Merge pull request #1392 from mlorb/ml-sci-2676

Hide sign-in with third party applications (e.g. LinkedIn) in Oauth… [SCI-2676]
2024-09-21 07:26:15 +08:00 · 2018-11-27 11:06:45 +01:00 · 2018-11-27 11:06:45 +01:00 · 398c2f0576
parent d475197e65 0b6b3b3609
commit 398c2f0576
3 changed files with 24 additions and 4 deletions
--- a/app/controllers/users/sessions_controller.rb
+++ b/app/controllers/users/sessions_controller.rb
@ -2,9 +2,13 @@ class Users::SessionsController < Devise::SessionsController
  # before_filter :configure_sign_in_params, only: [:create]

  # GET /resource/sign_in
-  # def new
-  #   super
-  # end
+  def new
+    # If user was redirected here from OAuth's authorize/new page (Doorkeeper
+    # endpoint for authorizing an OAuth client), 3rd party sign-in buttons
+    # (e.g. LinkedIn) should be hidden. See config/initializers/devise.rb.
+    @oauth_authorize = session['oauth_authorize'] == true
+    super
+  end

  # POST /resource/sign_in
  # def create
--- a/app/views/users/shared/_links.html.erb
+++ b/app/views/users/shared/_links.html.erb
@ -25,7 +25,7 @@
    <div data-hook="omniauth-sign-in-links"></div>
  <% end -%>

-  <%- if Rails.configuration.x.enable_user_registration && Rails.configuration.x.linkedin_signin_enabled %>
+  <%- if Rails.configuration.x.enable_user_registration && Rails.configuration.x.linkedin_signin_enabled && @oauth_authorize != true %>
    <%- if devise_mapping.omniauthable? && resource_class.omniauth_providers.any? && controller_name != 'registrations' %>
      <%= link_to omniauth_authorize_path(resource_name, :linkedin), :title => "Sign in with LinkedIn" do %>
        <%= image_tag('linkedin/Sign-in-Large---Default.png',
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@ -314,4 +314,20 @@ Devise.setup do |config|
  # When using OmniAuth, Devise cannot automatically set OmniAuth path,
  # so you need to do it manually. For the users scope, it would be:
  # config.omniauth_path_prefix = '/my_engine/users/auth'
+
+  # If user acesses authorizations/new (Doorkeeper endpoint to authorize an
+  # OAuth client), and user is not logged in yet, we want to hide the 3rd party
+  # OAuth signup buttons on login page (to prevent multiple OAuth loops); so
+  # a boolean is stored in the session, before 302 redirection to login page is
+  # performed.
+  Warden::Manager.before_failure do |env, _opts|
+    if env.key?('action_controller.instance') &&
+       (cont = env['action_controller.instance'])
+       .instance_of?(Doorkeeper::AuthorizationsController) &&
+       cont.action_name == 'new'
+      # pass oauth_authorize param
+      env['rack.session'] ||= {}
+      env['rack.session']['oauth_authorize'] = true
+    end
+  end
 end