Class: Auth::ManagedAuthenticator
Instance Method Summary
collapse
#enabled?, #name, #provides_groups?, #register_middleware
Instance Method Details
#after_authenticate(auth_token, existing_account: nil) ⇒ Object
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
# File 'lib/auth/managed_authenticator.rb', line 57
def after_authenticate(auth_token, existing_account: nil)
association =
UserAssociatedAccount.find_or_initialize_by(
provider_name: auth_token[:provider],
provider_uid: auth_token[:uid],
)
if can_connect_existing_user? && existing_account &&
(association.user.nil? || existing_account.id != association.user_id)
association.user = existing_account
end
if match_by_email && association.user.nil? && (user = find_user_by_email(auth_token))
UserAssociatedAccount.where(user: user, provider_name: auth_token[:provider]).destroy_all association.user = user
end
if match_by_username && association.user.nil? && SiteSetting.username_change_period.zero? &&
(user = find_user_by_username(auth_token))
UserAssociatedAccount.where(user: user, provider_name: auth_token[:provider]).destroy_all association.user = user
end
association.info = auth_token[:info] || {}
association.credentials = auth_token[:credentials] || {}
association. = auth_token[:extra] || {}
association.last_used = Time.zone.now
association.save!
retrieve_avatar(association.user, association.info["image"])
retrieve_profile(association.user, association.info)
result = Auth::Result.new
info = auth_token[:info]
result.email = info[:email]
result.name =
(
if (info[:first_name] && info[:last_name])
"#{info[:first_name]} #{info[:last_name]}"
else
info[:name]
end
)
if result.name.present? && result.name == result.email
result.name = nil
end
result.username = info[:nickname]
result.email_valid = primary_email_verified?(auth_token) if result.email.present?
result.overrides_email = always_update_user_email?
result. = { provider: auth_token[:provider], uid: auth_token[:uid] }
result.user = association.user
result
end
|
#after_create_account(user, auth_result) ⇒ Object
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
|
# File 'lib/auth/managed_authenticator.rb', line 124
def after_create_account(user, auth_result)
auth_token = auth_result[:extra_data]
association =
UserAssociatedAccount.find_or_initialize_by(
provider_name: auth_token[:provider],
provider_uid: auth_token[:uid],
)
association.user = user
association.save!
retrieve_avatar(user, association.info["image"])
retrieve_profile(user, association.info)
auth_result.apply_associated_attributes!
end
|
#always_update_user_email? ⇒ Boolean
46
47
48
|
# File 'lib/auth/managed_authenticator.rb', line 46
def always_update_user_email?
false
end
|
#can_connect_existing_user? ⇒ Boolean
42
43
44
|
# File 'lib/auth/managed_authenticator.rb', line 42
def can_connect_existing_user?
true
end
|
#can_revoke? ⇒ Boolean
38
39
40
|
# File 'lib/auth/managed_authenticator.rb', line 38
def can_revoke?
true
end
|
#description_for_auth_hash(auth_token) ⇒ Object
16
17
18
19
20
|
# File 'lib/auth/managed_authenticator.rb', line 16
def description_for_auth_hash(auth_token)
return if auth_token&.info.nil?
info = auth_token.info
info["email"] || info["nickname"] || info["name"]
end
|
#description_for_user(user) ⇒ Object
10
11
12
13
14
|
# File 'lib/auth/managed_authenticator.rb', line 10
def description_for_user(user)
associated_account = UserAssociatedAccount.find_by(provider_name: name, user_id: user.id)
return "" if associated_account.nil?
description_for_auth_hash(associated_account) || I18n.t("associated_accounts.connected")
end
|
#find_user_by_email(auth_token) ⇒ Object
140
141
142
143
|
# File 'lib/auth/managed_authenticator.rb', line 140
def find_user_by_email(auth_token)
email = auth_token.dig(:info, :email)
User.find_by_email(email) if email && primary_email_verified?(auth_token)
end
|
#find_user_by_username(auth_token) ⇒ Object
145
146
147
148
|
# File 'lib/auth/managed_authenticator.rb', line 145
def find_user_by_username(auth_token)
username = auth_token.dig(:info, :nickname)
User.find_by_username(username) if username
end
|
#is_managed? ⇒ Boolean
4
5
6
7
8
|
# File 'lib/auth/managed_authenticator.rb', line 4
def is_managed?
true
end
|
#match_by_email ⇒ Object
These three methods are designed to be overridden by child classes
23
24
25
|
# File 'lib/auth/managed_authenticator.rb', line 23
def match_by_email
true
end
|
#match_by_username ⇒ Object
Depending on the authenticator, this could be insecure, so it’s disabled by default
28
29
30
|
# File 'lib/auth/managed_authenticator.rb', line 28
def match_by_username
false
end
|
#primary_email_verified?(auth_token) ⇒ Boolean
32
33
34
35
36
|
# File 'lib/auth/managed_authenticator.rb', line 32
def primary_email_verified?(auth_token)
false
end
|
#retrieve_avatar(user, url) ⇒ Object
150
151
152
153
154
|
# File 'lib/auth/managed_authenticator.rb', line 150
def retrieve_avatar(user, url)
return unless user && url.present?
return if user.user_avatar.try(:custom_upload_id).present?
Jobs.enqueue(:download_avatar_from_url, url: url, user_id: user.id, override_gravatar: false)
end
|
#retrieve_profile(user, info) ⇒ Object
156
157
158
159
160
161
162
163
164
165
166
167
168
|
# File 'lib/auth/managed_authenticator.rb', line 156
def retrieve_profile(user, info)
return unless user
bio = info["description"]
location = info["location"]
if bio || location
profile = user.user_profile
profile.bio_raw = bio if profile.bio_raw.blank?
profile.location = location if profile.location.blank?
profile.save
end
end
|
#revoke(user, skip_remote: false) ⇒ Object
50
51
52
53
54
55
|
# File 'lib/auth/managed_authenticator.rb', line 50
def revoke(user, skip_remote: false)
association = UserAssociatedAccount.find_by(provider_name: name, user_id: user.id)
raise Discourse::NotFound if association.nil?
association.destroy!
true
end
|