X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/46875fdde3ecdc37bb69e892b15509132a3bf9cf..beeba305e9c55f70e855f1e83fc915b1ccb4206f:/app/controllers/concerns/session_methods.rb diff --git a/app/controllers/concerns/session_methods.rb b/app/controllers/concerns/session_methods.rb index eb24f6b20..5dcddb82d 100644 --- a/app/controllers/concerns/session_methods.rb +++ b/app/controllers/concerns/session_methods.rb @@ -3,12 +3,24 @@ module SessionMethods private + ## + # Read @preferred_auth_provider and @client_app_name from oauth2 authorization request's referer + def parse_oauth_referer(referer) + referer_query = URI(referer).query if referer + return unless referer_query + + ref_params = CGI.parse referer_query + preferred = ref_params["preferred_auth_provider"].first + @preferred_auth_provider = preferred if preferred && Settings.key?(:"#{preferred}_auth_id") + @client_app_name = Oauth2Application.where(:uid => ref_params["client_id"].first).pick(:name) + end + ## # return the URL to use for authentication def auth_url(provider, uid, referer = nil) params = { :provider => provider } - params[:openid_url] = openid_expand_url(uid) if provider == "openid" + params[:openid_url] = uid if provider == "openid" if referer.nil? params[:origin] = request.path @@ -20,23 +32,6 @@ module SessionMethods auth_path(params) end - ## - # special case some common OpenID providers by applying heuristics to - # try and come up with the correct URL based on what the user entered - def openid_expand_url(openid_url) - if openid_url.nil? - nil - elsif openid_url.match(%r{(.*)gmail.com(/?)$}) || openid_url.match(%r{(.*)googlemail.com(/?)$}) - # Special case gmail.com as it is potentially a popular OpenID - # provider and, unlike yahoo.com, where it works automatically, Google - # have hidden their OpenID endpoint somewhere obscure this making it - # somewhat less user friendly. - "https://www.google.com/accounts/o8/id" - else - openid_url - end - end - ## # process a successful login def successful_login(user, referer = nil) @@ -79,9 +74,10 @@ module SessionMethods ## # def unconfirmed_login(user) - session[:token] = user.tokens.create.token + session[:pending_user] = user.id - redirect_to :controller => "confirmations", :action => "confirm", :display_name => user.display_name + redirect_to :controller => "confirmations", :action => "confirm", + :display_name => user.display_name, :referer => session[:referer] session.delete(:remember_me) session.delete(:referer)