Skip to content

[#325] Authentication via Social Networks#360

Closed
ruslankhaertdinov wants to merge 10 commits intofs:examplesfrom
ruslankhaertdinov:authentication-via-social-networks
Closed

[#325] Authentication via Social Networks#360
ruslankhaertdinov wants to merge 10 commits intofs:examplesfrom
ruslankhaertdinov:authentication-via-social-networks

Conversation

@ruslankhaertdinov
Copy link
Contributor

@ruslankhaertdinov ruslankhaertdinov commented Oct 13, 2015

@ruslankhaertdinov
Copy link
Contributor Author

ruslankhaertdinov commented Oct 13, 2015

@MaximLarionov I apply review comments and reopen PR into examples branch, please take a look again.

maxinspace
maxinspace reviewed Oct 13, 2015
View reviewed changes
app/controllers/users/omniauth_callbacks_controller.rb Outdated
Copy link

@maxinspace maxinspace Oct 13, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not really DRY to repeat one check in the every single action, WDYT about moving this check to callback before_action?

Copy link
Contributor Author

@ruslankhaertdinov ruslankhaertdinov Oct 13, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, agree.

apply review comments: move check_omniauth content into policy object…
8d6d669 
…, use before filter and use expose instead of private method
@maxinspace
Copy link

maxinspace commented Oct 14, 2015

Moreover, it appears that we partially can't use some social services for oauth.

There is 3 cases of oauth behavior:

  1. Sign in user via finding SocialProfile by uid and provider from auth hash.
  2. Sign in user via finding him by email from auth hash, and create SocialProfile for user.
  3. Create new user via auth hash, and SocialProfile for him.

Usually, auth hash should contain some data, which says, that account from that Social Profile is confirmed/verified by email. But some services doesn't have that data, like LinkedIn or GitHub.
So we can't trust this auth hash data, and we can't use it for authenticating user in second case.

So it seems, that we have to develop strategy for those cases.

@ruslankhaertdinov ruslankhaertdinov force-pushed the authentication-via-social-networks branch 2 times, most recently from 52bef83 to 85ec5a3 Compare October 30, 2015 12:40
@ruslankhaertdinov ruslankhaertdinov force-pushed the authentication-via-social-networks branch from 85ec5a3 to cf69813 Compare October 30, 2015 19:21
@ruslankhaertdinov
Copy link
Contributor Author

ruslankhaertdinov commented Oct 30, 2015

@MaximLarionov please take a new look

@ruslankhaertdinov
Copy link
Contributor Author

ruslankhaertdinov commented Nov 1, 2015

@timurvafin also kindly please review

@ruslankhaertdinov
Copy link
Contributor Author

ruslankhaertdinov commented Nov 9, 2015

@MaximLarionov ping)

maxinspace
maxinspace reviewed Nov 9, 2015
View reviewed changes
app/interactors/fetch_oauth_user.rb Outdated
Copy link

@maxinspace maxinspace Nov 9, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess, we should try to find social profile, before finding by email.

If user has already signed with this social account, then he should have Social Profile, so it's more reasonable to look for it, and if we haven't found one - find by email, and create new social profile for him.

@maxinspace
Copy link

maxinspace commented Nov 9, 2015

@ruslankhaertdinov it seems like that's all from my side for current moment :)

@ruslankhaertdinov
Copy link
Contributor Author

ruslankhaertdinov commented Nov 9, 2015

@MaximLarionov thanks a lot!)

@ruslankhaertdinov ruslankhaertdinov force-pushed the authentication-via-social-networks branch from 1312fdd to e92ad7b Compare November 11, 2015 20:30
@ruslankhaertdinov ruslankhaertdinov force-pushed the authentication-via-social-networks branch from e92ad7b to 11a7531 Compare November 11, 2015 20:34
@ruslankhaertdinov
Copy link
Contributor Author

ruslankhaertdinov commented Nov 11, 2015

@MaximLarionov please take a look again, when you have time ;)

maxinspace
maxinspace reviewed Nov 18, 2015
View reviewed changes
app/interactors/oauth_organizer.rb Outdated
Copy link

@maxinspace maxinspace Nov 18, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

&& !found_user_by_email?

do we need this check here?

Copy link
Contributor Author

@ruslankhaertdinov ruslankhaertdinov Nov 19, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@MaximLarionov good catch 👍 , seems like this check is redundant here.

apply review comments: extract user#connect_social_profile into servi…
5552594 
…ce, remove unused checks from OauthOrganizer
ruslankhaertdinov
ruslankhaertdinov reviewed Nov 19, 2015
View reviewed changes
app/interactors/oauth_organizer.rb
Copy link
Contributor Author

@ruslankhaertdinov ruslankhaertdinov Nov 19, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@MaximLarionov what do you think, should I leave it as is, or change logic and replace if auth_verified? with if !user_found_by_email??

Copy link

@maxinspace maxinspace Nov 25, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hm, I doubt that we should build something from unverified auth, so auth verification should be kept

@timurvafin
Copy link
Member

timurvafin commented Feb 4, 2016

Moved to FlatstackSchool/rails-examples#3

@timurvafin timurvafin closed this Feb 4, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ruslankhaertdinov @maxinspace @timurvafin