github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-23 18:41:07 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

DEV: Update associate_accounts_controller to use secure_session

Browse Source 
This is much cleaner than using redis directly. It also opens the door to more complex association change flows which may happen during login.
This commit is contained in:
David Taylor
2021-08-10 14:09:30 +01:00
parent 97f701bc4c
commit 2cae29f644
3 changed files with 34 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/controllers/users/omniauth_callbacks_controller.rb
View File

@ -30,7 +30,7 @@ class Users::OmniauthCallbacksController < ApplicationController
if session.delete(:auth_reconnect) && authenticator.can_connect_existing_user? && current_user
# Save to redis, with a secret token, then redirect to confirmation screen
token = SecureRandom.hex
Discourse.redis.setex "#{Users::AssociateAccountsController::REDIS_PREFIX}_#{current_user.id}_#{token}", 10.minutes, auth.to_json
secure_session.set "#{Users::AssociateAccountsController.key(token)}", auth.to_json, expires: 10.minutes
return redirect_to "#{Discourse.base_path}/associate/#{token}"
else
DiscourseEvent.trigger(:before_auth, authenticator, auth, session, cookies, request)