Below is the relevant code (do let me know if I'm missing anything!).
routes.rb:
devise_for :users, controllers: { omniauth_callbacks: 'users/omniauth_callbacks' }
devise_scope :user do
match '/sessions/user', to: 'devise/sessions#create', via: :post
get '/join' => 'users/registrations#new'
end
resources :users do
resources :video_lessons do
resources :likes
end
end
resources :users, only: [:show, :index]
devise.rb:
if Rails.env.production?
config.omniauth :google_oauth2, ENV['GOOGLE_CLIENT_ID_PROD'[, ENV['GOOGLE_CLIENT_SECRET_PROD'], {}
else
config.omniauth :google_oauth2, ENV['GOOGLE_CLIENT_ID_DEV'], ENV['GOOGLE_CLIENT_SECRET_DEV'], {}
end
omniauth_callbacks_controller.rb
def google_oauth2
# You need to implement the method below in your model (e.g. app/models/user.rb)
#user = User.from_omniauth(request.env['omniauth.auth'])
if #user.persisted?
flash[:notice] = I18n.t 'devise.omniauth_callbacks.success', kind: 'Google'
sign_in_and_redirect #user, event: :authentication
else
session['devise.google_data'] = request.env['omniauth.auth'].except(:extra) # Removing extra as it can overflow some session stores
redirect_to new_user_registration_url, alert: #user.errors.full_messages.join("\n")
end
end
devise/registrations/new.html.erb
<%= link_to "Sign up with Google", user_google_oauth2_omniauth_authorize_path %>
The authorized redirect URIs in my Developer's Console are:
http://localhost:3000/users/auth/google_oauth2 and
https://localhost:3000/users/auth/google_oauth2
I've followed the docs (https://github.com/zquestz/omniauth-google-oauth2) exactly, to no avail.
Thank you for your help!
I recently got this working through this guide.
A more descriptive resource, and the source of the guide, is this official wiki example.
This commit shows all the files I changed to get google and github set up on my rails login page using the guide I mentioned first.
Just make sure when you use either of the guides, that you remove extra part of the data as it can overflow some session stores. The guides do not include this important piece of information. So in this line of omniauth_callbacks_controller.rb, your current code is correct:
...
else
session['devise.google_data'] = request.env['omniauth.auth'].except(:extra) # Removing extra as it can overflow some session stores
....
Good luck!
<%= link_to "Sign in with Google", user_google_oauth2_omniauth_authorize_path, method: :post %>
The request should be 'post'
Related
OK i'm not really a ROR person but I'm trying to modify an existing app (forked) from https://github.com/adamcooke/staytus
there's an /admin page which right now brings you to a haml login form with a username/password box.
What I'm attempting to do us change this functionally so that when /admin is hit devise and omniAuth will redirect to my IDP via OpenIDConnect ask the user to login with their creds, do the auth stuff and pending they get through then show the admin section...
here's what I've done thus far:
installed these gems
gem 'devise'
gem 'omniauth-rails_csrf_protection'
gem 'omniauth-azure-activedirectory-v2'
ran the devise config/install:
added config.rb
def omniauth_oidc?
result = ENV['OMNIAUTH_OIDC'] == '1'
puts "omniauth_oidc? result: #{result}"
I've tried all combinations of routes:
devise_scope :user do
devise_for :users, controllers: { omniauth_callbacks: 'admin/omniauth_callbacks' }
end
devise_scope :user do
get '/admin/omniauth_callbacks' => 'admin/omniauth_callbacks#azure_activedirectory_v2'
end
namespace :admin do
get '/omniauth_callbacks', to: 'omniauth_callbacks#azure_activedirectory_v2'
end
result
end
I've also tried " to: 'sessions#create'" routes but clearly I'm missing something here...
added OmniauthCallbacksControler
class Admin::OmniauthCallbacksController < Devise::OmniauthCallbacksController
def azure_activedirectory_v2
puts "request.env['omniauth.auth']: #{request.env['omniauth.auth'].inspect}"
response_params = request.env['omniauth.auth']
if response_params.nil?
Rails.logger.error("request.env['omniauth.auth'] is nil")
raise "request.env['omniauth.auth'] is nil"
else
response_params = response_params['info']
end
#user = User.find_by!(email: response_params['email'])
if #user&.persisted?
sign_in_and_redirect #user, event: :authentication, location: admin_root_path
else
flash[:danger] = 'You have not yet an account!'
redirect_back(fallback_location: admin_root_path)
end
end
end
added omniauth.rb initializer
Rails.application.config.middleware.use OmniAuth::Builder do
provider :developer if Rails.env.development?
provider :azure_activedirectory_v2,
{
client_id: ENV[''],
client_secret: ENV[''],
tenant_id: ENV[']
}
end
given all of the above I still haven't gotten /admin to redirect to my IDP login ? WHY ?
I have a route with my JWT token as a path variable but it doesn't work with the JWT token eyJhbGciOiJub25lIn0.eyJjb25maXJtYXRpb25fc2VudF9hdCI6IjIwMTgtMDEtMjQgMDY6MDQ6MzEgKzEzMDAiLCJleHBpcmVzX2F0IjoiMjAxOC0wMS0yNyAwNjowNDozMSArMTMwMCIsInVzZXJfaWQiOjM5fQ.
When I switch the JWT token to something less complicated e.g. 5 then the route works. I'm guessing that the format of the JWT need some special treatment in the rails router?
get '/verify/:jwt', to: 'users#verify_email'
No route matches [GET] "/verify/eyJhbGciOiJub25lIn0.eyJjb25maXJtYXRpb25fc2VudF9hdCI6IjIwMTgtMDEtMjQgMDY6MDQ6MzEgKzEzMDAiLCJleHBpcmVzX2F0IjoiMjAxOC0wMS0yNyAwNjowNDozMSArMTMwMCIsInVzZXJfaWQiOjM5fQ
routes.rb
Rails.application.routes.draw do
extend DeviseRoutes
extend PageRoutes
# Root route
root to: "pages#home"
end
devise_routes.rb
module DeviseRoutes
def self.extended(router)
router.instance_exec do
devise_for :users, path: '', path_names: {
sign_in: 'login',
sign_out: 'logout',
sign_up: 'register',
edit: '/user/edit'
}, controllers: { registrations: 'users' }
# User profile management
devise_scope :user do
get '/profile/:id', to: 'users#profile_home', as: 'profile'
# Verify email
get '/verify', to: 'users#verify_email'
end
end
end
end
users_controller
class UsersController < Devise::RegistrationsController
include AuthenticationConcern
require 'utilities/custom_mailer'
require 'jwt'
def profile_home
#user_id = params[:id]
check_user_route_access current_user, #user_id
#user = User.includes(:skills).find_by(id: #user_id)
#skills = #user.skills.eager_load(:profession)
end
def create
super
if current_user
CustomMailer.send_initial_user_signup(user_id: current_user.id,
to_email: current_user.email,
user_full_name: current_user.full_name)
end
end
def verify_email
jwt_token = params[:token]
#jwt_token_decoded = true
# make sure the jwt_token can be decoded, if not crash softly via
# error on the page rather than hard crash
begin
decoded = (JWT.decode jwt_token, nil, false)[0]
rescue
#jwt_token_decoded = false
end
if #jwt_token_decoded
decoded_expires_at = decoded["expired_at"]
user_id = decoded["user_id"]
#user = User.find_by(id: user_id)
# 1. if user is verified, redirect to login page
if #user != nil and #user.confirmed_at != nil
# flash[:success] = t('successfully_created')
redirect_to new_user_session_path
end
# 2. once verified, provide option in view to go to login page
end
# render verification page
end
end
Does anyone have any suggestions?
In your route the JWT consists of various special characters like '.' because of which the rails router is unable to route it properly.
Solution :-
1:- Use route globbing using wildcard segments
Example :-
Change you route to this
get '/verify/*jwt', to: 'users#verify_email', constraints: { jwt: /.*/ }
This will give params[:jwt] = "passed jwt in url"
You can customize the regex used here to make it more meaningful for jwt token which consists of two '.' and other special characters.
Read this for more information :- Rails route globbing and wildcard segments
The most probable cause of this issue is that you have another route before than get '/verify/:jwt', to: 'users#verify_email'. Rails Router gives priority to the first instance it finds.
So if for example, your routes.rb looks like this:
resources :verify # this may not be your case, just an example
get '/verify/:jwt', to: 'users#verify_email'
In this case, rails will ignore get line, and whenever you GET /verify/<anything> will be routed to verify#show
On the other hand, if you swap those lines like this,
get '/verify/:jwt', to: 'users#verify_email'
resources :verify # this may not be your case, just an example
Then every GET /verify/<anything> will be routed to verify_email.
EDIT: Resolved this issue. Ended up being trivial; I forgot to restart the Rails server after editing my config file.
I'm trying to integrate Stripe OAuth in a Rails application w/ Devise using this tutorial. I think I've followed it to a t, but I'm receiving this error when I go to Connect to Stripe on my app.
{"error":{"message":"No application matches the supplied client
identifier"}}
I'm not sure how to check whether the client identifier I declare in my application.yml is even being passed in, or what value it's reading. Here's my setup so far:
config/application.yml (has my IDs from Stripe account - I edited them out here):
STRIPE_CONNECT_CLIENT_ID: "____________"
STRIPE_SECRET_KEY: "_____________"
config/initializers/devise.rb
Devise.setup do |config|
config.omniauth :stripe_connect,
ENV['STRIPE_CONNECT_CLIENT_ID'],
ENV['STRIPE_SECRET_KEY'],
:scope => 'read_write',
:stripe_landing => 'register'
*other config code*
end
config/routes.rb
Studiocracy::Application.routes.draw do
devise_for :users, :controllers => { :omniauth_callbacks => "omniauth_callbacks", registrations: 'registrations' }
*other stuff*
end
controllers/omniauth_callbacks_controller.rb
class OmniauthCallbacksController < Devise::OmniauthCallbacksController
def stripe_connect
#user = current_user
if #user.update_attributes({
provider: request.env["omniauth.auth"].provider,
uid: request.env["omniauth.auth"].uid,
access_code: request.env["omniauth.auth"].credentials.token,
publishable_key: request.env["omniauth.auth"].info.stripe_publishable_key
})
# anything else you need to do in response..
sign_in_and_redirect #user, :event => :authentication
set_flash_message(:notice, :success, :kind => "Stripe") if is_navigational_format?
else
session["devise.stripe_connect_data"] = request.env["omniauth.auth"]
redirect_to new_user_registration_url
end
end
end
app/views/devise/registrations/edit.html.erb
<%= link_to image_tag('stripe.png'), user_omniauth_authorize_path(:stripe_connect) %>
I did the same silly mistake. Later i found out, it is because of wrong client id i am passing. Just chech href tag of your connect to stripe button once and recheck.
I got a solution by adding just a foward slash (/) after the main URL before the question mark (?):
Before:
https://connect.stripe.com/oauth/v2/authorize?scope=read_write&client_id={client_id}&redirect_uri={https//:example.com}
v
https://connect.stripe.com/oauth/v2/authorize/?scope=read_write&client_id={client_id}&redirect_uri={https//:example.com}
^
I have this controller.
class SessionsController < Devise::SessionsController
# GET /resource/sign_in
def new
self.resource = build_resource(nil, :unsafe => true)
clean_up_passwords(resource)
respond_with(resource, serialize_options(resource))
end
# POST /resource/sign_in
def create
self.resource = warden.authenticate!(auth_options)
set_flash_message(:notice, :signed_in, :username => resource.username) if is_navigational_format?
sign_in(resource_name, resource)
respond_with resource, :location => after_sign_in_path_for(resource)
end
end
and this step-defenitions for cucumber:
Given /^a user "(.*?)" exists$/ do |user_name|
#user = User.create!(:username => user_name , :password => "tamara")
end
When /^he logs in$/ do
visit("/users/sign_in")
fill_in('Username', :with => "roelof")
fill_in('Password', :with => "tamara")
click_button('Sign in')
end
Then /^he should see "(.*?)"$/ do |message|
page.should have_content(message)
end
Everything works fine only after a successfull login I get redirect to the homepage and not to the login succceed page. So I don't see the flash message.
Roelof
Edit 1 : I checked the controller and resource_name and resource seems to have the right values.
the standard DeviseHelper for after_sign_in_path_for is the signed_in_root_path
# The scope root url to be used when he's signed in. By default, it first
# tries to find a resource_root_path, otherwise it uses the root_path.
You can check your routes and scope , and even debug by duplicating the Devise signed_in_root_path into your ApplicationController with a debugger line
By default, Devise's internal after_sign_in_path_for(resource) method first tries to find a valid {resource}_return_to key in the session, then it fallbacks to {resource}_root_path, otherwise it uses your root path route.
For instance, setting user_root_path would set direct path in the users scope after successful sign in (probably what you want):
# config/routes.rb
...
devise_for :users do
get 'users', :to => 'users#show', :as => :user_root
end
Or even:
# config/routes.rb
...
match 'user_root' => 'users#show'
Another way to override the redirect on successful login by overriding after_sign_in_path_for(resource):
# app/controllers/application_controller.rb
...
def after_sign_in_path_for(resource)
# Put some path, like:
current_user_path
end
Links for you to read:
How to: redirect to a specific page on successful sign in out
Method: Devise::Controllers::Helpers#after_sign_in_path_for
How To: Customize the redirect after a user edits their profile
How To: Change the redirect path after destroying a session i.e. signing out
I am getting the following error when I try to sign out of devise error:
No route matches [GET] "/d/users/sign_out"
My tag is correct, it is as follows:
<%= link_to "Sign Out", destroy_session_path, :method=>:delete %>
My route for devise is:
devise_for :users, :path_prefix=>"d", :controllers=>{:sessions=>"sessions"}
Other routes are:
resources :users#For CRUD defined after devise_for like in Devise Wiki
With a custom controller sessions for ajax login like on the Devise wiki page:
class SessionsController < Devise::SessionsController
def create
respond_to do |format|
format.html{ super }
format.json do
resource = warden.authenticate!(:scope => resource_name, :recall => "#{controller_path}#failure")
#resource = warden.authenticate!(:scope => resource_name, :recall => :failure)
return sign_in_and_redirect(resource_name, resource)
end
end
end
def sign_in_and_redirect(resource_or_scope, resource=nil)
scope = Devise::Mapping.find_scope!(resource_or_scope)
resource ||= resource_or_scope
sign_in(scope, resource) unless warden.user(scope) == resource
return render :json => {:success => true, :redirect => stored_location_for(scope) || after_sign_in_path_for(resource)}
end
def failure
return render:json => {:success => false, :errors => ["Login failed."]}
end
end
The devise initializer has:
config.sign_out_via = :delete
Any ideas on what could be causing the problem? I've searched Google and am still stumped.
Update:
Here is a screenshot of the rails routes file for the devise users. Sorry, it is small, but you can right-click then view it by itself for a larger screen.
Update #2:
The jquery_ujs file is included.
Update #3:
It appears in the console that delete is indeed being passed, but it is jumping from the sessions_controller to / then to d/users/sign_out...Not sure how to fix this.
Update #4:
When redirecting it goes first to d/users/sign_out as DELETE, as it should. It then redirects to root_url which then gives the error ERROR Errno::ECONNABORTED: An established connection was aborted by the software in your host machine. It then tries to redirect to d/users/sign_out as GET where it is failing.
This appears to be an issue between Devise and Ruby 1.9.2-p290. Updating to Ruby 1.9.3 and running bundle update to ensure the latest version of Devise was used; appears to work.
It sounds like you might have removed //= require jquery_ujs from your application.js file. I think that handles the link particulars to make a 'delete' request. Either way, as it is now, you're making a 'GET' which obviously won't hit your destroy_user_session method.
Change:
config.sign_out_via = :delete
to:
config.sign_out_via = :get
See this related:
No route matches "/users/sign_out" devise rails 3