Improve Omniauth security
This commit is contained in:
parent
90dcfceb57
commit
1fd43dd37f
|
@ -9,6 +9,8 @@ class AuthenticateUserWithOmniauth
|
|||
ActiveRecord::Base.transaction do
|
||||
build_user
|
||||
build_user_omniauth
|
||||
validity_check
|
||||
security_check
|
||||
save_records
|
||||
end
|
||||
end
|
||||
|
@ -42,6 +44,18 @@ private
|
|||
end
|
||||
end
|
||||
|
||||
def validity_check
|
||||
return if context.user_omniauth.user == context.user
|
||||
|
||||
context.fail! user: nil, user_omniauth: nil
|
||||
end
|
||||
|
||||
def security_check
|
||||
return unless context.user.persisted? && context.user_omniauth.new_record?
|
||||
|
||||
context.fail! user: nil, user_omniauth: nil
|
||||
end
|
||||
|
||||
def save_records
|
||||
return if context.user.save &&
|
||||
context.user_omniauth.save
|
||||
|
|
Reference in New Issue