X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/977eed6269537b5a618fe1e6034c7fbbc5709258..1e6db7b52c6ee1ea7a743afa1497f265a716dcb4:/app/controllers/concerns/session_methods.rb

diff --git a/app/controllers/concerns/session_methods.rb b/app/controllers/concerns/session_methods.rb
index eb24f6b20..45cf0d943 100644
--- a/app/controllers/concerns/session_methods.rb
+++ b/app/controllers/concerns/session_methods.rb
@@ -3,12 +3,24 @@ module SessionMethods
 
   private
 
+  ##
+  # Read @preferred_auth_provider and @client_app_name from oauth2 authorization request's referer
+  def parse_oauth_referer(referer)
+    referer_query = URI(referer).query if referer
+    return unless referer_query
+
+    ref_params = CGI.parse referer_query
+    preferred = ref_params["preferred_auth_provider"].first
+    @preferred_auth_provider = preferred if preferred && Settings.key?(:"#{preferred}_auth_id")
+    @client_app_name = Oauth2Application.where(:uid => ref_params["client_id"].first).pick(:name)
+  end
+
   ##
   # return the URL to use for authentication
   def auth_url(provider, uid, referer = nil)
     params = { :provider => provider }
 
-    params[:openid_url] = openid_expand_url(uid) if provider == "openid"
+    params[:openid_url] = uid if provider == "openid"
 
     if referer.nil?
       params[:origin] = request.path
@@ -20,23 +32,6 @@ module SessionMethods
     auth_path(params)
   end
 
-  ##
-  # special case some common OpenID providers by applying heuristics to
-  # try and come up with the correct URL based on what the user entered
-  def openid_expand_url(openid_url)
-    if openid_url.nil?
-      nil
-    elsif openid_url.match(%r{(.*)gmail.com(/?)$}) || openid_url.match(%r{(.*)googlemail.com(/?)$})
-      # Special case gmail.com as it is potentially a popular OpenID
-      # provider and, unlike yahoo.com, where it works automatically, Google
-      # have hidden their OpenID endpoint somewhere obscure this making it
-      # somewhat less user friendly.
-      "https://www.google.com/accounts/o8/id"
-    else
-      openid_url
-    end
-  end
-
   ##
   # process a successful login
   def successful_login(user, referer = nil)
@@ -44,7 +39,7 @@ module SessionMethods
     session[:fingerprint] = user.fingerprint
     session_expires_after 28.days if session[:remember_me]
 
-    target = referer || session[:referer] || url_for(:controller => :site, :action => :index)
+    target = referer || url_for(:controller => :site, :action => :index)
 
     # The user is logged in, so decide where to send them:
     #
@@ -61,30 +56,28 @@ module SessionMethods
     end
 
     session.delete(:remember_me)
-    session.delete(:referer)
   end
 
   ##
   # process a failed login
-  def failed_login(message, username = nil)
+  def failed_login(message, username, referer = nil)
     flash[:error] = message
 
-    redirect_to :controller => "sessions", :action => "new", :referer => session[:referer],
+    redirect_to :controller => "sessions", :action => "new", :referer => referer,
                 :username => username, :remember_me => session[:remember_me]
 
     session.delete(:remember_me)
-    session.delete(:referer)
   end
 
   ##
   #
-  def unconfirmed_login(user)
-    session[:token] = user.tokens.create.token
+  def unconfirmed_login(user, referer = nil)
+    session[:pending_user] = user.id
 
-    redirect_to :controller => "confirmations", :action => "confirm", :display_name => user.display_name
+    redirect_to :controller => "confirmations", :action => "confirm",
+                :display_name => user.display_name, :referer => referer
 
     session.delete(:remember_me)
-    session.delete(:referer)
   end
 
   ##