Disallow new users from Oauth signup if `allow_single_sign_on` is disabled
Because devise will trigger a save, allowing unsaved users to login, behaviour had changed. The current implementation returns a pre-build user, which can be saved without errors. Reported in #1677
This commit is contained in:
parent
05922e71f4
commit
92c184a57f
|
@ -54,11 +54,15 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
|
|||
@user.save
|
||||
end
|
||||
|
||||
if @user.valid?
|
||||
# Only allow properly saved users to login.
|
||||
if @user.persisted? && @user.valid?
|
||||
sign_in_and_redirect(@user.gl_user)
|
||||
else
|
||||
elsif @user.gl_user.errors.any?
|
||||
error_message = @user.gl_user.errors.map{ |attribute, message| "#{attribute} #{message}" }.join(", ")
|
||||
redirect_to omniauth_error_path(oauth['provider'], error: error_message) and return
|
||||
else
|
||||
flash[:notice] = "There's no such user!"
|
||||
redirect_to new_user_session_path
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue