app/controllers/concerns/session_methods.rb

   1 # frozen_string_literal: true
   2
   3 module SessionMethods
   4   extend ActiveSupport::Concern
   5
   6   private
   7
   8   ##
   9   # Read @preferred_auth_provider and @client_app_name from oauth2 authorization request's referer
  10   def parse_oauth_referer(referer)
  11     referer_query = URI(referer).query if referer
  12     return unless referer_query
  13
  14     ref_params = CGI.parse referer_query
  15     preferred = ref_params["preferred_auth_provider"].first
  16     @preferred_auth_provider = preferred if preferred && Settings.key?(:"#{preferred}_auth_id")
  17     @client_app_name = Oauth2Application.where(:uid => ref_params["client_id"].first).pick(:name)
  18   end
  19
  20   ##
  21   # return the URL to use for authentication
  22   def auth_url(provider, referer = nil)
  23     params = { :provider => provider }
  24
  25     if referer.nil?
  26       params[:origin] = request.path
  27     else
  28       params[:origin] = "#{request.path}?referer=#{CGI.escape(referer)}"
  29       params[:referer] = referer
  30     end
  31
  32     auth_path(params)
  33   end
  34
  35   ##
  36   # process a successful login
  37   def successful_login(user, referer = nil)
  38     session[:user] = user.id
  39     session[:fingerprint] = user.fingerprint
  40     session_expires_after 28.days if session[:remember_me]
  41
  42     cookies.delete :_osm_anonymous_notes_count
  43
  44     target = referer || url_for(:controller => :site, :action => :index)
  45
  46     # The user is logged in, so decide where to send them:
  47     #
  48     # - If they haven't seen the contributor terms, send them there.
  49     # - If they have a block on them, show them that.
  50     # - If they were referred to the login, send them back there.
  51     # - Otherwise, send them to the home page.
  52     if !user.terms_seen
  53       redirect_to account_terms_path(:referer => target)
  54     elsif user.blocked_on_view
  55       redirect_to user.blocked_on_view, :referer => target
  56     else
  57       redirect_to target
  58     end
  59
  60     session.delete(:remember_me)
  61   end
  62
  63   ##
  64   # process a failed login
  65   def failed_login(message, username, referer = nil)
  66     flash[:error] = message
  67
  68     redirect_to :controller => "sessions", :action => "new", :referer => referer,
  69                 :username => username, :remember_me => session[:remember_me]
  70
  71     session.delete(:remember_me)
  72   end
  73
  74   ##
  75   #
  76   def unconfirmed_login(user, referer = nil)
  77     session[:pending_user] = user.id
  78
  79     redirect_to :controller => "confirmations", :action => "confirm",
  80                 :display_name => user.display_name, :referer => referer
  81
  82     session.delete(:remember_me)
  83   end
  84 end