Class: DeviseTokenAuth::OmniauthCallbacksController
- Inherits:
-
ApplicationController
- Object
- DeviseController
- ApplicationController
- DeviseTokenAuth::OmniauthCallbacksController
- Defined in:
- app/controllers/devise_token_auth/omniauth_callbacks_controller.rb
Instance Attribute Summary collapse
-
#auth_params ⇒ Object
readonly
Returns the value of attribute auth_params.
Instance Method Summary collapse
-
#default_devise_mapping ⇒ Object
This method will only be called if ‘get_devise_mapping` cannot find the mapping in `omniauth.params`.
- #get_devise_mapping ⇒ Object
- #get_redirect_route(devise_mapping) ⇒ Object
- #omniauth_failure ⇒ Object
- #omniauth_success {|@resource| ... } ⇒ Object
-
#redirect_callbacks ⇒ Object
intermediary route for successful omniauth authentication.
- #validate_auth_origin_url_param ⇒ Object
Methods inherited from ApplicationController
#resource_data, #resource_errors
Instance Attribute Details
#auth_params ⇒ Object (readonly)
Returns the value of attribute auth_params.
5 6 7 |
# File 'app/controllers/devise_token_auth/omniauth_callbacks_controller.rb', line 5 def auth_params @auth_params end |
Instance Method Details
#default_devise_mapping ⇒ Object
This method will only be called if ‘get_devise_mapping` cannot find the mapping in `omniauth.params`.
One example use-case here is for IDP-initiated SAML login. In that case, there will have been no initial request in which to save the devise mapping. If you are in a situation like that, and your app allows for you to determine somehow what the devise mapping should be (because, for example, it is always the same), then you can handle it by overriding this method.
53 54 55 |
# File 'app/controllers/devise_token_auth/omniauth_callbacks_controller.rb', line 53 def default_devise_mapping raise NotImplementedError.new('no default_devise_mapping set') end |
#get_devise_mapping ⇒ Object
35 36 37 38 39 40 41 42 |
# File 'app/controllers/devise_token_auth/omniauth_callbacks_controller.rb', line 35 def get_devise_mapping # derive target redirect route from 'resource_class' param, which was set # before authentication. devise_mapping = [request.env['omniauth.params']['namespace_name'], request.env['omniauth.params']['resource_class'].underscore.gsub('/', '_')].compact.join('_') rescue NoMethodError => err default_devise_mapping end |
#get_redirect_route(devise_mapping) ⇒ Object
29 30 31 32 33 |
# File 'app/controllers/devise_token_auth/omniauth_callbacks_controller.rb', line 29 def get_redirect_route(devise_mapping) path = "#{Devise.mappings[devise_mapping.to_sym].fullpath}/#{params[:provider]}/callback" klass = request.scheme == 'https' ? URI::HTTPS : URI::HTTP redirect_route = klass.build(host: request.host, port: request.port, path: path).to_s end |
#omniauth_failure ⇒ Object
80 81 82 83 |
# File 'app/controllers/devise_token_auth/omniauth_callbacks_controller.rb', line 80 def omniauth_failure @error = params[:message] render_data_or_redirect('authFailure', error: @error) end |
#omniauth_success {|@resource| ... } ⇒ Object
57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 |
# File 'app/controllers/devise_token_auth/omniauth_callbacks_controller.rb', line 57 def omniauth_success get_resource_from_auth_hash set_token_on_resource create_auth_params if confirmable_enabled? # don't send confirmation email!!! @resource.skip_confirmation! end sign_in(:user, @resource, store: false, bypass: false) @resource.save! yield @resource if block_given? if DeviseTokenAuth. (@resource, @token) end render_data_or_redirect('deliverCredentials', @auth_params.as_json, @resource.as_json) end |
#redirect_callbacks ⇒ Object
intermediary route for successful omniauth authentication. omniauth does not support multiple models, so we must resort to this terrible hack.
14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
# File 'app/controllers/devise_token_auth/omniauth_callbacks_controller.rb', line 14 def redirect_callbacks # derive target redirect route from 'resource_class' param, which was set # before authentication. devise_mapping = get_devise_mapping redirect_route = get_redirect_route(devise_mapping) # preserve omniauth info for success route. ignore 'extra' in twitter # auth response to avoid CookieOverflow. session['dta.omniauth.auth'] = request.env['omniauth.auth'].except('extra') session['dta.omniauth.params'] = request.env['omniauth.params'] redirect_to redirect_route, {status: 307}.merge() end |
#validate_auth_origin_url_param ⇒ Object
85 86 87 |
# File 'app/controllers/devise_token_auth/omniauth_callbacks_controller.rb', line 85 def validate_auth_origin_url_param return render_error_not_allowed_auth_origin_url if auth_origin_url && blacklisted_redirect_url?(auth_origin_url) end |