about summary refs log tree commit diff
path: root/app/controllers/auth
diff options
context:
space:
mode:
authorEugen Rochko <eugen@zeonfederated.com>2018-02-04 05:42:13 +0100
committerGitHub <noreply@github.com>2018-02-04 05:42:13 +0100
commit26f21fd5a03b1c6407cd81c58481288d06958ad3 (patch)
treeef7cf0e00f4bfddfff65d4c28d38fe082ec6de37 /app/controllers/auth
parent9da81a16391edfcbda9c748dcd519fb3ebd765e5 (diff)
CAS + SAML authentication feature (#6425)
* Cas authentication feature

* Config

* Remove class_eval + Omniauth initializer

* Codeclimate review

* Codeclimate review 2

* Codeclimate review 3

* Remove uid/email reconciliation

* SAML authentication

* Clean up code

* Improve login form

* Fix code style issues

* Add locales
Diffstat (limited to 'app/controllers/auth')
-rw-r--r--app/controllers/auth/confirmations_controller.rb24
-rw-r--r--app/controllers/auth/omniauth_callbacks_controller.rb33
2 files changed, 57 insertions, 0 deletions
diff --git a/app/controllers/auth/confirmations_controller.rb b/app/controllers/auth/confirmations_controller.rb
index 2fdb281f4..a240425cd 100644
--- a/app/controllers/auth/confirmations_controller.rb
+++ b/app/controllers/auth/confirmations_controller.rb
@@ -2,4 +2,28 @@
 
 class Auth::ConfirmationsController < Devise::ConfirmationsController
   layout 'auth'
+
+  before_action :set_user, only: [:finish_signup]
+
+  # GET/PATCH /users/:id/finish_signup
+  def finish_signup
+    return unless request.patch? && params[:user]
+    if @user.update(user_params)
+      @user.skip_reconfirmation!
+      sign_in(@user, bypass: true)
+      redirect_to root_path, notice: I18n.t('devise.confirmations.send_instructions')
+    else
+      @show_errors = true
+    end
+  end
+
+  private
+
+  def set_user
+    @user = current_user
+  end
+
+  def user_params
+    params.require(:user).permit(:email)
+  end
 end
diff --git a/app/controllers/auth/omniauth_callbacks_controller.rb b/app/controllers/auth/omniauth_callbacks_controller.rb
new file mode 100644
index 000000000..bbf63bed3
--- /dev/null
+++ b/app/controllers/auth/omniauth_callbacks_controller.rb
@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+class Auth::OmniauthCallbacksController < Devise::OmniauthCallbacksController
+  skip_before_action :verify_authenticity_token
+
+  def self.provides_callback_for(provider)
+    provider_id = provider.to_s.chomp '_oauth2'
+
+    define_method provider do
+      @user = User.find_for_oauth(request.env['omniauth.auth'], current_user)
+
+      if @user.persisted?
+        sign_in_and_redirect @user, event: :authentication
+        set_flash_message(:notice, :success, kind: provider_id.capitalize) if is_navigational_format?
+      else
+        session["devise.#{provider}_data"] = request.env['omniauth.auth']
+        redirect_to new_user_registration_url
+      end
+    end
+  end
+
+  Devise.omniauth_configs.each_key do |provider|
+    provides_callback_for provider
+  end
+
+  def after_sign_in_path_for(resource)
+    if resource.email_verified?
+      root_path
+    else
+      finish_signup_path
+    end
+  end
+end