Class: ActionDispatch::Routing::Mapper

Inherits:
Object
  • Object
show all
Defined in:
lib/devise_token_auth/rails/routes.rb

Instance Method Summary collapse

Instance Method Details

#mount_devise_token_auth_for(resource, opts) ⇒ Object



5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
# File 'lib/devise_token_auth/rails/routes.rb', line 5

def mount_devise_token_auth_for(resource, opts)
  # ensure objects exist to simplify attr checks
  opts[:controllers] ||= {}
  opts[:skip]        ||= []

  # check for ctrl overrides, fall back to defaults
  sessions_ctrl          = opts[:controllers].delete(:sessions) || 'devise_token_auth/sessions'
  registrations_ctrl     = opts[:controllers].delete(:registrations) || 'devise_token_auth/registrations'
  passwords_ctrl         = opts[:controllers].delete(:passwords) || 'devise_token_auth/passwords'
  confirmations_ctrl     = opts[:controllers].delete(:confirmations) || 'devise_token_auth/confirmations'
  token_validations_ctrl = opts[:controllers].delete(:token_validations) || 'devise_token_auth/token_validations'
  omniauth_ctrl          = opts[:controllers].delete(:omniauth_callbacks) || 'devise_token_auth/omniauth_callbacks'
  unlocks_ctrl           = opts[:controllers].delete(:unlocks) || 'devise_token_auth/unlocks'

  # check for resource override
  route                  = opts[:as] || resource.pluralize.underscore.gsub('/', '_')

  # define devise controller mappings
  controllers = opts[:controllers].merge(
                  sessions: sessions_ctrl,
                  registrations: registrations_ctrl,
                  passwords: passwords_ctrl,
                  confirmations: confirmations_ctrl
                )

  controllers[:unlocks] = unlocks_ctrl if unlocks_ctrl

  # remove any unwanted devise modules
  opts[:skip].each{ |item| controllers.delete(item) }

  devise_for route.to_sym,
             class_name: resource,
             module: :devise,
             path: opts[:at].to_s,
             controllers: controllers,
             skip: opts[:skip] + [:omniauth_callbacks]

  unnest_namespace do
    # get full url path as if it were namespaced
    full_path = "#{@scope[:path]}/#{opts[:at]}"

    # get namespace name
    namespace_name = @scope[:as]

    # clear scope so controller routes aren't namespaced
    @scope = ActionDispatch::Routing::Mapper::Scope.new(
      path:         '',
      shallow_path: '',
      constraints:  {},
      defaults:     {},
      options:      {},
      parent:       nil
    )

    mapping_name = resource.underscore.gsub('/', '_')
    mapping_name = "#{namespace_name}_#{mapping_name}" if namespace_name

    devise_scope mapping_name.to_sym do
      # path to verify token validity
      get "#{full_path}/validate_token", controller: token_validations_ctrl.to_s, action: 'validate_token' if !opts[:skip].include?(:token_validations)

      # omniauth routes. only define if omniauth is installed and not skipped.
      if defined?(::OmniAuth) && !opts[:skip].include?(:omniauth_callbacks)
        match "#{full_path}/failure",             controller: omniauth_ctrl, action: 'omniauth_failure', via: [:get, :post]
        match "#{full_path}/:provider/callback",  controller: omniauth_ctrl, action: 'omniauth_success', via: [:get, :post]

        match "#{DeviseTokenAuth.omniauth_prefix}/:provider/callback", controller: omniauth_ctrl, action: 'redirect_callbacks', via: [:get, :post]
        match "#{DeviseTokenAuth.omniauth_prefix}/failure", controller: omniauth_ctrl, action: 'omniauth_failure', via: [:get, :post]

        # preserve the resource class thru oauth authentication by setting name of
        # resource as "resource_class" param
        match "#{full_path}/:provider", to: redirect(status: 307) { |params, request|
          # get the current querystring
          # TODO: deprecate in favor of using params
          qs = CGI::parse(request.env['QUERY_STRING'].empty? ? request.body.read : request.env['QUERY_STRING'] )

          # append name of current resource
          qs['resource_class'] = [resource]
          qs['namespace_name'] = [namespace_name] if namespace_name

          set_omniauth_path_prefix!(DeviseTokenAuth.omniauth_prefix)

          redirect_params = {}.tap { |hash| qs.each{ |k, v| hash[k] = v.first } }

          if DeviseTokenAuth.redirect_whitelist
            redirect_url = request.params['auth_origin_url']
            unless DeviseTokenAuth::Url.whitelisted?(redirect_url)
              message = I18n.t(
                'devise_token_auth.registrations.redirect_url_not_allowed',
                redirect_url: redirect_url
              )
              redirect_params['message'] = message
              next "#{::OmniAuth.config.path_prefix}/failure?#{redirect_params.to_param}"
            end
          end

          # re-construct the path for omniauth
          "#{::OmniAuth.config.path_prefix}/#{params[:provider]}?#{redirect_params.to_param}"
        }, via: [:get, :post]
      end
    end
  end
end

#set_omniauth_path_prefix!(path_prefix) ⇒ Object

ignore error about omniauth/multiple model support



118
119
120
# File 'lib/devise_token_auth/rails/routes.rb', line 118

def set_omniauth_path_prefix!(path_prefix)
  ::OmniAuth.config.path_prefix = path_prefix
end

#unnest_namespaceObject

this allows us to use namespaced paths without namespacing the routes



110
111
112
113
114
115
# File 'lib/devise_token_auth/rails/routes.rb', line 110

def unnest_namespace
  current_scope = @scope.dup
  yield
ensure
  @scope = current_scope
end