Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[WIP - Help wanted!] Ensure preservation of return_to through OAuth login flow #3762

Closed
wants to merge 1 commit into from
Closed
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 25 additions & 3 deletions app/controllers/user_sessions_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -33,12 +33,20 @@ def create
redirect_to root_url, notice: "Already linked to another account!"
end
else # not signed in
session[:return_to] = params[:return_to] # ensure we preserve return_to even when passing through OAuth provider
if @identity&.user.present?
# The identity we found had a user associated with it so let's
# just log them in here
@user = @identity.user
@user_session = UserSession.create(@identity.user)
redirect_to root_url, notice: "Signed in!"
if session[:return_to]
return_to = session[:return_to]
session[:return_to] = nil
flash[:notice] = "Signed in!"
redirect_to return_to
else
redirect_to root_url, notice: "Signed in!"
end
else # identity does not exist so we need to either create a user with identity OR link identity to existing user
if User.where(email: auth["info"]["email"]).empty?
# Create a new user as email provided is not present in PL database
Expand All @@ -50,7 +58,14 @@ def create
@user = user
# send key to user email
PasswordResetMailer.reset_notify(user, key).deliver_now unless user.nil? # respond the same to both successes and failures; security
redirect_to root_url, notice: "You have successfully signed in. Please change your password via a link sent to you via e-mail"
if session[:return_to]
return_to = session[:return_to]
session[:return_to] = nil
flash[:notice] = "You have successfully signed in. Please change your password via a link sent to you via e-mail"
redirect_to return_to
else
redirect_to root_url, notice: "You have successfully signed in. Please change your password via a link sent to you via e-mail"
end
else # email exists so link the identity with existing user and log in the user
user = User.where(email: auth["info"]["email"])
# If no identity was found, create a brand new one here
Expand All @@ -61,7 +76,14 @@ def create
@user = user
# log in them
@user_session = UserSession.create(@identity.user)
redirect_to root_url, notice: "Successfully linked to your account!"
if session[:return_to]
return_to = session[:return_to]
session[:return_to] = nil
flash[:notice] = "Successfully linked to your account!"
redirect_to return_to
else
redirect_to root_url, notice: "Successfully linked to your account!"
end
end
end
end
Expand Down