Showing posts with label omniauth. Show all posts
Showing posts with label omniauth. Show all posts

Monday, December 18, 2017

Login page is stuck in redirection loop after using omniauth . While it was working fine before

By Hường Hana 9:30 AM , , , Leave a Comment

I am working on a site that has two sides one for user and second for admin. I have used devise gem for authentication. Every thing was working fine but suddenly when I sign in to my admin account. The page is not working. I have recently worked on omniauth gem but I have not touched any previous code. I have tried to check the current_user but it is "nil". I think it is not getting user data in the application controller. Here is my code.

Application controller

class ApplicationController < ActionController::Base   add_flash_types :success, :warning, :danger, :info   protect_from_forgery prepend: true   before_filter :configure_permitted_parameters, if: :devise_controller?   layout :layout_by_resource   def current_user     @current_user ||= User.find(session[:user_id]) if session[:user_id]   end   helper_method :current_user    def logged_in_using_omniauth     session[:logged_in_using_omniauth].present?   end   helper_method :logged_in_using_omniauth    private    def layout_by_resource     if devise_controller?       "admin"     else       "application"     end   end    protected    def after_sign_in_path_for(resource)     if(resource.admin==false)       '/donations/donor_history'     else       '/admins/create_account' #your path     end   end    def after_sign_out_path_for(resource)     '/users/sign_in' #your path   end    def configure_permitted_parameters     devise_parameter_sanitizer.permit(:sign_up) do |user_params|       user_params.permit(:admin, :email, :password, :password_confirmation,:first_name,:last_name)     end     devise_parameter_sanitizer.permit(:account_update) do |user_params|       user_params.permit(:admin, :email, :password, :password_confirmation,:current_password,:first_name,:last_name)     end   end  end

The admin controller is 

class AdminsController < ApplicationController     before_action :set_admin, only: [:show, :edit, :update, :destroy, :social_media_sharing]     before_action :check_admin_level, only: [:donation_analysis]     helper_method :resource_name, :resource, :devise_mapping     before_filter :authenticate_user!     before_filter do         redirect_to new_user_session_path unless current_user && current_user.admin?     end     before_filter :index      COMMON_YEAR_DAYS_IN_MONTH = [nil, 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31]      layout "admin"     # GET /admins     # GET /admins.json     def resource_name         :admin     end      def resource         @resource ||= User.new     end      def devise_mapping         @devise_mapping ||= Devise.mappings[:admin]     end     -----------

user model is 

class User < ApplicationRecord   # Include default devise modules. Others available are:   devise :database_authenticatable, :registerable, :recoverable, :rememberable, :trackable, :validatable, :confirmable,     :omniauthable, :omniauth_providers => [:facebook,:twitter,:linkedin]   has_many :organizations_users   has_many :organizations, through: :organizations_users      def active_for_authentication?     # Uncomment the below debug statement to view the properties of the returned self model values.     super && self.active && self.exp_alert == false   end    def self.from_omniauth(auth)     user =  where(provider: auth.provider, uid: auth.uid).first_or_create do |user|       user.email = auth.info.email       user.password = Devise.friendly_token[0,20]       user.active = 'true'       user.admin=='false'       user.exp_alert == 'false'       user.skip_confirmation!     end     user   end    def self.new_with_session(params, session)     super.tap do |user|       if data = session["devise.facebook_data"] && session["devise.facebook_data"]["extra"]["raw_info"]         user.email = data["email"] if user.email.blank?       end     end   end    def self.find_or_create_from_auth_hash(auth_hash)     user = where(provider: auth_hash.provider, uid: auth_hash.uid).first_or_create do |user|       user.first_name =  auth_hash.info.nickname       user.active = 'true'       user.admin=='false'       user.exp_alert == 'false'       user.password = Devise.friendly_token[0,20]       user.token =  auth_hash.credentials.token       user.email =  "#{auth_hash.info.nickname}@test.com"       user.secret =  auth_hash.credentials.secret       user.skip_confirmation!     end     user   end    def self.linkedin_hash(auth_hash)     user = where(provider: auth_hash.provider, uid: auth_hash.uid).first_or_create do |user|       user.first_name =  auth_hash.info.first_name       user.last_name =  auth_hash.info.last_name       user.active = 'true'       user.admin=='false'       user.exp_alert == 'false'       user.password = Devise.friendly_token[0,20]       user.token =  auth_hash.credentials.token       user.email =  auth_hash.info.email       user.skip_confirmation!     end     user   end    def inactive_message     "Your Account has not been active yet."   end    def after_confirmation     super     self.update_attribute(:active, true)   end end

routes are 

Rails.application.routes.draw do    devise_for :users,  controllers: {confirmations: 'confirmations',registrations: 'users/registrations',omniauth_callbacks: 'users/omniauth_callbacks' } do     get "confirmation", to: "confirmations#after_confirmation_path_for"      delete 'sign_out', :to => 'devise/sessions#destroy', :as => :destroy_user_session   end    devise_for :models    get 'donations/donor_history/' => 'donations#donor_history'   get 'donations/donor_signup/' => 'donations#donor_signup'   post 'donations/donor_signup/' => 'donations#donor_signup'   post 'donations/sms_service/' => 'donations#sms_service'   post 'donations/create_user_account' => 'donations#create_user_account'   post 'donations/add_user_payroll' => 'donations#add_user_payroll'    resources :donations, except: [:new, :create]    resources :campaigns do     resources :donations, only: [:new, :create, :create_user_account]     get 'donations/create_user_account' => 'donations#create_user_account'   end   resources :organizations    post 'admins/social_sharing_switch/' => 'admins#social_sharing_switch'   get 'admins/error_detail/' => 'admins#error_detail'   get 'admins/generate_report/:id' => 'admins#generate_report'   get 'admins/create_company/' => 'admins#create_company'   post 'admins/create_company/' => 'admins#create_company'   get 'admins/revenue_detail/' => 'admins#revenue_detail'   get 'admins/create_account' => 'admins#create_account'   get 'admins/view_account' => 'admins#view_account'   get 'admins/view_company/:id' => 'admins#view_company'   constraints RouteConstraint.new do     get 'admins/donation_analysis' => 'admins#donation_analysis'   end    get 'admins/link_expiry' => 'admins#link_expiry'   get 'admins/edit_profile' => 'admins#edit_profile'   post 'admins/update_profile' => 'admins#update_profile'   match '/admins/create_account', to: 'admins#create_account', via: 'post'   match '/admins/:id', to: 'admins#destroy', via: 'get' , as: 'admin_destroy'    resources :admins    get 'crons/expirylink_alert' => 'crons#expirylink_alert'     devise_scope :user do     get '/users/sign_out' => 'devise/sessions#destroy'   end    def user_params   params.require(:user).permit(:name, :email, :password, :password_confirmation) end     root to: "campaigns#latest" end

Logs are 

Started GET "/admins/create_account" for 10.0.2.2 at 2017-12-02 15:13:38 +0000 Cannot render console from 10.0.2.2! Allowed networks: 127.0.0.1, ::1, 127.0.0.0/127.255.255.255 Processing by AdminsController#create_account as HTML   [1m[36mUser Load (1.1ms)[0m  [1m[34mSELECT  "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT $2[0m  [["id", 64810987], ["LIMIT", 1]] Redirected to http://localhost:8090/users/sign_in Filter chain halted as #<Proc:0x00000002223c68@/vagrant/donation-simple/app/controllers/admins_controller.rb:6> rendered or redirected Completed 302 Found in 4ms (ActiveRecord: 1.1ms)   Started GET "/users/sign_in" for 10.0.2.2 at 2017-12-02 15:13:38 +0000 Cannot render console from 10.0.2.2! Allowed networks: 127.0.0.1, ::1, 127.0.0.0/127.255.255.255 Processing by Devise::SessionsController#new as HTML   [1m[36mUser Load (0.8ms)[0m  [1m[34mSELECT  "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT $2[0m  [["id", 64810987], ["LIMIT", 1]] Redirected to http://localhost:8090/admins/create_account Filter chain halted as :require_no_authentication rendered or redirected Completed 302 Found in 4ms (ActiveRecord: 0.8ms)   Started GET "/admins/create_account" for 10.0.2.2 at 2017-12-02 15:13:38 +0000 Cannot render console from 10.0.2.2! Allowed networks: 127.0.0.1, ::1, 127.0.0.0/127.255.255.255 Processing by AdminsController#create_account as HTML   [1m[36mUser Load (0.8ms)[0m  [1m[34mSELECT  "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT $2[0m  [["id", 64810987], ["LIMIT", 1]] Redirected to http://localhost:8090/users/sign_in Filter chain halted as #<Proc:0x00000002223c68@/vagrant/donation-simple/app/controllers/admins_controller.rb:6> rendered or redirected Completed 302 Found in 4ms (ActiveRecord: 0.8ms)   Started GET "/users/sign_in" for 10.0.2.2 at 2017-12-02 15:13:39 +0000 Cannot render console from 10.0.2.2! Allowed networks: 127.0.0.1, ::1, 127.0.0.0/127.255.255.255 Processing by Devise::SessionsController#new as HTML   [1m[36mUser Load (1.0ms)[0m  [1m[34mSELECT  "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT $2[0m  [["id", 64810987], ["LIMIT", 1]] Redirected to http://localhost:8090/admins/create_account Filter chain halted as :require_no_authentication rendered or redirected Completed 302 Found in 4ms (ActiveRecord: 1.0ms)   Started GET "/admins/create_account" for 10.0.2.2 at 2017-12-02 15:13:39 +0000 Cannot render console from 10.0.2.2! Allowed networks: 127.0.0.1, ::1, 127.0.0.0/127.255.255.255 Processing by AdminsController#create_account as HTML   [1m[36mUser Load (1.1ms)[0m  [1m[34mSELECT  "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT $2[0m  [["id", 64810987], ["LIMIT", 1]] Redirected to http://localhost:8090/users/sign_in Filter chain halted as #<Proc:0x00000002223c68@/vagrant/donation-simple/app/controllers/admins_controller.rb:6> rendered or redirected Completed 302 Found in 5ms (ActiveRecord: 1.1ms)   Started GET "/users/sign_in" for 10.0.2.2 at 2017-12-02 15:13:39 +0000 Cannot render console from 10.0.2.2! Allowed networks: 127.0.0.1, ::1, 127.0.0.0/127.255.255.255 Processing by Devise::SessionsController#new as HTML   [1m[36mUser Load (0.8ms)[0m  [1m[34mSELECT  "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT $2[0m  [["id", 64810987], ["LIMIT", 1]] Redirected to http://localhost:8090/admins/create_account Filter chain halted as :require_no_authentication rendered or redirected Completed 302 Found in 4ms (ActiveRecord: 0.8ms)   Started GET "/admins/create_account" for 10.0.2.2 at 2017-12-02 15:13:39 +0000 Cannot render console from 10.0.2.2! Allowed networks: 127.0.0.1, ::1, 127.0.0.0/127.255.255.255 Processing by AdminsController#create_account as HTML   [1m[36mUser Load (0.7ms)[0m  [1m[34mSELECT  "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT $2[0m  [["id", 64810987], ["LIMIT", 1]] Redirected to http://localhost:8090/users/sign_in Filter chain halted as #<Proc:0x00000002223c68@/vagrant/donation-simple/app/controllers/admins_controller.rb:6> rendered or redirected Completed 302 Found in 3ms (ActiveRecord: 0.7ms)   Started GET "/users/sign_in" for 10.0.2.2 at 2017-12-02 15:13:39 +0000 Cannot render console from 10.0.2.2! Allowed networks: 127.0.0.1, ::1, 127.0.0.0/127.255.255.255 Processing by Devise::SessionsController#new as HTML   [1m[36mUser Load (0.7ms)[0m  [1m[34mSELECT  "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT $2[0m  [["id", 64810987], ["LIMIT", 1]] Redirected to http://localhost:8090/admins/create_account Filter chain halted as :require_no_authentication rendered or redirected Completed 302 Found in 3ms (ActiveRecord: 0.7ms)   Started GET "/admins/create_account" for 10.0.2.2 at 2017-12-02 15:13:39 +0000 Cannot render console from 10.0.2.2! Allowed networks: 127.0.0.1, ::1, 127.0.0.0/127.255.255.255 Processing by AdminsController#create_account as HTML   [1m[36mUser Load (0.9ms)[0m  [1m[34mSELECT  "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT $2[0m  [["id", 64810987], ["LIMIT", 1]] Redirected to http://localhost:8090/users/sign_in Filter chain halted as #<Proc:0x00000002223c68@/vagrant/donation-simple/app/controllers/admins_controller.rb:6> rendered or redirected Completed 302 Found in 4ms (ActiveRecord: 0.9ms)   Started GET "/users/sign_in" for 10.0.2.2 at 2017-12-02 15:13:39 +0000 Cannot render console from 10.0.2.2! Allowed networks: 127.0.0.1, ::1, 127.0.0.0/127.255.255.255 Processing by Devise::SessionsController#new as HTML   [1m[36mUser Load (1.0ms)[0m  [1m[34mSELECT  "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT $2[0m  [["id", 64810987], ["LIMIT", 1]] Redirected to http://localhost:8090/admins/create_account Filter chain halted as :require_no_authentication rendered or redirected Completed 302 Found in 4ms (ActiveRecord: 1.0ms)   Started GET "/admins/create_account" for 10.0.2.2 at 2017-12-02 15:13:39 +0000 Cannot render console from 10.0.2.2! Allowed networks: 127.0.0.1, ::1, 127.0.0.0/127.255.255.255 Processing by AdminsController#create_account as HTML   [1m[36mUser Load (0.7ms)[0m  [1m[34mSELECT  "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT $2[0m  [["id", 64810987], ["LIMIT", 1]] Redirected to http://localhost:8090/users/sign_in Filter chain halted as #<Proc:0x00000002223c68@/vagrant/donation-simple/app/controllers/admins_controller.rb:6> rendered or redirected Completed 302 Found in 4ms (ActiveRecord: 0.7ms)   Started GET "/users/sign_in" for 10.0.2.2 at 2017-12-02 15:13:39 +0000 Cannot render console from 10.0.2.2! Allowed networks: 127.0.0.1, ::1, 127.0.0.0/127.255.255.255 Processing by Devise::SessionsController#new as HTML   [1m[36mUser Load (1.0ms)[0m  [1m[34mSELECT  "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT $2[0m  [["id", 64810987], ["LIMIT", 1]] Redirected to http://localhost:8090/admins/create_account Filter chain halted as :require_no_authentication rendered or redirected Completed 302 Found in 4ms (ActiveRecord: 1.0ms)   Started GET "/admins/create_account" for 10.0.2.2 at 2017-12-02 15:13:39 +0000 Cannot render console from 10.0.2.2! Allowed networks: 127.0.0.1, ::1, 127.0.0.0/127.255.255.255 Processing by AdminsController#create_account as HTML   [1m[36mUser Load (0.8ms)[0m  [1m[34mSELECT  "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT $2[0m  [["id", 64810987], ["LIMIT", 1]] Redirected to http://localhost:8090/users/sign_in Filter chain halted as #<Proc:0x00000002223c68@/vagrant/donation-simple/app/controllers/admins_controller.rb:6> rendered or redirected Completed 302 Found in 4ms (ActiveRecord: 0.8ms)   Started GET "/users/sign_in" for 10.0.2.2 at 2017-12-02 15:13:39 +0000 Cannot render console from 10.0.2.2! Allowed networks: 127.0.0.1, ::1, 127.0.0.0/127.255.255.255 Processing by Devise::SessionsController#new as HTML   [1m[36mUser Load (0.7ms)[0m  [1m[34mSELECT  "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT $2[0m  [["id", 64810987], ["LIMIT", 1]] Redirected to http://localhost:8090/admins/create_account Filter chain halted as :require_no_authentication rendered or redirected Completed 302 Found in 4ms (ActiveRecord: 0.7ms)   Started GET "/admins/create_account" for 10.0.2.2 at 2017-12-02 15:13:40 +0000 Cannot render console from 10.0.2.2! Allowed networks: 127.0.0.1, ::1, 127.0.0.0/127.255.255.255 Processing by AdminsController#create_account as HTML   [1m[36mUser Load (0.7ms)[0m  [1m[34mSELECT  "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT $2[0m  [["id", 64810987], ["LIMIT", 1]] Redirected to http://localhost:8090/users/sign_in Filter chain halted as #<Proc:0x00000002223c68@/vagrant/donation-simple/app/controllers/admins_controller.rb:6> rendered or redirected Completed 302 Found in 3ms (ActiveRecord: 0.7ms)   Started GET "/users/sign_in" for 10.0.2.2 at 2017-12-02 15:13:40 +0000 Cannot render console from 10.0.2.2! Allowed networks: 127.0.0.1, ::1, 127.0.0.0/127.255.255.255 Processing by Devise::SessionsController#new as HTML   [1m[36mUser Load (0.7ms)[0m  [1m[34mSELECT  "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT $2[0m  [["id", 64810987], ["LIMIT", 1]] Redirected to http://localhost:8090/admins/create_account Filter chain halted as :require_no_authentication rendered or redirected Completed 302 Found in 3ms (ActiveRecord: 0.7ms)   Started GET "/admins/create_account" for 10.0.2.2 at 2017-12-02 15:13:40 +0000 Cannot render console from 10.0.2.2! Allowed networks: 127.0.0.1, ::1, 127.0.0.0/127.255.255.255 Processing by AdminsController#create_account as HTML   [1m[36mUser Load (0.8ms)[0m  [1m[34mSELECT  "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT $2[0m  [["id", 64810987], ["LIMIT", 1]] Redirected to http://localhost:8090/users/sign_in Filter chain halted as #<Proc:0x00000002223c68@/vagrant/donation-simple/app/controllers/admins_controller.rb:6> rendered or redirected Completed 302 Found in 4ms (ActiveRecord: 0.8ms)   Started GET "/users/sign_in" for 10.0.2.2 at 2017-12-02 15:13:40 +0000 Cannot render console from 10.0.2.2! Allowed networks: 127.0.0.1, ::1, 127.0.0.0/127.255.255.255 Processing by Devise::SessionsController#new as HTML   [1m[36mUser Load (1.4ms)[0m  [1m[34mSELECT  "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT $2[0m  [["id", 64810987], ["LIMIT", 1]] Redirected to http://localhost:8090/admins/create_account Filter chain halted as :require_no_authentication rendered or redirected Completed 302 Found in 5ms (ActiveRecord: 1.4ms)   Started GET "/admins/create_account" for 10.0.2.2 at 2017-12-02 15:13:40 +0000 Cannot render console from 10.0.2.2! Allowed networks: 127.0.0.1, ::1, 127.0.0.0/127.255.255.255 Processing by AdminsController#create_account as HTML   [1m[36mUser Load (1.6ms)[0m  [1m[34mSELECT  "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT $2[0m  [["id", 64810987], ["LIMIT", 1]] Redirected to http://localhost:8090/users/sign_in Filter chain halted as #<Proc:0x00000002223c68@/vagrant/donation-simple/app/controllers/admins_controller.rb:6> rendered or redirected Completed 302 Found in 6ms (ActiveRecord: 1.6ms)   Started GET "/users/sign_in" for 10.0.2.2 at 2017-12-02 15:13:40 +0000 Cannot render console from 10.0.2.2! Allowed networks: 127.0.0.1, ::1, 127.0.0.0/127.255.255.255 Processing by Devise::SessionsController#new as HTML   [1m[36mUser Load (1.1ms)[0m  [1m[34mSELECT  "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT $2[0m  [["id", 64810987], ["LIMIT", 1]] Redirected to http://localhost:8090/admins/create_account Filter chain halted as :require_no_authentication rendered or redirected Completed 302 Found in 5ms (ActiveRecord: 1.1ms)   Started GET "/admins/create_account" for 10.0.2.2 at 2017-12-02 15:13:40 +0000 Cannot render console from 10.0.2.2! Allowed networks: 127.0.0.1, ::1, 127.0.0.0/127.255.255.255 Processing by AdminsController#create_account as HTML   [1m[36mUser Load (0.8ms)[0m  [1m[34mSELECT  "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT $2[0m  [["id", 64810987], ["LIMIT", 1]] Redirected to http://localhost:8090/users/sign_in Filter chain halted as #<Proc:0x00000002223c68@/vagrant/donation-simple/app/controllers/admins_controller.rb:6> rendered or redirected Completed 302 Found in 4ms (ActiveRecord: 0.8ms)

enter image description here

1 Answers

Answers 1

I have solved it my self and now I am sharing this Answer so that it may help anyone else in the future.

The problem was the current_user variable which was overriding in the application controller.

def current_user  @current_user ||= User.find(session[:user_id]) if session[:user_id] end

Devise set the current_user variable itself and this code was overriding the current_user variable. The strange thing is that the same code was working before without any problem. I think devise has updated. However after comment the above code every thing is working fine.

Read More

Wednesday, October 11, 2017

Configuring GitLab to use SAML OmniAuth with an Active Directory IdP

By Hường Hana 9:00 AM , , , Leave a Comment

I am in the process of altering an existing GitLab installation to use SAML rather than LDAP for authentication.

At this point, users can successfully sign into the Web application using the 'Sign in with Saml' button. I am unclear, however, about what seems to be a difference between the LDAP and SAML approaches: users with accounts created via an LDAP sign-in can then access Git repositories (e.g. using clone, push, ...) using their LDAP usernames and passwords, but users with accounts created via a SAML sign-in cannot.

Through experimentation, I’ve found that users can access the Git repositories if they use the GitLab UI to set a separate GitLab account password on the account that is created during the initial SAML interaction. I was pointed in this direction by a GitLab message that appeared after creating a project under one of the new user accounts: 'You won't be able to pull or push project code via HTTPS until you set a password on your account'.

It seems possible that this separate password configuration is only necessary because I’ve misconfigured the SAML integration somehow. So, my question is whether I am wrong to expect that authenticating access to the GitLab-hosted Git repositories would work the same regardless of whether SAML or LDAP is used? If not, does anyone know of relevant SAML configuration settings that I should review?

In case it’s of interest: I have posted a similar question to the GitLab Google group, but I have not received any responses there yet.

0 Answers

Read More

Wednesday, October 4, 2017

Setting up SAML callback in Rails using Devise and OmniAuth-SAML

By Hường Hana 1:30 PM , , , , Leave a Comment

EDIT: Additional info and condensed question near the bottom ;)

I'm setting up integration between a small app I'm making and an identity provider using SAML2.0.

In general, I've been following the instructions on the Devise page, and then on the Omniauth-SAML docs.

The issue seems currently to be that no callback path has been generated. Here's the relevant code bits below; feel free to request additional information.

app/models/user.rb

class User < ActiveRecord::Base   devise :omniauthable, omniauth_providers: [:saml]    def from_omniauth(auth_hash)     puts auth_hash     new  # Stub for now I guess?   end end

app/controllers/omniauth_callbacks_controller.rb

class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController   def saml     @user = User.from_omniauth request.env['omniauth.auth']     if @user.persisted?       sign_in_and_redirect @user, event: :authentication       set_flash_message(:notice, :success, kind: 'SAML') if is_navicational_format?     else       session['devise.saml_data'] = request.env['omniauth.auth']       redirect_to permission_denied # this isn't going to work lol     end   end    def failure     redirect_to root_path   end end

A truncated & sanitized chunk from config/initializers/devise.rb

  config.omniauth :saml,                   idp_cert_fingerprint: 'aa:bb:cc...', # an actual fingerprint here                    idp_sso_target_url: 'https://sso.bla.thing.com/fss/idp/startSSO.ping?PartnerSpId=SAML_UID',                   issuer: 'myidpname',  # Not actually sure what this should be                   idp_entity_id: 'thingfssdp',                   assertion_consumer_service_url: 'https://myapp.com/auth/saml/callback',                   name_identifier_format: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'

According to the docs here and here, adding more than the above (that is, putting the additional requirements into config/initializers/omniauth.rb) would be incorrect.

My controllers have before_action :authenticate_user! as their first line.

config/routes.rb has the following line at the top: 

Rails.application.routes.draw do   devise_for :users, controllers: { omniauth_callbacks: 'users/omniauth_callbacks' }

But it's possibly important to note that I haven't manually added any logic for callback handling yet

Attempting to visit my app yields an ERR_TOO_MANY_REDIRECTS; quite a few 302s all apparently pointing back to itself. Doing a GET /auth/saml/callback yields the following helpful error (not sure how or why /users/ gets prepended there; do I need to request a change in ACS URL or is this something I have control of?):

rails_error_message

Any insight or assistance would be much appreciated.

EDIT: It looks as though the issue is that user_saml_omniauth_authorize_path is being set to /users/auth/saml -- and not directly the IDP signin page. I have no explicit controller for this route, but apparently requiring signin for OTHER controllers means I am requiring signin for this one. The end result is that, as some have suggested, we get an infinite redirect loop.

1 Answers

Answers 1

About the redirect loop: Since you have before_action :authenticate_user! it leads any unauthenticated request to users sign in page. My guess is that you also have the same callback on your sign in page. Thus on every redirect to /sign_in rails puts it through this authenticate_user! and redirects it again since user is not authenticated. For it to work correctly you have to skip_before_action :authenticate_user! in the controller where you have the sign on (SessionsController I presume).

As for your second question - the correct authorization route. the answer is in the screenshot you presented, below the error. You can see there that the correct path is /users/auth/saml and users/auth/saml/callback

UPDATE: users gets prepended by default from Devise (using your devisable model name)

Read More

Friday, August 18, 2017

OAuth2::Error, invalid_request: redirect_uri does not match application configuration

By Hường Hana 7:00 PM , , , , Leave a Comment

I'm working on a rails app that authenticates using Bungie OAuth using this gem. My configurations in initializers/devise.rb are as follows:

config.omniauth :bungie, ENV['CLIENT_ID'], ENV['CLIENT_SECRET'], ENV['X_API_KEY'], ENV['REDIRECT_URL']

Bungie's developer portal requires a redirect URL with HTTPS, so I've pushed my application to Heroku and used a redirect to force authentication back to localhost for testing. Using this method, everything works fine. However, when I push the app to production, the response back to my application from Bungie fails with OAuth2::Error, invalid_request: redirect_uri does not match application configuration. The redirect_url is the exact same thing in both my application's env variables and on Bungie's development portal.

Seeing as it's in production, I'm limited to the logs that I can see. I've tried tracking the requests in the network tab of the dev tools in my browser, but everything looks as it should.

I've tried working with the developer of the bungie-oauth2 gem, but we have not been able to come to a resolution (and his prod apps work fine with it).

Is there anything that might cause the redirect_url to differ once in Heroku?

As requested, here is my route for omniauth:

devise_for :users, :controllers => { :omniauth_callbacks => "users/omniauth_callbacks" }

Output from rake routes:

 users_sign_out GET      /users/sign_out(.:format)             devise/sessions#destroy           new_user_session GET      /users/sign_in(.:format)              devise/sessions#new               user_session POST     /users/sign_in(.:format)              devise/sessions#create       destroy_user_session DELETE   /users/sign_out(.:format)             devise/sessions#destroy user_bungie_omniauth_authorize GET|POST /users/auth/bungie(.:format)          users/omniauth_callbacks#passthru user_bungie_omniauth_callback GET|POST /users/auth/bungie/callback(.:format) users/omniauth_callbacks#bungie          new_user_password GET      /users/password/new(.:format)         devise/passwords#new         edit_user_password GET      /users/password/edit(.:format)        devise/passwords#edit              user_password PATCH    /users/password(.:format)             devise/passwords#update                            PUT      /users/password(.:format)             devise/passwords#update                            POST     /users/password(.:format)             devise/passwords#create   cancel_user_registration GET      /users/cancel(.:format)               devise/registrations#cancel      new_user_registration GET      /users/sign_up(.:format)              devise/registrations#new     edit_user_registration GET      /users/edit(.:format)                 devise/registrations#edit          user_registration PATCH    /users(.:format)                      devise/registrations#update                            PUT      /users(.:format)                      devise/registrations#update                            DELETE   /users(.:format)                      devise/registrations#destroy                            POST     /users(.:format)                      devise/registrations#create

and my controller:

def bungie   @user = User.from_omniauth(request.env["omniauth.auth"])    if @user.persisted?     @user.remember_me = true     sign_in_and_redirect @user, :event => :authentication   else     session["devise.bungie_data"] = request.env["omniauth.auth"]     redirect_to root_path   end end

Full source can be found at https://github.com/destiny-aviato/destinder.

2 Answers

Answers 1

Encoding of redirect_uri param in your auth request to bungie jumps out:

https%25253A%25252F%25252Fdestinder.herokuapp.com%25252Fusers%25252Fauth%25252Fbungie%25252Fcallback

To read it in plain, I had to decode it thrice. Normally params are encoded just once

URI.decode(URI.decode(URI.decode("https%25253A%25252F%25252Fdestinder.herokuapp.com%25252Fusers%25252Fauth%25252Fbungie%25252Fcallback")))

Not sure if this is what causing the issue. Can you check how many times request_uri gets encoded when you hit it from local. If it's less than 3, then during heroku deployment your request_uri gets encoded one extra time.

To get request_uri for local, logout from bungie, click on "Sign in with bungie" on your local. The url in browser would have request_uri.

Answers 2

replace redirect url of your Heroku application in credential

Read More

Friday, May 5, 2017

Can't retrieve access_token, refresh_token from Omniauth authentication strategy with Devise, Rails 4

By Hường Hana 10:00 AM , , , , Leave a Comment

I am using such gems:

gem "omniauth-yandex" gem 'devise'

My setup.

Routes:

 devise_for :users, :controllers => { :omniauth_callbacks => "callbacks" }

Devise initializer:

config.omniauth :yandex, Rails.application.secrets.client_id , Rails.application.secrets.password, callback_url: "http://cb2bcdc4.ngrok.io/users/auth/yandex/callback"

User model:

devise :database_authenticatable, :registerable,          :recoverable, :rememberable, :trackable, :validatable, :omniauthable, :omniauth_providers => [:yandex]      def self.from_omniauth(auth)         where(provider: auth.provider, uid: auth.uid).first_or_create do |user|         user.provider = auth.provider         user.uid = auth.uid         user.email =  auth.info.email         user.password = Devise.friendly_token[0,20]       end    end

CallbackController:

class CallbacksController < Devise::OmniauthCallbacksController              def yandex        #empty     end end

View:

  <%= link_to "Sign in with Yandex", user_yandex_omniauth_authorize_path, id: "sign_in" %>

When I click "Sign in with Yandex" my application prompts for user permission and then redirects back to my application. User is created in my database with such fields-- e-mail,provider, uid. But I would like to have also access_token, refresh_token and expires_at because I am using few Yandex API's.

When I httlog'ed above action (From clicking "Sign in .." to the redirect back to my application) I received these results:

D, [2017-04-26T19:17:42.091838 #24865] DEBUG -- : [0;30;101m[httplog] Connecting: oauth.yandex.ru:443[0m D, [2017-04-26T19:17:42.266645 #24865] DEBUG -- : [0;30;101m[httplog] Sending: POST http://oauth.yandex.ru:443/token[0m D, [2017-04-26T19:17:42.267040 #24865] DEBUG -- : [0;30;101m[httplog] Data: client_id=097253682f9f41289ec5exxxxxxx&client_secret=xxxxxxdb4fxx0eadcbb8a4143&code=xxxxx327&grant_type=authorization_code&redirect_uri=http%3A%2F%2Fcb2bcdc4.ngrok.io%2Fusers%2Fauth%2Fyandex%2Fcallback%3Fstate%xxxxxxxxxxx%26code%xxxx[0m D, [2017-04-26T19:17:42.410712 #24865] DEBUG -- : [0;30;101m[httplog] Status: 200[0m D, [2017-04-26T19:17:42.410945 #24865] DEBUG -- : [0;30;101m[httplog] Benchmark: 0.143445 seconds[0m D, [2017-04-26T19:17:42.411168 #24865] DEBUG -- : [0;30;101m[httplog] Response: {"token_type": "bearer", "access_token": "xxxxxxxxuyBwtcyAFjkBZo3F3MCiIaTI", "expires_in": 31528753, "refresh_token": "xxxxxxxxxxxClSH:Pts0u-Mfls-vdEc7-zTOod9ZWzegNFRxxxxxxxxxxxxxKHpwsqBFUHHKtg"}[0m D, [2017-04-26T19:17:42.414748 #24865] DEBUG -- : [0;30;101m[httplog] Connecting: login.yandex.ru:443[0m D, [2017-04-26T19:17:42.609376 #24865] DEBUG -- : [0;30;101m[httplog] Sending: GET http://login.yandex.ru:443/info?format=json[0m D, [2017-04-26T19:17:42.609720 #24865] DEBUG -- : [0;30;101m[httplog] Data: [0m D, [2017-04-26T19:17:42.675702 #24865] DEBUG -- : [0;30;101m[httplog] Status: 200[0m D, [2017-04-26T19:17:42.675972 #24865] DEBUG -- : [0;30;101m[httplog] Benchmark: 0.065791 seconds[0m D, [2017-04-26T19:17:42.676211 #24865] DEBUG -- : [0;30;101m[httplog] Response: {"first_name": "xxxxxxxxxxx9", "last_name": "xxxxxxxxxxxxxxx", "display_name": "xxxxx", "emails": ["xxxxxx@yandex.ru"], "default_email": "xxxxx@yandex.ru", "real_name": "xxxxxx2", "login": "xxxxxxx", "sex": "male", "id": "xxxx123"}[0m

Question: How can I save access_token, refresh token from Omniauth authentication process to user as it is clearly visible (7th line ) that it does retrieve it using my client_id and secret without any of my code.

Thanks.

What I have tried:

Added user.access_token = auth.credentials.token to self.from_omniauth(auth) method in user model. But there wasn't any positive change.

UPDATE:

The same problem exists on different platforms. For example, on shared hosting and in Linux Ubuntu (completely fresh project from scratch).

1 Answers

Answers 1

The access token is provided by the yandex gem, or to be more specific, the omniauth-oauth2 gem.

Just get inside your controller by doing: request.env["omniauth.auth"].credentials.token

Boom. That's your access token. (refresh token and expiry data is also in the credentials hash, just print it out)

Read More

Friday, April 22, 2016

Rails 4 - Devise Omniauth and allowing a single user to authenticate with multiple social media strategies

By Hường Hana 12:00 AM , , , , Leave a Comment

I am trying to make an app with Rails 4.

I have been trying (for 3+ years) to figure out how to get Devise and Omniauth to works, so that users can add multiple social media accounts to their user profile.

I've read all of the devise and omniauth documentation. The best I can get to with those docs is to add 1 single social media account. That's not what I want.

I've tried this site point tutorial sitepoint.com/rails-authentication-oauth-2-0-omniauth

I've tried this willschenck tutorial http://willschenk.com/setting-up-devise-with-twitter-and-facebook-and-other-omniauth-schemes-without-email-addresses/

I've tried this jorge.caballeromurillo tutorial: http://jorge.caballeromurillo.com/multiple-omniauth-providers-for-same-user-on-ruby-on-rails/

I've also tried this sourcey tutorial: http://sourcey.com/rails-4-omniauth-using-devise-with-twitter-facebook-and-linkedin/

I've pledged thousands of points in bounties on SO in trying to find help with this problem - but not yet figured it out. I've been to every rails meetup in my area for the last 3 years and wasted $$$ on codementor in trying to find help. Enough time has passed since the most recent frustrating attempt to be ready to give it another go. Please help.

Here's what I have so far:

User.rb

devise :database_authenticatable, :registerable,          :recoverable, :rememberable, :trackable,           :confirmable, :lockable,          # :zxcvbnable,          :omniauthable, :omniauth_providers => [:facebook, :linkedin, :twitter, :google_oauth2 ]  has_many :identities, dependent: :destroy  def self.find_for_oauth(auth, signed_in_resource = nil)     # Get the identity and user if they exist     identity = Identity.find_for_oauth(auth)      # If a signed_in_resource is provided it always overrides the existing user     # to prevent the identity being locked with accidentally created accounts.     # Note that this may leave zombie accounts (with no associated identity) which     # can be cleaned up at a later date.     user = signed_in_resource ? signed_in_resource : identity.user      # p '11111'      # Create the user if needed     if user.nil?       # p 22222       # Get the existing user by email if the provider gives us a verified email.       # If no verified email was provided we assign a temporary email and ask the       # user to verify it on the next step via UsersController.finish_signup       email_is_verified = auth.info.email && (auth.info.verified || auth.info.verified_email)       email = auth.info.email if email_is_verified # take out this if stmt for chin yi's solution       user = User.where(:email => email).first if email        # Create the user if it's a new registration       if user.nil?         # p 33333         user = User.new(           # at least one problem with this is that each provider uses different terms to desribe first name/last name/email. See notes on linkedin above           first_name: auth.info.first_name,           last_name: auth.info.last_name,           email: email ? email : "#{TEMP_EMAIL_PREFIX}-#{auth.uid}-#{auth.provider}.com",           #username: auth.info.nickname || auth.uid,           password: Devise.friendly_token[0,20]) # fallback for name fields - add nickname to user table         # debugger          # if email_is_verified            user.skip_confirmation!         # end         # user.skip_confirmation!           user.save!       end     end      # Associate the identity with the user if needed     if identity.user != user       identity.user = user       identity.save!     end     user   end    def email_verified?     self.email && TEMP_EMAIL_REGEX !~ self.email   end

Identity.rb

belongs_to :user   validates_presence_of :uid, :provider   validates_uniqueness_of :uid, :scope => :provider  def self.find_for_oauth(auth)     find_or_create_by(uid: auth.uid, provider: auth.provider)   end

Users controller:

class UsersController < ApplicationController  before_action :set_user, only: [ :show, :edit, :update, :finish_signup, :destroy]    def index     # if params[:approved] == "false"     #   @users = User.find_all_by_approved(false)     # else       @users = User.all       authorize @users       # end    end    # GET /users/:id.:format   def show     # authorize! :read, @user   end    # GET /users/:id/edit   def edit     # authorize! :update, @user     authorize @user   end     # PATCH/PUT /users/:id.:format   def update     # authorize! :update, @user     respond_to do |format|       authorize @user       if @user.update(user_params)         sign_in(@user == current_user ? @user : current_user, :bypass => true)         # I'm trying to get the user matched to an organisation after the email address (in finish sign up) updates the user model.         UserOrganisationMapperService.call(@user)          format.html { redirect_to @user }#, notice: 'Your profile was successfully updated.' }         format.json { head :no_content }       else         format.html { render action: 'edit' }         format.json { render json: @user.errors, status: :unprocessable_entity }       end     end   end    # GET/PATCH /users/:id/finish_signup   def finish_signup     # authorize! :update, @user       if request.patch? && params[:user] #&& params[:user][:email]       if @user.update(user_params)         @user.skip_reconfirmation!         # @user.confirm!          sign_in(@user, :bypass => true)          redirect_to root_path#, notice: 'Your profile was successfully updated.'         # redirect_to [@user, @user.profile || @user.build_profile]         # sign_in_and_redirect(@user, :bypass => true)       else         @show_errors = true       end     end   end    # DELETE /users/:id.:format   def destroy     # authorize! :delete, @user     @user.destroy     authorize @user     respond_to do |format|       format.html { redirect_to root_url }       format.json { head :no_content }     end   end    private     def set_user       @user = User.find(params[:id])       authorize @user     end      def user_params       # params.require(:user).permit(policy(@user).permitted_attributes)       accessible = [ :first_name, :last_name, :email, :avatar, {role_ids: []} ] # extend with your own params       accessible << [ :password, :password_confirmation ] unless params[:user][:password].blank?       # accessible << [:approved] if user.admin       params.require(:user).permit(accessible)     end  end

Identities controller

class IdentitiesController < ApplicationController   before_action :set_identity, only: [:show, :edit, :update, :destroy]   before_action :authenticate_user!    # GET /identities   # GET /identities.json   def index     @identities = Identity.all   end    # GET /identities/1   # GET /identities/1.json   def show   end    # GET /identities/new   def new     @identity = Identity.new   end    # GET /identities/1/edit   def edit   end    # POST /identities   # POST /identities.json   def create      @identity = Identity.new(identity_params)      respond_to do |format|       if @identity.save         format.html { redirect_to @identity, notice: 'Identity was successfully created.' }         format.json { render :show, status: :created, location: @identity }       else         format.html { render :new }         format.json { render json: @identity.errors, status: :unprocessable_entity }       end     end   end    # PATCH/PUT /identities/1   # PATCH/PUT /identities/1.json

create alternative that I have also tried

def create   auth = request.env['omniauth.auth']   # Find an identity here   @identity = Identity.find_with_omniauth(auth)    if @identity.nil?     # If no identity was found, create a brand new one here     @identity = Identity.create_with_omniauth(auth)   end    if signed_in?     if @identity.user == current_user       # User is signed in so they are trying to link an identity with their       # account. But we found the identity and the user associated with it        # is the current user. So the identity is already associated with        # this user. So let's display an error message.       redirect_to root_url, notice: "Already linked that account!"     else       # The identity is not associated with the current_user so lets        # associate the identity       @identity.user = current_user       @identity.save       redirect_to root_url, notice: "Successfully linked that account!"     end   else     if @identity.user.present?       # The identity we found had a user associated with it so let's        # just log them in here       self.current_user = @identity.user       redirect_to root_url, notice: "Signed in!"     else       # No user associated with the identity so we need to create a new one       redirect_to new_registration_path, notice: "Please finish registering"     end   end end  def update      respond_to do |format|       if @identity.update(identity_params)         format.html { redirect_to @identity, notice: 'Identity was successfully updated.' }         format.json { render :show, status: :ok, location: @identity }       else         format.html { render :edit }         format.json { render json: @identity.errors, status: :unprocessable_entity }       end     end   end    # DELETE /identities/1   # DELETE /identities/1.json   def destroy     @identity.destroy     respond_to do |format|       format.html { redirect_to identities_url, notice: 'Identity was successfully destroyed.' }       format.json { head :no_content }     end   end    private     # Use callbacks to share common setup or constraints between actions.     def set_identity       @identity = Identity.find(params[:id])     end      # Never trust parameters from the scary internet, only allow the white list through.     def identity_params       params[:identity]     end end

registrations controller

class Users::RegistrationsController < Devise::RegistrationsController    before_action :configure_permitted_parameters, if: :devise_controller?    def create     super do |resource|       UserOrganisationMapperService.call(resource)     end   end       protected    def configure_permitted_parameters     devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:email, :password, :first_name, :last_name) }   end     private  end

omniauth callbacks controller

class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController   #sourcey tutorial ------------------    def self.provides_callback_for(provider)     class_eval %Q{       def #{provider}         @user = User.find_for_oauth(env["omniauth.auth"], current_user)           if @user.persisted?           sign_in_and_redirect @user,  event: :authentication           else           session["devise.#{provider}_data"] = env["omniauth.auth"]           redirect_to new_user_registration_url         end       end     }   end     [:twitter, :facebook, :linkedin, :google_oauth2].each do |provider|     provides_callback_for provider   end    end

users/finish sign up view

 <div class="container-fluid">    <div class="row">     <div class="col-xs-8 col-xs-offset-2">      <h1 class="formheader">Complete your registration</h1>          <%= form_for(current_user, :as => 'user', :url => finish_signup_path(current_user), :html => { role: 'form'}) do |f| %>         <% if @show_errors && current_user.errors.any? %>            <div id="error_explanation">           <% current_user.errors.full_messages.each do |msg| %>             <%= msg %><br>           <% end %>           </div>         <% end %>      <div class="form-group">       <!--  f.label :false  -->       <div class="controls">          <% if current_user.first_name.blank? %>               <%= f.text_field :first_name,  :value => '', class: 'form-control input-lg', placeholder: 'First name' %>             <p class="help-block">Hi there, what is your first name?.</p>         <% end %>          <% if current_user.last_name.blank? %>               <%= f.text_field :last_name,  :value => '', class: 'form-control input-lg', placeholder: 'Last name (surname)' %>             <p class="help-block">Add your last name</p>         <% end %>               <% if !current_user.email_verified? %>            <%= f.text_field :email,  :value => '', class: 'form-control input-lg', placeholder: 'Example: email@me.com -- use your primary work or university address' %>            <p class="help-block">Please confirm your email address. No spam.</p>         <% end %>            </div>     </div>     <div class="actions">       <%= f.submit 'Continue', :class => 'btn btn-primary' %>     </div>     <% end %>     </div>   </div> </div>

users/authentications view

<div class="container-fluid">    <div class="row">         <div class="col-xs-8 col-xs-offset-2">             <div class="table-responsive" style="margin-left:30px; margin-top:15px">                 <table class="table table-bordered">                      <tr>                       <td><i class="fa fa-facebook"></i></td>                          <td>                          <% if @user.identities.map(&:provider).include?('facebook') %>                             <span class="glyphicon glyphicon-ok"</span>                         <% else %>                               <%= link_to icon('Connect Facebook', id: 'facebookauth'), user_omniauth_authorize_path(:facebook) %>                         <% end %>                           </td>                     </tr>                      <tr>                       <td><i class="fa fa-google"></i></td>                        <td>                         <% if @user.identities.map(&:provider).include?('googleauth') %>                             <span class="glyphicon glyphicon-ok"</span>                         <% else %>                               <%= link_to icon('Connect Google', id: 'googleauth'), user_omniauth_authorize_path(:google_oauth2) %>                         <% end %>                           </td>                     </tr>                      <tr>                       <td><i class="fa fa-linkedin"></i></td>                          <td>                         <% if @user.identities.map(&:provider).include?('linkedin') %>                             <span class="glyphicon glyphicon-ok"</span>                         <% else %>                               <%= link_to icon('Connect Linkedin', id: 'linkedinauth'), user_omniauth_authorize_path(:linkedin) %>                         <% end %>                        </td>                     </tr>                       <tr>                       <td><i class="fa fa-twitter"></i></td>                           <td>                         <% if @user.identities.map(&:provider).include?('twitter') %> å                           <span class="glyphicon glyphicon-ok"</span>                         <% else %>                               <%= link_to icon('Connect Twitter', id: 'twitterauth'), user_omniauth_authorize_path(:twitter) %>                         <% end %>                        </td>                     </tr>                      <tr>                       <td>Password</td>                        <td>                         <% if @user.encrypted_password.present? %>                             <span class="glyphicon glyphicon-ok"</span>                         <% else %>                                <%= form_for(current_user, :as => 'user', :html => { role: 'form'}) do |f| %>                                 <% if @show_errors && current_user.errors.any? %>                                     <div id="error_explanation">                                         <% current_user.errors.full_messages.each do |msg| %>                                             <%= msg %><br>                                         <% end %>                                     </div>                                 <div class="form-group">                                     <div class="controls">                                           <%= f.input :password,  hint: ("#{@minimum_password_length} characters minimum" if @validatable), :input_html => { class: 'estimate-password'} %>                                     </div>                                 </div>                                   <% end %>                             <div class="actions">                                 <%= f.submit 'Continue', :class => 'btn btn-primary' %>                             </div>                         <% end %>                         </td>                     </tr>                 </table>             </div>           </div>    </div> </div>

routes

devise_for :users, #class_name: 'FormUser',              :controllers => {                 :registrations => "users/registrations",                 # :omniauth_callbacks => "users/authentications"                 :omniauth_callbacks => 'users/omniauth_callbacks'            }     # PER SOURCEY TUTORIAL ----------   match '/users/:id/finish_signup' => 'users#finish_signup', via: [:get, :patch], :as => :finish_signup

None of this works. I don't know how to plug it in. I'm not sure whether I'm supposed to include the attributes stored in my identities table in the permitted params in the controller??

The attributes are:

t.integer  "user_id"     t.string   "provider"     t.string   "accesstoken"     t.string   "refreshtoken"     t.string   "uid"     t.string   "name"     t.string   "email"     t.string   "nickname"     t.string   "image"     t.string   "phone"     t.string   "urls"

I have got this working so a user can authenticate with one method only. I don't know how to get this working. I've tried every resource I can find to figure this out but I'm stuck.

I have this all working with each individual social plugin and email, but what I don't have is the ability to add identities to an existing user (in a current session) so that the next time they login they can use any acceptable identity.

Can anyone help?

1 Answers

Answers 1

Without being able to see all of your code, I just created a shell app that runs with multiple providers. I just followed the steps from the tutorial you mentioned at sourcey. Here is the link to my repo.

You should be able to just clone it and run it by entering your app's keys and secret tokens from facebook, twitter, and linkedin in the devise.rb initializer. To get this to work locally you will need to make sure that the callback url on twitter is set to http://127.0.0.1:3000/.

If you wanted to give a user the option to add their own omniauth account (identity) instead of having it done automatically through app authorization you could just make a form for the user to enter the numeric uid and create the identity your self in the controller or back end like this:

new_identity = Identity.new new_identity.user_id = "current user's id" new_identity.provider = "facebook" new_identity.uid = "0123456789" new_identity.save!

The user would have to get their numeric uid from the site and enter it themselves.

Read More