Allow login through OpenID Connect (#16221)

* added OpenID Connect as an SSO option * minor fixes * added comments, removed an option that shouldn't be set * fixed Gemfile.lock * added newline to end of Gemfile.lock * removed tab from Gemfile.lock * remove chomp * codeclimate changes and small name change to make function's purpose clearer * codeclimate fix * added SSO buttons to /about page * minor refactor * minor style change * removed spurious change * removed unecessary conditional from ensure_valid_username and added support for auth.info.name in user_params_from_auth * minor changes
2022-03-09 06:07:35 -05:00 · 2022-03-09 06:07:35 -05:00 · a6ed6845c9
commit a6ed6845c9
parent d17fb70131
5 changed files with 97 additions and 15 deletions
--- a/app/controllers/auth/omniauth_callbacks_controller.rb
+++ b/app/controllers/auth/omniauth_callbacks_controller.rb
@ -4,8 +4,6 @@ class Auth::OmniauthCallbacksController < Devise::OmniauthCallbacksController
  skip_before_action :verify_authenticity_token

  def self.provides_callback_for(provider)
-    provider_id = provider.to_s.chomp '_oauth2'
-
    define_method provider do
      @user = User.find_for_oauth(request.env['omniauth.auth'], current_user)

@ -20,7 +18,7 @@ class Auth::OmniauthCallbacksController < Devise::OmniauthCallbacksController
        )

        sign_in_and_redirect @user, event: :authentication
-        set_flash_message(:notice, :success, kind: provider_id.capitalize) if is_navigational_format?
+        set_flash_message(:notice, :success, kind: Devise.omniauth_configs[provider].strategy.display_name.capitalize) if is_navigational_format?
      else
        session["devise.#{provider}_data"] = request.env['omniauth.auth']
        redirect_to new_user_registration_url
@ -33,7 +31,7 @@ class Auth::OmniauthCallbacksController < Devise::OmniauthCallbacksController
  end

  def after_sign_in_path_for(resource)
-    if resource.email_verified?
+    if resource.email_present?
      root_path
    else
      auth_setup_path(missing_email: '1')
--- a/app/models/concerns/omniauthable.rb
+++ b/app/models/concerns/omniauthable.rb
@ -13,7 +13,7 @@ module Omniauthable
      Devise.omniauth_configs.keys
    end

-    def email_verified?
+    def email_present?
      email && email !~ TEMP_EMAIL_REGEX
    end
  end
@ -40,16 +40,14 @@ module Omniauthable
    end

    def create_for_oauth(auth)
-      # Check if the user exists with provided email if the provider gives us a
-      # verified email.  If no verified email was provided or the user already
-      # exists, we assign a temporary email and ask the user to verify it on
+      # Check if the user exists with provided email. If no email was provided,
+      # we assign a temporary email and ask the user to verify it on
      # the next step via Auth::SetupController.show

      strategy          = Devise.omniauth_configs[auth.provider.to_sym].strategy
      assume_verified   = strategy&.security&.assume_email_is_verified
-      email_is_verified = auth.info.verified || auth.info.verified_email || assume_verified
+      email_is_verified = auth.info.verified || auth.info.verified_email || auth.info.email_verified || assume_verified
      email             = auth.info.verified_email || auth.info.email
-      email             = nil unless email_is_verified

      user = User.find_by(email: email) if email_is_verified

@ -58,7 +56,7 @@ module Omniauthable
      user = User.new(user_params_from_auth(email, auth))

      user.account.avatar_remote_url = auth.info.image if /\A#{URI::DEFAULT_PARSER.make_regexp(%w(http https))}\z/.match?(auth.info.image)
-      user.skip_confirmation!
+      user.skip_confirmation! if email_is_verified
      user.save!
      user
    end
@ -71,8 +69,8 @@ module Omniauthable
        agreement: true,
        external: true,
        account_attributes: {
-          username: ensure_unique_username(auth.uid),
-          display_name: auth.info.full_name || [auth.info.first_name, auth.info.last_name].join(' '),
+          username: ensure_unique_username(ensure_valid_username(auth.uid)),
+          display_name: auth.info.full_name || auth.info.name || [auth.info.first_name, auth.info.last_name].join(' '),
        },
      }
    end
@ -88,5 +86,12 @@ module Omniauthable

      username
    end
+
+    def ensure_valid_username(starting_username)
+      starting_username = starting_username.split('@')[0]
+      temp_username = starting_username.gsub(/[^a-z0-9_]+/i, '')
+      validated_username = temp_username.truncate(30, omission: '')
+      validated_username
+    end
  end
 end