So I've got Omniauth with Twitter validation functioning at about 95%, in other-words it's almost fully functional. When clicking the | Sign-In with Twitter | button on my app, it re-directs me to twitter where I am then prompted to enter my Twitter credentials, and then re-directed back to the app.
However, instead of logging me in after the Twitter auth process I get the following error on the Sign-in page:
1 error prohibited this user from being saved:
Email can't be blank
How can I get Omniauth to re-direct me to the logged in page in my case the /posts page? And why is it producing such an error, when Omniauth is supposed to authorize me via Twitter validation?
User model:
class User < ActiveRecord::Base
has_many :authentications
# Include default devise modules. Others available are:
# :token_authenticatable, :lockable, :timeoutable and :activatable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
# Setup accessible (or protected) attributes for your model
attr_accessible :email, :password, :password_confirmation
# attr_accessible :title, :body
def apply_omniauth(omniauth)
self.email = omniauth['info']['email'] if email.blank?
authentications.build(:provider => omniauth['provider'], :uid => omniauth['uid'])
end
def password_required?
(authentications.empty? || !password.blank?) && super
end
end
Authentications Controller:
class AuthenticationsController < ApplicationController
def create
omniauth = request.env["omniauth.auth"]
authentication = Authentication.find_by_provider_and_uid(omniauth['provider'], omniauth['uid'])
if authentication
flash[:notice] = "Signed in successfully."
sign_in_and_redirect(:user, authentication.user)
elsif current_user
current_user.authentications.create!(:provider => omniauth['provider'], :uid => omniauth['uid'])
flash[:notice] = "Authentication successful."
redirect_to authentications_url
else
user = User.new
user.apply_omniauth(omniauth)
if user.save
flash[:notice] = "Signed in successfully."
sign_in_and_redirect(:user, user)
else
session[:omniauth] = omniauth.except('extra')
redirect_to new_user_registration_url
end
end
end
end
Registrations Controller:
class RegistrationsController < Devise::RegistrationsController
def create
super
session[:omniauth] = nil unless #user.new_record?
end
private
def build_resource(*args)
super
if session[:omniauth]
#user.apply_omniauth(session[:omniauth])
#user.valid?
end
end
end
I just remembered, the reason is actually simple, twitter doesn't return email in the omniauth request so it redirects you to the new user registration page and you have to fill in your email.
https://github.com/intridea/omniauth/wiki/Auth-Hash-Schema
furthermore this could be of help
Skip email validation for omniauth-twitter on devise 2.0
Related
I used devise to allow users register and login within the site. I also used omniauth-facebook to allow users login with their facebook accounts. However, people who registered first with the same email as their facebook-email cannot login with their facebook account.I want to use both facebook login and site registration.
This is my user.rb
class User < ActiveRecord::Base
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable, :omniauthable
def self.find_for_facebook_oauth(auth, signed_in_resource=nil)
user = User.where(:provider => auth.provider, :uid => auth.uid).first
unless user
user = User.create(name:auth.extra.raw_info.name,
provider:auth.provider,
uid:auth.uid,
email:auth.info.email,
password:Devise.friendly_token[0,20]
)
end
user
end
end
And omniauth_callbacks_controller.rb
class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
def facebook
#user = User.find_for_facebook_oauth(request.env["omniauth.auth"], current_user)
if #user.persisted?
sign_in_and_redirect #user, :event => :authentication #this will throw if #user is not activated
set_flash_message(:notice, :success, :kind => "Facebook") if is_navigational_format?
else
session["devise.facebook_data"] = request.env["omniauth.auth"]
redirect_to new_user_registration_url
end
end
end
You can easily do this the following way:
Create another model called Authorization with the attributes:
provider:string, uid:string, user_id:integer
Now User would be associated with Authorization as follows:
class User
has_many :authorizations
...
end
Whenever a facebook login occurs, check with the authorizations model to see if a record is present. If not create it and link it to the user model (by searching by email id).
Get the proper user object and login with it.
Source: http://net.tutsplus.com/tutorials/ruby/how-to-use-omniauth-to-authenticate-your-users/
I asked the question and just found ways out based on matrixtheone's anwser (really great help) and this blog.
http://www.orhancanceylan.com/rails-twitter-and-facebook-authentications-with-omniauth-and-devise/
Here is the code. If there is something wrong, please figure it out
def facebook
omni = request.env["omniauth.auth"]
authentication = Authentication.find_by_provider_and_uid(omni['provider'],omni['uid'])
if authentication
flash[:notice] = "Logged in Successfully"
sign_in_and_redirect User.find(authentication.user_id)
elsif user = User.find_by(email: omni['extra']['raw_info'].email)
user.authentications.create!(provider:omni['provider'],
uid:omni['uid'])
flash[:notice] = "Authentication for registered user is successful"
sign_in_and_redirect user
else
user = User.new
user.password = Devise.friendly_token[0,20]
user.email = omni['extra']['raw_info'].email
user.authentications.build(provider:omni['provider'],
uid:omni['uid'])
if user.save
flash[:notice] = "Logged in."
sign_in_and_redirect User.find(user.id)
else
session[:omniauth] = omni.except('extra')
redirect_to new_user_registration_path
end
end
end
You can add a custom validation for the email field in user model like
email_regex = /\A[\w+\-.]+#[a-z\d\-.]+\.[a-z]+\z/i
validates :email, :presence =>{:message => "An email address must be entered."},
:format => { :with => email_regex , :message => "The email address is not valid." },
:uniqueness => { :case_sensitive => false, :message => "The email address is already used."}
I'm going to implement facebook and vkontakte login(registering) for my rails app, and with facebook all is ok (login and regitering is ok), done as in manual
here
But with vkontakte something wrong, i'll still get "empty" page
here is my code:
class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
def facebook
# You need to implement the method below in your model (e.g. app/models/user.rb)
#user = User.find_for_facebook_oauth(request.env["omniauth.auth"], current_user)
if #user.persisted?
flash[:notice] = I18n.t "devise.omniauth_callbacks.success", :kind => "Facebook"
sign_in_and_redirect #user, :event => :authentication
else
session["devise.facebook_data"] = request.env["omniauth.auth"]
redirect_to new_user_registration_url
end
end
def vkontakte
#user = User.find_for_vkontakte_oauth(request.env["omniauth.auth"], current_user)
if #user.persisted?
flash[:notice] = I18n.t "devise.omniauth_callbacks.success", :kind => "Vkontakte"
sign_in_and_redirect #user, :event => :authentication
else
session["devise.vkontakte_data"] = request.env["omniauth.auth"]
redirect_to new_user_registration_url
end
end
end
And model:
class User < ActiveRecord::Base
# Include default devise modules. Others available are:
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable,
:token_authenticatable, :lockable, :timeoutable, :omniauthable #:confirmable,
# Setup accessible (or protected) attributes for your model
attr_accessible :email, :password, :password_confirmation, :remember_me, :provider, :uid, :name
def self.find_for_facebook_oauth(auth, signed_in_resource=nil)
user = User.where(:provider => auth.provider, :uid => auth.uid).first
unless user
user = User.create(name:auth.extra.raw_info.name,
provider:auth.provider,
uid:auth.uid,
email:auth.info.email,
password:Devise.friendly_token[0,20]
)
end
user
end
def self.new_with_session(params, session)
super.tap do |user|
if data = session["devise.facebook_data"] && session["devise.facebook_data"]["extra"]["raw_info"]
user.email = data["email"] if user.email.blank?
end
if data = session["devise.vkontakte_data"] && session["devise.vkontakte_data"]["extra"]["raw_info"]
user.email = data["email"] if user.email.blank?
end
end
end
def self.find_for_vkontakte_oauth(auth, signed_in_resource=nil)
user = User.where(:provider => auth.provider, :uid => auth.uid).first
unless user
user = User.create(name:auth.info.name,
provider:auth.provider,
uid:auth.uid,
email:auth.extra.raw_info.domain+'#vk.com',
password:Devise.friendly_token[0,20]
)
end
user
end
What's wrong?
Have you tried omniauth railscasts made by Ryan Bates ?
http://railscasts.com/episodes/360-facebook-authentication - here is for facebook
http://railscasts.com/episodes/235-omniauth-part-1
http://railscasts.com/episodes/236-omniauth-part-2
these are for authentication from different social networks. I'm started working with VK api, so if you will have problems with implmentation of these railscasts - tell me.
check if your server host as like registered in vk. For development, you may edit /etc/hosts and access to your site via this host.
Example: site is inmyhouse.su
/etc/hosts: 127.0.1.1 local.inmyhouse.su
I am using a GEM device to authenticate user from Facebook oauth. I use the following to create a user
def self.find_for_facebook_oauth(auth, signed_in_resource=nil)
user = User.where(:provider => auth.provider, :uid => auth.uid).first
unless user
user = User.create(name:auth.extra.raw_info.name,
provider:auth.provider,
uid:auth.uid,
email:auth.info.email,
password:Devise.friendly_token[0,20]
)
end
user
end
and then to login:
def facebook
#user = User.find_for_facebook_oauth(request.env["omniauth.auth"], current_user)
def after_sign_in_path_for(resource)
return '/mypage'
end
if #user.persisted?
flash[:notice] = I18n.t "devise.omniauth_callbacks.success", :kind => "Facebook"
sign_in_and_redirect #user, :event => :authentication
else
session["devise.facebook_data"] = request.env["omniauth.auth"]
redirect_to new_user_registration_url
end
end
However when the user visits the app after about 15 minutes of inactivity they will no longer be logged in. How can I increase this time? I don't seem to be getting anywhere currently.
If anyone could provide details of setting a cookie or something so that this will persist even when the browser is closed that would be good to.
EDIT
Full user.rb
class User < ActiveRecord::Base
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable,
:omniauthable
# Setup accessible (or protected) attributes for your model
attr_accessible :name, :provider, :uid, :email, :password, :password_confirmation, :remember_me
has_many :ratings
has_many :rated_recipes, :through => :ratings, :source => :recipes
def self.find_for_facebook_oauth(auth, signed_in_resource=nil)
user = User.where(:provider => auth.provider, :uid => auth.uid).first
unless user
user = User.create(name:auth.extra.raw_info.name,
provider:auth.provider,
uid:auth.uid,
email:auth.info.email,
password:Devise.friendly_token[0,20]
)
end
user
end
end
EDIT:
So some of the advice below has got me somewhere. It all seems to work fine when you access the rails via the url it is hosted at. However as soon as you hit the facebook app page the user no longer persists in any of the tabs open. Can't see why this would be
Hi I am using devise and omniauth to autenticate facebook login, but I get the following error:
Can't mass-assign protected attributes: token
app/models/user.rb:20:in `apply_omniauth'
app/controllers/authentications_controller.rb:19:in `create'
this the user model:
class User < ActiveRecord::Base
# The relationship between the User and Authentication model
has_many :authentications, :dependent => :delete_all
# Include default devise modules. Others available are:
# :token_authenticatable, :confirmable,
# :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
# Setup accessible (or protected) attributes for your model
attr_accessible :email, :password, :password_confirmation, :remember_me,
# attr_accessible :title, :body
def apply_omniauth(auth)
# In previous omniauth, 'user_info' was used in place of 'raw_info'
self.email = auth['extra']['raw_info']['email']
authentications.build(:provider => auth['provider'], :uid => auth['uid'], :token => auth['credentials']['token'])
end
end
This is my authentication controller:
class AuthenticationsController < ApplicationController
def index
#authentications = current_user.authentications if current_user
end
def create
auth = request.env["omniauth.auth"]
# Try to find authentication first
authentication = Authentication.find_by_provider_and_uid(auth['provider'], auth['uid'])
if authentication
# Authentication found, sign the user in.
flash[:notice] = "Signed in successfully."
sign_in_and_redirect(:user, authentication.user)
else
# Authentication not found, thus a new user.
user = User.new
user.apply_omniauth(auth)
if user.save(:validate => false)
flash[:notice] = "Account created and signed in successfully."
sign_in_and_redirect(:user, user)
else
flash[:error] = "Error while creating a user account. Please try again."
redirect_to root_url
end
end
end
def destroy
#authentication = Authentication.find(params[:id])
#authentication.destroy
redirect_to authentications_url, :notice => "Successfully destroyed authentication."
end
end
Could somebody explain why I get this error, and how I fix it?
Adding :token to the attr_accessible line in the authentication model should do the trick.
I have a bit of code here where users can login via their twitter account. the problem here is, how can i skip email confirmation for user the sign up from external services like twitter. i am using devise and i do not know how to skip the email confirmation for this type of users. my code sample is as follows
class AuthenticationsController < ApplicationController
# GET /authentications
# GET /authentications.json
def index
#authentications = current_user.authentications if current_user
end
# POST /authentications
# POST /authentications.json
def create
omniauth = request.env["omniauth.auth"]
authentication = Authentication.find_by_provider_and_uid(omniauth['provider'], omniauth['uid'])
if authentication
flash[:notice] = "Signed in successfully"
sign_in_and_redirect(:user, authentication.user)
elsif current_user
current_user.authentications.create!(:provider => omniauth['provider'], :uid => ['uid'])
flash[:notice] = "Authentication successful"
redirect_to authentication_url
else
user = User.new
user.apply_omniauth(omniauth)
if user.save
flash[:notice] = "Signed in successfully"
sign_in_and_redirect(:user, user)
else
session[:omniauth] = omniauth.except('extra')
redirect_to new_user_registration_url
end
end
rescue Exception => e
# Just spit out the error message and a backtrace.
render :text => "<html><body><pre>" + e.to_s + "</pre><hr /><pre>" + e.backtrace.join("\n") + "</pre></body></html>"
end
# DELETE /authentications/1
# DELETE /authentications/1.json
def destroy
#authentication = current_user.authentications.find(params[:id])
#authentication.destroy
respond_to do |format|
format.html { redirect_to authentications_url }
format.json { head :ok }
end
end
end
my registration controller is as follows
class RegistrationsController < Devise::RegistrationsController
def create
super
session[:omniauth] = nil unless #user.new_record?
end
private
def build_resource(*args)
super
if session[:omniauth]
#user.apply_omniauth(session[:omniauth])
#user.valid?
end
end
end
and my user model is below
class User < ActiveRecord::Base
# Include default devise modules. Others available are:
# :token_authenticatable, :encryptable, :lockable, :timeoutable and
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable, :confirmable
# Setup accessible (or protected) attributes for your model
attr_accessible :email, :password, :password_confirmation, :remember_me, :username, :about, :facebook_username, :twitter_username, :icon, :admin
validates_uniqueness_of :username
has_attached_file :icon, :styles => {:thumb => "64x64#"}, :default_url => 'icon_:style.png'
validates_attachment_content_type :icon, :content_type => ['image/jpeg', 'image/png', 'image/gif']
validates_attachment_size :icon, :less_than => 1.megabyte
ajaxful_rater
has_many :authentications
validates_presence_of :username
def apply_omniauth(omniauth)
self.email = omniauth['user_info']['email'] if email.blank?
self.name = omniauth['user_info']['name'] if name.blank?
self.image = omniauth['user_info']['image'] if image.blank?
authentications.build(:provider => omniauth['provider'], :uid => omniauth['uid'])
end
def password_required?
(authentications.empty? || !password.blank?) && super
end
end
my like to the auth url is below
<a href="/auth/twitter" class="auth_provider">
<%= image_tag "twitter_64.png", :size => "64x64", :alt => "Twitter" %>
</a>
my routh is like this
match 'auth/:provider/callback' => "authentications#create"
Whenever you want to skip confirmation for Devise period, just use the following before the user.save...
user.skip_confirmation!
So basically, in your create controller action, if it detects omniauth logic, then call that.
This could be achieved by setting the confirmed_at attribute, which Devise sets internally to mark an account as confirmed:
user.update(
confirmed_at: Time.now.utc,
confirmation_token: nil
)