Class: StandardId::Web::Auth::Callback::ProvidersController

Inherits:
BaseController
  • Object
show all
Includes:
LifecycleHooks, SocialAuthentication, SocialLoginParams, StandardId::WebAuthentication
Defined in:
app/controllers/standard_id/web/auth/callback/providers_controller.rb

Constant Summary

Constants included from LifecycleHooks

LifecycleHooks::DEFAULT_PROFILE_RESOLVER

Constants included from SocialLoginParams

SocialLoginParams::OAUTH_PENDING_REQUESTS_COOKIE, SocialLoginParams::REQUEST_EXPIRY

Constants included from SocialAuthentication

SocialAuthentication::VALID_LINK_STRATEGIES

Constants included from RateLimitHandling

RateLimitHandling::RATE_LIMIT_STORE

Instance Method Summary collapse

Methods included from StandardId::WebAuthentication

#current_account, #current_scope_names, #current_session, #revoke_current_session!

Methods included from ControllerPolicy

all_controllers, authenticated_controllers, public_controllers, register, registry_snapshot, reset_registry!

Instance Method Details

#callbackObject 



19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
 
# File 'app/controllers/standard_id/web/auth/callback/providers_controller.rb', line 19

def callback
  if params[:error].present?
    handle_callback_error
    return
  end

  state_data = nil

  begin
    extract_state_and_nonce => { state_data:, nonce: }
    redirect_uri = callback_url_for
    provider_response = (redirect_uri:, nonce:)
    social_info = provider_response[:user_info]
    provider_tokens = provider_response[:tokens]
    begin
       = (social_info)
    rescue ActiveRecord::RecordNotUnique
      # Race condition: concurrent request created the account first — retry to find it
       = (social_info)
    end
    newly_created = .previously_new_record?

    (, { mechanism: "social", provider: provider.provider_name })
    session_manager.(, scope_name: state_data&.dig("scope"))

    provider_name = provider.provider_name
    (, { mechanism: "social", provider: provider_name }) if newly_created

    run_social_callback(
      provider: provider_name,
      social_info: social_info,
      provider_tokens: provider_tokens,
      account: ,
      original_request_params: state_data
    )

    context = { mechanism: "social", provider: provider_name }
    redirect_override = (, context)

    destination = redirect_override || state_data["redirect_uri"]
    redirect_options = { notice: "Successfully signed in with #{provider_name.humanize}" }
    redirect_options[:allow_other_host] = true if allow_other_host_redirect?(destination)
    redirect_to destination, redirect_options
  rescue StandardId::AuthenticationDenied => e
    handle_authentication_denied(e, account: , newly_created: newly_created)
  rescue StandardId::OAuthError => e
    redirect_to StandardId::WebEngine.routes.url_helpers.(redirect_uri: state_data&.dig("redirect_uri")), alert: "Authentication failed: #{e.message}"
  end
end

#mobile_callbackObject 



69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
 
# File 'app/controllers/standard_id/web/auth/callback/providers_controller.rb', line 69

def mobile_callback
  unless provider.supports_mobile_callback?
    raise StandardId::InvalidRequestError, "Provider #{provider.provider_name} does not support mobile callback"
  end

  extract_state_and_nonce => { state_data: }
  destination = state_data["redirect_uri"]

  unless allow_other_host_redirect?(destination)
    raise StandardId::InvalidRequestError, "Redirect URI is not allowed"
  end

  relay_params = mobile_relay_params
  @mobile_redirect_url = build_mobile_redirect(destination, relay_params)
  render :mobile_callback, layout: false
rescue StandardId::InvalidRequestError => e
  render plain: e.message, status: :unprocessable_entity
end