Class: Shakha::AuthController

Inherits:
ApplicationController show all
Includes:
PKCEMixin
Defined in:
app/controllers/shakha/auth_controller.rb

Constant Summary

Constants included from PKCEMixin

PKCEMixin::CODE_CHALLENGE_METHOD, PKCEMixin::CODE_VERIFIER_LENGTH, PKCEMixin::PKCE_COOKIE_EXPIRY_SECONDS, PKCEMixin::PKCE_COOKIE_NAME

Instance Method Summary collapse

Methods included from PKCEMixin

generate_code_challenge, generate_code_verifier

Instance Method Details

#authorizeObject 



18
19
20
21
22
23
24
25
26
27
28
29
30
 
# File 'app/controllers/shakha/auth_controller.rb', line 18

def authorize
  provider = resolve_provider
  pkce = create_pkce_bundle

  redirect_uri = "#{Shakha.config.app_origin}/auth/shakha/#{provider.provider_name}/callback"
  auth_url = provider.authorize_url(
    state: pkce[:state],
    code_challenge: pkce[:challenge],
    redirect_uri: redirect_uri
  )

  redirect_to auth_url, allow_other_host: true
end

#callbackObject 



32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
 
# File 'app/controllers/shakha/auth_controller.rb', line 32

def callback
  provider = resolve_provider
  pkce_result = verify_pkce!(params[:state])

  token_response = provider.exchange_code(
    code: params[:code],
    code_verifier: pkce_result[:verifier],
    redirect_uri: "#{Shakha.config.app_origin}/auth/shakha/#{provider.provider_name}/callback"
  )

  identity = provider.identity_from_response(token_response)
  user = find_or_create_user(provider.provider_name, identity)
  session_record = create_session(user)
  set_session_cookie(session_record)
  redirect_to build_return_url(pkce_result[:return_to], session_record)

rescue PKCEError, OAuthError => e
  handle_auth_failure(e, pkce_result)
end

#destroyObject 



52
53
54
55
56
57
58
59
60
 
# File 'app/controllers/shakha/auth_controller.rb', line 52

def destroy
  current_session&.destroy
  cookies.delete(:shakha_session_token)

  respond_to do |format|
    format.html { redirect_to params[:return_to].presence || "/" }
    format.json { render json: { status: "signed_out" } }
  end
end

#errorObject 



62
63
64
 
# File 'app/controllers/shakha/auth_controller.rb', line 62

def error
  @message = params[:message] || "Authentication failed"
end

#newObject 



12
13
14
15
16
 
# File 'app/controllers/shakha/auth_controller.rb', line 12

def new
  @client = find_or_create_client
  @return_to = sanitize_return_to(params[:return_to])
  @providers = Shakha.config.providers
end