Improve Omniauth security

2019-10-18 10:13:00 +05:00 · 2019-10-18 10:13:00 +05:00 · 1fd43dd37f
parent 90dcfceb57
commit 1fd43dd37f
1 changed files with 14 additions and 0 deletions
--- a/app/interactors/authenticate_user_with_omniauth.rb
+++ b/app/interactors/authenticate_user_with_omniauth.rb
@ -9,6 +9,8 @@ class AuthenticateUserWithOmniauth
    ActiveRecord::Base.transaction do
      build_user
      build_user_omniauth
+      validity_check
+      security_check
      save_records
    end
  end
@ -42,6 +44,18 @@ private
    end
  end

+  def validity_check
+    return if context.user_omniauth.user == context.user
+
+    context.fail! user: nil, user_omniauth: nil
+  end
+
+  def security_check
+    return unless context.user.persisted? && context.user_omniauth.new_record?
+
+    context.fail! user: nil, user_omniauth: nil
+  end
+
  def save_records
    return if context.user.save &&
              context.user_omniauth.save