mirror of
https://github.com/discourse/discourse.git
synced 2025-06-15 08:01:23 +08:00
0de08e780b
This improves the error message(s) displayed when an error happens while using a social login to log in / sign up into a Discourse community. Unfortunately, we can't be super precise in the reason behind the error (it can be the user clicked "cancel" during the authorization phase, or any of the plethora of other possible errors) because the reason isn't provided (either for security reasons, or because it's just hard to do so in a reliable & consistent way accross all social logins). The best I could do was to - add the name of the "social login" provider in the error message - tweak the copy a bit for the different cases handle - fix the CSS/HTML to match the one used by the main application In order to show the name of the provider, we use either the "provider" or the "strategy" query parameter, or use the name of the authenticator (if it's the only one enabled). Internal ref - t/153662 --- **BEFORE**  **AFTER** 
71 lines
1.9 KiB
Ruby
71 lines
1.9 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
require "has_errors"
|
|
|
|
class Auth::GithubAuthenticator < Auth::ManagedAuthenticator
|
|
def name
|
|
"github"
|
|
end
|
|
|
|
def display_name
|
|
"GitHub"
|
|
end
|
|
|
|
def enabled?
|
|
SiteSetting.enable_github_logins
|
|
end
|
|
|
|
def after_authenticate(auth_token, existing_account: nil)
|
|
result = super
|
|
return result if result.user
|
|
# If email domain restrictions are configured,
|
|
# pick a secondary email which is allowed
|
|
all_github_emails(auth_token).each do |candidate|
|
|
next if !EmailValidator.allowed?(candidate[:email])
|
|
result.email = candidate[:email]
|
|
result.email_valid = !!candidate[:verified]
|
|
break
|
|
end
|
|
|
|
result
|
|
end
|
|
|
|
def find_user_by_email(auth_token)
|
|
# Use verified secondary emails to find a match
|
|
all_github_emails(auth_token).each do |candidate|
|
|
next if !candidate[:verified]
|
|
if user = User.find_by_email(candidate[:email])
|
|
return user
|
|
end
|
|
end
|
|
nil
|
|
end
|
|
|
|
def all_github_emails(auth_token)
|
|
emails = Array.new(auth_token[:extra][:all_emails])
|
|
primary_email = emails.find { |email| email[:primary] }
|
|
if primary_email
|
|
emails.delete(primary_email)
|
|
emails.unshift(primary_email)
|
|
end
|
|
emails
|
|
end
|
|
|
|
def register_middleware(omniauth)
|
|
omniauth.provider :github,
|
|
setup:
|
|
lambda { |env|
|
|
strategy = env["omniauth.strategy"]
|
|
strategy.options[:client_id] = SiteSetting.github_client_id
|
|
strategy.options[:client_secret] = SiteSetting.github_client_secret
|
|
},
|
|
scope: "user:email"
|
|
end
|
|
|
|
# the omniauth-github gem only picks up the primary email if it's verified:
|
|
# https://github.com/omniauth/omniauth-github/blob/0ac46b59ccdabd4cbe5be4a665df269355081915/lib/omniauth/strategies/github.rb#L58-L61
|
|
def primary_email_verified?(auth_token)
|
|
true
|
|
end
|
|
end
|