]> git.openstreetmap.org Git - rails.git/blobdiff - app/controllers/concerns/session_methods.rb
Merge remote-tracking branch 'upstream/pull/5405'
[rails.git] / app / controllers / concerns / session_methods.rb
index fca851eeb1e7b113ca38b9afbad9541bea7bc116..45cf0d9439607642725c088feb5517215e232524 100644 (file)
@@ -3,6 +3,18 @@ module SessionMethods
 
   private
 
+  ##
+  # Read @preferred_auth_provider and @client_app_name from oauth2 authorization request's referer
+  def parse_oauth_referer(referer)
+    referer_query = URI(referer).query if referer
+    return unless referer_query
+
+    ref_params = CGI.parse referer_query
+    preferred = ref_params["preferred_auth_provider"].first
+    @preferred_auth_provider = preferred if preferred && Settings.key?(:"#{preferred}_auth_id")
+    @client_app_name = Oauth2Application.where(:uid => ref_params["client_id"].first).pick(:name)
+  end
+
   ##
   # return the URL to use for authentication
   def auth_url(provider, uid, referer = nil)
@@ -27,7 +39,7 @@ module SessionMethods
     session[:fingerprint] = user.fingerprint
     session_expires_after 28.days if session[:remember_me]
 
-    target = referer || session[:referer] || url_for(:controller => :site, :action => :index)
+    target = referer || url_for(:controller => :site, :action => :index)
 
     # The user is logged in, so decide where to send them:
     #
@@ -44,30 +56,28 @@ module SessionMethods
     end
 
     session.delete(:remember_me)
-    session.delete(:referer)
   end
 
   ##
   # process a failed login
-  def failed_login(message, username = nil)
+  def failed_login(message, username, referer = nil)
     flash[:error] = message
 
-    redirect_to :controller => "sessions", :action => "new", :referer => session[:referer],
+    redirect_to :controller => "sessions", :action => "new", :referer => referer,
                 :username => username, :remember_me => session[:remember_me]
 
     session.delete(:remember_me)
-    session.delete(:referer)
   end
 
   ##
   #
-  def unconfirmed_login(user)
-    session[:token] = user.tokens.create.token
+  def unconfirmed_login(user, referer = nil)
+    session[:pending_user] = user.id
 
-    redirect_to :controller => "confirmations", :action => "confirm", :display_name => user.display_name
+    redirect_to :controller => "confirmations", :action => "confirm",
+                :display_name => user.display_name, :referer => referer
 
     session.delete(:remember_me)
-    session.delete(:referer)
   end
 
   ##