Updated devise, User and Authorization models.

QutEcoacoustics · Oct 31, 2012 · 1f83232 · 1f83232
1 parent f255034
commit 1f83232
Show file tree

Hide file tree

Showing 5 changed files with 135 additions and 7 deletions.
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -7,8 +7,7 @@ class ApplicationController < ActionController::Base
   private 
 
   def set_stamper
-    # I expect this to fail
-    # hack while we have no authentication
-    User.stamper =  User.first() #self.current_user
+    # current_user is from devise
+    User.stamper =  self.current_user #User.first()
   end
 end
diff --git a/app/controllers/omniauth_callbacks_controller.rb b/app/controllers/omniauth_callbacks_controller.rb
@@ -0,0 +1,101 @@
+class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
+
+  require 'uuidtools'
+
+  def facebook
+    oauthorize "Facebook"
+  end
+
+  def twitter
+    oauthorize "Twitter"
+  end
+
+  def linked_in
+    oauthorize "LinkedIn"
+  end
+
+  def passthru
+    render :file => "#{Rails.root}/public/404.html", :status => 404, :layout => false
+  end
+
+  private
+
+  def oauthorize(kind)
+    @user = find_for_ouath(kind, env["omniauth.auth"], current_user)
+    if @user
+      flash[:notice] = I18n.t "devise.omniauth_callbacks.success", :kind => kind
+      session["devise.#{kind.downcase}_data"] = env["omniauth.auth"]
+      sign_in_and_redirect @user, :event => :authentication
+    end
+  end
+
+  def find_for_ouath(provider, access_token, resource=nil)
+    user, email, name, uid, auth_attr = nil, nil, nil, {}
+    case provider
+      when "Facebook"
+        uid = access_token['uid']
+        email = access_token['extra']['user_hash']['email']
+        auth_attr = { :uid => uid, :token => access_token['credentials']['token'], :secret => nil, :name => access_token['extra']['user_hash']['name'], :link => access_token['extra']['user_hash']['link'] }
+      when "Twitter"
+        uid = access_token['extra']['user_hash']['id']
+        name = access_token['user_info']['name']
+        auth_attr = { :uid => uid, :token => access_token['credentials']['token'], :secret => access_token['credentials']['secret'], :name => name, :link => "http://twitter.com/#{name}" }
+      when 'LinkedIn'
+        uid = access_token['uid']
+        name = access_token['user_info']['name']
+        auth_attr = { :uid => uid, :token => access_token['credentials']['token'], :secret => access_token['credentials']['secret'], :name => name, :link => access_token['user_info']['public_profile_url'] }
+      else
+        raise 'Provider #{provider} not handled'
+    end
+    if resource.nil?
+      if email
+        user = find_for_oauth_by_email(email, resource)
+      elsif uid && name
+        user = find_for_oauth_by_uid(uid, resource)
+        if user.nil?
+          user = find_for_oauth_by_name(name, resource)
+        end
+      end
+    else
+      user = resource
+    end
+
+    auth = user.authorizations.find_by_provider(provider)
+    if auth.nil?
+      auth = user.authorizations.build(:provider => provider)
+      user.authorizations << auth
+    end
+    auth.update_attributes auth_attr
+
+    return user
+  end
+
+  def find_for_oauth_by_uid(uid, resource=nil)
+    user = nil
+    if auth = Authorization.find_by_uid(uid.to_s)
+      user = auth.user
+    end
+    return user
+  end
+
+  def find_for_oauth_by_email(email, resource=nil)
+    if user = User.find_by_email(email)
+      user
+    else
+      user = User.new(:email => email, :password => Devise.friendly_token[0,20])
+      user.save
+    end
+    return user
+  end
+
+  def find_for_oauth_by_name(name, resource=nil)
+    if user = User.find_by_name(name)
+      user
+    else
+      user = User.new(:name => name, :password => Devise.friendly_token[0,20], :email => "#{UUIDTools::UUID.random_create}@host")
+      user.save false
+    end
+    return user
+  end
+
+end
diff --git a/app/controllers/registrations_controller.rb b/app/controllers/registrations_controller.rb
@@ -0,0 +1,21 @@
+class RegistrationsController < Devise::RegistrationsController
+
+  def update
+    if params[resource_name][:password].blank?
+      params[resource_name].delete(:password)
+      params[resource_name].delete(:password_confirmation) if params[resource_name][:password_confirmation].blank?
+    end
+    # Override Devise to use update_attributes instead of update_with_password.
+    # This is the only change we make.
+    if resource.update_attributes(params[resource_name])
+      set_flash_message :notice, :updated
+      # Line below required if using Devise >= 1.2.0
+      sign_in resource_name, resource, :bypass => true
+      redirect_to after_update_path_for(resource)
+    else
+      clean_up_passwords(resource)
+      render_with_scope :edit
+    end
+  end
+
+end
diff --git a/app/models/authorization.rb b/app/models/authorization.rb
@@ -0,0 +1,7 @@
+class Authorization < ActiveRecord::Base
+  # no attributes are publicly accessible, all are used only internally
+  # attr_accessible :link, :name, :provider, :secret, :token, :uid, :user_id
+  attr_accessible
+
+  belongs_to :user
+end
diff --git a/app/models/user.rb b/app/models/user.rb
@@ -1,13 +1,13 @@
 class User < ActiveRecord::Base
-  # Include default devise modules. Others available are:
-  # :database_authenticatable, :lockable, :recoverable,
+  # Include devise modules. Others available are:
+  # :database_authenticatable, :lockable, :recoverable, :rememberable
   # :validatable, :timeoutable,
   devise  :confirmable, :omniauthable, :registerable,
            :token_authenticatable, :trackable
 
   # Setup accessible (or protected) attributes for your model
-  attr_accessible :email, :password, :password_confirmation, :remember_me
-  attr_accessible :display_name
+  attr_accessible :display_name, :email
+  has_many :authorizations, :dependent => :destroy
 
   # user stamp
   model_stamper