Class: OmniauthCallbacksController

Inherits:

ApplicationController

• Object
• ApplicationController
• OmniauthCallbacksController

Defined in:

app/controllers/omniauth_callbacks_controller.rb

Overview

Google OAuth callback (the web2 social path).

Defense-in-depth: omniauth-google-oauth2 already verifies the id_token’s JWT signature against Google’s JWKS, but we additionally re-validate it server-side via Google’s tokeninfo endpoint (GoogleOauthValidator) to assert audience + email_verified + expiry before trusting the identity. Only a Google-confirmed verified email is allowed to find-or-create an account.

Engine GENERIC base. turf-monster OVERRIDES this controller for popup-mode, account merge, wallet-collision stashing, and funnel attribution.

Instance Method Summary

• #create ⇒ Object
• #failure ⇒ Object

Instance Method Details

#create ⇒ Object

# File 'app/controllers/omniauth_callbacks_controller.rb', line 14

def create
  auth = request.env["omniauth.auth"]
  result = GoogleOauthValidator.new(id_token: id_token_from(auth)).validate!
  unless result.ok?
    Rails.logger.warn("[omniauth] google id_token rejected: #{result.reason}")
    return redirect_to login_path, alert: "Google sign-in could not be verified. Please try again."
  end

  user = User.from_omniauth(auth, email_verified: result.email_verified)
  unless user.is_a?(User)
    return redirect_to login_path, alert: "Google sign-in couldn't be completed. Please try another method."
  end

  rescue_and_log(target: user) do
    set_app_session(user)
    redirect_to root_path, notice: "Signed in with Google!"
  end
rescue StandardError
  redirect_to login_path, alert: "Google sign-in failed. Please try again."
end

#failure ⇒ Object

# File 'app/controllers/omniauth_callbacks_controller.rb', line 35

def failure
  redirect_to login_path, alert: "Google sign-in failed. Please try again."
end