Last active
February 16, 2016 19:26
-
-
Save jpmckinney/a114ca4adeaec54cfb9e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git b/Gemfile a/Gemfile | |
index 37bc11c..17145fa 100644 | |
--- b/Gemfile | |
+++ a/Gemfile | |
@@ -45,3 +45,7 @@ group :development do | |
gem 'spring' | |
end | |
+gem 'omniauth' | |
+gem 'omniauth-oauth2' | |
+ | |
+gem 'better_errors' | |
diff --git b/app/controllers/application_controller.rb a/app/controllers/application_controller.rb | |
index d83690e..a3ccca1 100644 | |
--- b/app/controllers/application_controller.rb | |
+++ a/app/controllers/application_controller.rb | |
@@ -2,4 +2,22 @@ class ApplicationController < ActionController::Base | |
# Prevent CSRF attacks by raising an exception. | |
# For APIs, you may want to use :null_session instead. | |
protect_from_forgery with: :exception | |
+ | |
+ def login_required | |
+ if !current_user | |
+ respond_to do |format| | |
+ format.html { | |
+ redirect_to '/auth/sso' | |
+ } | |
+ format.json { | |
+ render :json => { 'error' => 'Access Denied' }.to_json | |
+ } | |
+ end | |
+ end | |
+ end | |
+ | |
+ def current_user | |
+ return nil unless session[:user_id] | |
+ @current_user ||= User.find_by_uid(session[:user_id]['uid']) | |
+ end | |
end | |
diff --git b/app/controllers/user_sessions_controller.rb a/app/controllers/user_sessions_controller.rb | |
new file mode 100644 | |
index 0000000..db437a0 | |
--- /dev/null | |
+++ a/app/controllers/user_sessions_controller.rb | |
@@ -0,0 +1,42 @@ | |
+class UserSessionsController < ApplicationController | |
+ before_filter :login_required, only: [ :destroy ] | |
+ | |
+ # omniauth callback method | |
+ # | |
+ # First the callback operation is done | |
+ # inside OmniAuth and then this route is called | |
+ def create | |
+ omniauth = env['omniauth.auth'] | |
+ logger.debug "+++ #{omniauth}" | |
+ | |
+ user = User.find_by_uid(omniauth['uid']) | |
+ if not user | |
+ # New user registration | |
+ user = User.new(:uid => omniauth['uid']) | |
+ end | |
+ user.email = omniauth['info']['email'] | |
+ user.save | |
+ | |
+ #p omniauth | |
+ | |
+ # Currently storing all the info | |
+ session[:user_id] = omniauth | |
+ | |
+ flash[:notice] = "Successfully logged in" | |
+ redirect_to root_path | |
+ end | |
+ | |
+ # Omniauth failure callback | |
+ def failure | |
+ flash[:notice] = params[:message] | |
+ end | |
+ | |
+ # logout - Clear our rack session BUT essentially redirect to the provider | |
+ # to clean up the Devise session from there too ! | |
+ def destroy | |
+ session[:user_id] = nil | |
+ | |
+ flash[:notice] = 'You have successfully signed out!' | |
+ redirect_to "#{CUSTOM_PROVIDER_URL}/users/sign_out" | |
+ end | |
+end | |
diff --git b/app/models/user.rb a/app/models/user.rb | |
new file mode 100644 | |
index 0000000..4a57cf0 | |
--- /dev/null | |
+++ a/app/models/user.rb | |
@@ -0,0 +1,2 @@ | |
+class User < ActiveRecord::Base | |
+end | |
diff --git b/config/environment.rb a/config/environment.rb | |
index ee8d90d..c944941 100644 | |
--- b/config/environment.rb | |
+++ a/config/environment.rb | |
@@ -1,5 +1,6 @@ | |
# Load the Rails application. | |
require File.expand_path('../application', __FILE__) | |
+require 'sso' | |
# Initialize the Rails application. | |
Rails.application.initialize! | |
diff --git b/config/initializers/omniauth.rb a/config/initializers/omniauth.rb | |
new file mode 100644 | |
index 0000000..0f7cd4c | |
--- /dev/null | |
+++ a/config/initializers/omniauth.rb | |
@@ -0,0 +1,10 @@ | |
+# Change this omniauth configuration to point to your registered provider | |
+# Since this is a registered application, add the app id and secret here | |
+APP_ID = 'key' | |
+APP_SECRET = 'secret' | |
+ | |
+CUSTOM_PROVIDER_URL = 'http://localhost:3000' | |
+ | |
+Rails.application.config.middleware.use OmniAuth::Builder do | |
+ provider :sso, APP_ID, APP_SECRET | |
+end | |
diff --git b/config/routes.rb a/config/routes.rb | |
index 3f66539..b3e7d13 100644 | |
--- b/config/routes.rb | |
+++ a/config/routes.rb | |
@@ -1,4 +1,13 @@ | |
Rails.application.routes.draw do | |
+ root 'home#index' | |
+ | |
+ # omniauth | |
+ get '/auth/:provider/callback' => 'user_sessions#create' | |
+ get '/auth/failure' => 'user_sessions#failure' | |
+ | |
+ # Custom logout | |
+ match '/logout', :to => 'user_sessions#destroy', via: :all | |
+ | |
# The priority is based upon order of creation: first created -> highest priority. | |
# See how all your routes lay out with "rake routes". | |
diff --git b/db/migrate/20150826111506_create_user.rb a/db/migrate/20150826111506_create_user.rb | |
new file mode 100644 | |
index 0000000..3f84727 | |
--- /dev/null | |
+++ a/db/migrate/20150826111506_create_user.rb | |
@@ -0,0 +1,11 @@ | |
+class CreateUser < ActiveRecord::Migration | |
+ def change | |
+ create_table :users do |t| | |
+ t.string :uid | |
+ t.string :email | |
+ t.string :status | |
+ | |
+ t.timestamps | |
+ end | |
+ end | |
+end | |
diff --git b/lib/sso.rb a/lib/sso.rb | |
new file mode 100644 | |
index 0000000..65c34c2 | |
--- /dev/null | |
+++ a/lib/sso.rb | |
@@ -0,0 +1,36 @@ | |
+require 'omniauth-oauth2' | |
+module OmniAuth | |
+ module Strategies | |
+ class Sso < OmniAuth::Strategies::OAuth2 | |
+ | |
+ CUSTOM_PROVIDER_URL = 'http://localhost:3000' | |
+ | |
+ option :client_options, { | |
+ :site => CUSTOM_PROVIDER_URL, | |
+ :authorize_url => "#{CUSTOM_PROVIDER_URL}/auth/sso/authorize", | |
+ :access_token_url => "#{CUSTOM_PROVIDER_URL}/auth/sso/access_token" | |
+ } | |
+ | |
+ uid do | |
+ raw_info['id'] | |
+ end | |
+ | |
+ info do | |
+ { | |
+ :email => raw_info['info']['email'] | |
+ } | |
+ end | |
+ | |
+ extra do | |
+ { | |
+ :first_name => raw_info['extra']['first_name'], | |
+ :last_name => raw_info['extra']['last_name'] | |
+ } | |
+ end | |
+ | |
+ def raw_info | |
+ @raw_info ||= access_token.get("/auth/sso/user.json?oauth_token=#{access_token.token}").parsed | |
+ end | |
+ end | |
+ end | |
+end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment