2018-02-04 05:42:13 +01:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
|
|
module Omniauthable
|
|
|
|
|
extend ActiveSupport::Concern
|
|
|
|
|
|
|
|
|
|
TEMP_EMAIL_PREFIX = 'change@me'
|
2019-09-16 20:42:29 +02:00
|
|
|
TEMP_EMAIL_REGEX = /\A#{TEMP_EMAIL_PREFIX}/.freeze
|
2018-02-04 05:42:13 +01:00
|
|
|
|
|
|
|
|
included do
|
2019-03-14 02:13:42 +01:00
|
|
|
devise :omniauthable
|
|
|
|
|
|
2018-02-04 05:42:13 +01:00
|
|
|
def omniauth_providers
|
|
|
|
|
Devise.omniauth_configs.keys
|
|
|
|
|
end
|
|
|
|
|
|
2022-03-09 12:07:35 +01:00
|
|
|
def email_present?
|
2018-02-04 05:42:13 +01:00
|
|
|
email && email !~ TEMP_EMAIL_REGEX
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
class_methods do
|
|
|
|
|
def find_for_oauth(auth, signed_in_resource = nil)
|
|
|
|
|
# EOLE-SSO Patch
|
|
|
|
|
auth.uid = (auth.uid[0][:uid] || auth.uid[0][:user]) if auth.uid.is_a? Hashie::Array
|
|
|
|
|
identity = Identity.find_for_oauth(auth)
|
|
|
|
|
|
|
|
|
|
# If a signed_in_resource is provided it always overrides the existing user
|
|
|
|
|
# to prevent the identity being locked with accidentally created accounts.
|
|
|
|
|
# Note that this may leave zombie accounts (with no associated identity) which
|
|
|
|
|
# can be cleaned up at a later date.
|
2019-09-16 20:42:29 +02:00
|
|
|
user = signed_in_resource || identity.user
|
|
|
|
|
user ||= create_for_oauth(auth)
|
2018-02-04 05:42:13 +01:00
|
|
|
|
|
|
|
|
if identity.user.nil?
|
|
|
|
|
identity.user = user
|
|
|
|
|
identity.save!
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
user
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def create_for_oauth(auth)
|
2022-03-09 12:07:35 +01:00
|
|
|
# Check if the user exists with provided email. If no email was provided,
|
|
|
|
|
# we assign a temporary email and ask the user to verify it on
|
Change unconfirmed user login behaviour (#11375)
Allow access to account settings, 2FA, authorized applications, and
account deletions to unconfirmed and pending users, as well as
users who had their accounts disabled. Suspended users cannot update
their e-mail or password or delete their account.
Display account status on account settings page, for example, when
an account is frozen, limited, unconfirmed or pending review.
After sign up, login users straight away and show a simple page that
tells them the status of their account with links to account settings
and logout, to reduce onboarding friction and allow users to correct
wrongly typed e-mail addresses.
Move the final sign-up step of SSO integrations to be the same
as above to reduce code duplication.
2019-07-22 10:48:50 +02:00
|
|
|
# the next step via Auth::SetupController.show
|
2018-02-04 05:42:13 +01:00
|
|
|
|
2019-09-16 20:42:29 +02:00
|
|
|
strategy = Devise.omniauth_configs[auth.provider.to_sym].strategy
|
|
|
|
|
assume_verified = strategy&.security&.assume_email_is_verified
|
2022-03-09 12:07:35 +01:00
|
|
|
email_is_verified = auth.info.verified || auth.info.verified_email || auth.info.email_verified || assume_verified
|
2019-09-16 20:42:29 +02:00
|
|
|
email = auth.info.verified_email || auth.info.email
|
|
|
|
|
|
|
|
|
|
user = User.find_by(email: email) if email_is_verified
|
|
|
|
|
|
|
|
|
|
return user unless user.nil?
|
|
|
|
|
|
|
|
|
|
user = User.new(user_params_from_auth(email, auth))
|
|
|
|
|
|
2021-01-22 10:09:08 +01:00
|
|
|
user.account.avatar_remote_url = auth.info.image if /\A#{URI::DEFAULT_PARSER.make_regexp(%w(http https))}\z/.match?(auth.info.image)
|
2022-03-09 12:07:35 +01:00
|
|
|
user.skip_confirmation! if email_is_verified
|
2018-02-04 05:42:13 +01:00
|
|
|
user.save!
|
|
|
|
|
user
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
private
|
|
|
|
|
|
2019-09-16 20:42:29 +02:00
|
|
|
def user_params_from_auth(email, auth)
|
2018-02-04 05:42:13 +01:00
|
|
|
{
|
2018-10-08 04:50:11 +02:00
|
|
|
email: email || "#{TEMP_EMAIL_PREFIX}-#{auth.uid}-#{auth.provider}.com",
|
2019-01-25 12:36:54 +01:00
|
|
|
agreement: true,
|
2019-04-25 02:49:25 +02:00
|
|
|
external: true,
|
2018-02-04 05:42:13 +01:00
|
|
|
account_attributes: {
|
2022-03-09 12:07:35 +01:00
|
|
|
username: ensure_unique_username(ensure_valid_username(auth.uid)),
|
|
|
|
|
display_name: auth.info.full_name || auth.info.name || [auth.info.first_name, auth.info.last_name].join(' '),
|
2018-02-04 05:42:13 +01:00
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def ensure_unique_username(starting_username)
|
|
|
|
|
username = starting_username
|
|
|
|
|
i = 0
|
|
|
|
|
|
2020-04-30 14:39:05 +02:00
|
|
|
while Account.exists?(username: username, domain: nil)
|
2018-02-04 05:42:13 +01:00
|
|
|
i += 1
|
|
|
|
|
username = "#{starting_username}_#{i}"
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
username
|
|
|
|
|
end
|
2022-03-09 12:07:35 +01:00
|
|
|
|
|
|
|
|
def ensure_valid_username(starting_username)
|
|
|
|
|
starting_username = starting_username.split('@')[0]
|
|
|
|
|
temp_username = starting_username.gsub(/[^a-z0-9_]+/i, '')
|
|
|
|
|
validated_username = temp_username.truncate(30, omission: '')
|
|
|
|
|
validated_username
|
|
|
|
|
end
|
2018-02-04 05:42:13 +01:00
|
|
|
end
|
|
|
|
|
end
|
