diff options
Diffstat (limited to 'app/controllers')
-rw-r--r-- | app/controllers/api/base_controller.rb | 4 | ||||
-rw-r--r-- | app/controllers/application_controller.rb | 4 | ||||
-rw-r--r-- | app/controllers/auth/sessions_controller.rb | 15 | ||||
-rw-r--r-- | app/controllers/oauth/authorizations_controller.rb | 14 |
4 files changed, 33 insertions, 4 deletions
diff --git a/app/controllers/api/base_controller.rb b/app/controllers/api/base_controller.rb index 0b3735087..90f42251e 100644 --- a/app/controllers/api/base_controller.rb +++ b/app/controllers/api/base_controller.rb @@ -53,10 +53,6 @@ class Api::BaseController < ApplicationController [params[:limit].to_i.abs, default_limit * 2].min end - def truthy_param?(key) - ActiveModel::Type::Boolean.new.cast(params[key]) - end - def current_resource_owner @current_user ||= User.find(doorkeeper_token.resource_owner_id) if doorkeeper_token end diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 8ffc31bb4..dca6c5a5a 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -128,6 +128,10 @@ class ApplicationController < ActionController::Base protected + def truthy_param?(key) + ActiveModel::Type::Boolean.new.cast(params[key]) + end + def forbidden respond_with_error(403) end diff --git a/app/controllers/auth/sessions_controller.rb b/app/controllers/auth/sessions_controller.rb index 7cd46662f..f4401b3dd 100644 --- a/app/controllers/auth/sessions_controller.rb +++ b/app/controllers/auth/sessions_controller.rb @@ -11,6 +11,7 @@ class Auth::SessionsController < Devise::SessionsController prepend_before_action :set_pack before_action :set_instance_presenter, only: [:new] before_action :set_body_classes + after_action :clear_site_data, only: [:destroy] def new Devise.omniauth_configs.each do |provider, config| @@ -28,8 +29,10 @@ class Auth::SessionsController < Devise::SessionsController end def destroy + tmp_stored_location = stored_location_for(:user) super flash.delete(:notice) + store_location_for(:user, tmp_stored_location) if continue_after? end protected @@ -126,4 +129,16 @@ class Auth::SessionsController < Devise::SessionsController end paths end + + def clear_site_data + return if continue_after? + + # Should be '"*"' but that doen't work in Chrome (neither does '"executionContexts"') + # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Clear-Site-Data + response.headers['Clear-Site-Data'] = '"cache", "cookies"' + end + + def continue_after? + truthy_param?(:continue) + end end diff --git a/app/controllers/oauth/authorizations_controller.rb b/app/controllers/oauth/authorizations_controller.rb index eb977510b..f6f5d1ecc 100644 --- a/app/controllers/oauth/authorizations_controller.rb +++ b/app/controllers/oauth/authorizations_controller.rb @@ -18,4 +18,18 @@ class Oauth::AuthorizationsController < Doorkeeper::AuthorizationsController def set_pack use_pack 'auth' end + + def render_success + if skip_authorization? || (matching_token? && !truthy_param?('force_login')) + redirect_or_render authorize_response + elsif Doorkeeper.configuration.api_only + render json: pre_auth + else + render :new + end + end + + def truthy_param?(key) + ActiveModel::Type::Boolean.new.cast(params[key]) + end end |