/user_sessions_controller.rb
index 28e7e795cd..eaaf7b5b93 100644
--- a/services/api/app/controllers/user_sessions_controller.rb
+++ b/services/api/app/controllers/user_sessions_controller.rb
@@ -1,7 +1,6 @@
 class UserSessionsController < ApplicationController
-  before_filter :login_required, :only => [ :destroy ]
+  before_filter :require_auth_scope_all, :only => [ :destroy ]
 
-  skip_before_filter :uncamelcase_params_hash_keys
   skip_before_filter :find_object_by_uuid
 
   respond_to :html
@@ -14,12 +13,10 @@ class UserSessionsController < ApplicationController
     identity_url_ok = (omniauth['info']['identity_url'].length > 0) rescue false
     unless identity_url_ok
       # Whoa. This should never happen.
+      logger.error "UserSessionsController.create: omniauth object missing/invalid"
+      logger.error "omniauth.pretty_inspect():\n\n#{omniauth.pretty_inspect()}"
 
-      @title = "UserSessionsController.create: omniauth object missing/invalid"
-      @body = "omniauth.pretty_inspect():\n\n#{omniauth.pretty_inspect()}"
-
-      view_context.fatal_error(@title,@body)
-      return redirect_to openid_login_error_url
+      return redirect_to login_failure_url
     end
 
     user = User.find_by_identity_url(omniauth['info']['identity_url'])
@@ -28,14 +25,15 @@ class UserSessionsController < ApplicationController
       user = User.new(:email => omniauth['info']['email'],
                       :first_name => omniauth['info']['first_name'],
                       :last_name => omniauth['info']['last_name'],
-                      :identity_url => omniauth['info']['identity_url'])
+                      :identity_url => omniauth['info']['identity_url'],
+                      :is_active => Rails.configuration.new_users_are_active)
     else
       user.email = omniauth['info']['email']
       user.first_name = omniauth['info']['first_name']
       user.last_name = omniauth['info']['last_name']
     end
 
-    # prevent OrvosModel#before_create and _update from throwing
+    # prevent ArvadosModel#before_create and _update from throwing
     # "unauthorized":
     Thread.current[:user] = user
 
@@ -95,20 +93,22 @@ class UserSessionsController < ApplicationController
 
     # Stub: automatically register all new API clients
     api_client_url_prefix = callback_url.match(%r{^.*?://[^/]+})[0] + '/'
-    api_client = ApiClient.find_or_create_by_url_prefix(api_client_url_prefix)
+    act_as_system_user do
+      @api_client = ApiClient.find_or_create_by_url_prefix api_client_url_prefix
+    end
 
     api_client_auth = ApiClientAuthorization.
       new(user: user,
-          api_client: api_client,
+          api_client: @api_client,
           created_by_ip_address: remote_ip)
     api_client_auth.save!
 
     if callback_url.index('?')
-      callback_url << '&'
+      callback_url += '&'
     else
-      callback_url << '?'
+      callback_url += '?'
     end
-    callback_url << 'api_token=' << api_client_auth.api_token
+    callback_url += 'api_token=' + api_client_auth.api_token
     redirect_to callback_url
   end
 end