I am moving the application to use only Google Federated Login (OpenID) for the application (we use Google applications for everything and we think it would be easier to combine user management there). Although I can successfully log in and create users, my thoughts are now safe ...
When a user logs in, I have a "Login" button - nothing more. The site domain is hardcoded (where SITE_DOMAIN appears below) and the user is redirected to a typical google login page.
Here is the code:
def create
open_id_authentication
end
protected
def open_id_authentication
openid_url = 'https://www.google.com/accounts/o8/site-xrds?hd=SITE_DOMAIN'
authenticate_with_open_id(openid_url,
:required => ['http://axschema.org/contact/email',
'http://axschema.org/namePerson/first',
'http://axschema.org/namePerson/last']) do |result, identity_url, registration|
case result.status
when :missing
failed_login "Sorry, the OpenID server couldn't be found"
when :invalid
failed_login "Sorry, but this does not appear to be a valid OpenID"
when :canceled
failed_login "OpenID verification was canceled"
when :failed
failed_login "Sorry, the OpenID verification failed"
when :successful
if @current_user = User.find_by_id_url(identity_url)
if @current_user.login_from(request.env['REMOTE_ADDR'])
successful_login
else
failed_login "Your OpenID profile registration failed: " + @current_user.errors.full_messages.to_sentence
end
else
ax_response = OpenID::AX::FetchResponse.from_success_response(request.env[Rack::OpenID::RESPONSE])
@current_user = User.login_create(ax_response, identity_url, request.env['REMOTE_ADDR'])
successful_login
end
end
end
end
After a successful login, I just save the user in the session ...
session[:current_user] = @current_user
... and use the simple current_user method in the application controller ...
def current_user
return session[:current_user] if defined?(session[:current_user])
end
. OpenIDAuthentication , ( ). , , .:)
?
open_id_authentication openid gem ( ruby-openid-apps Google).