Commit 633793cf authored by Timothy Andrew's avatar Timothy Andrew

Implement "remember me" for OAuth-based login.

- Pass a `remember_me` query parameter along with the initial OAuth request, and
  pick this parameter up during the omniauth callback from
  request.env['omniauth.params']`.

- For 2FA-based login, copy the `remember_me` param from `omniauth.params` to
  `params`, which the 2FA process will pick up.

- For non-2FA-based login, simply call the `remember_me` devise method to set
  the session cookie.
parent c8eef2d2
class OmniauthCallbacksController < Devise::OmniauthCallbacksController class OmniauthCallbacksController < Devise::OmniauthCallbacksController
include AuthenticatesWithTwoFactor include AuthenticatesWithTwoFactor
include Devise::Controllers::Rememberable
protect_from_forgery except: [:kerberos, :saml, :cas3] protect_from_forgery except: [:kerberos, :saml, :cas3]
...@@ -115,8 +116,10 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController ...@@ -115,8 +116,10 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
if @user.persisted? && @user.valid? if @user.persisted? && @user.valid?
log_audit_event(@user, with: oauth['provider']) log_audit_event(@user, with: oauth['provider'])
if @user.two_factor_enabled? if @user.two_factor_enabled?
params[:remember_me] = '1' if remember_me?
prompt_for_two_factor(@user) prompt_for_two_factor(@user)
else else
remember_me(@user) if remember_me?
sign_in_and_redirect(@user) sign_in_and_redirect(@user)
end end
else else
...@@ -147,4 +150,9 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController ...@@ -147,4 +150,9 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
AuditEventService.new(user, user, options) AuditEventService.new(user, user, options)
.for_authentication.security_event .for_authentication.security_event
end end
def remember_me?
request_params = request.env['omniauth.params']
request_params['remember_me'] == '1'
end
end end
...@@ -6,4 +6,21 @@ ...@@ -6,4 +6,21 @@
- providers.each do |provider| - providers.each do |provider|
%span.light %span.light
- has_icon = provider_has_icon?(provider) - has_icon = provider_has_icon?(provider)
= link_to provider_image_tag(provider), omniauth_authorize_path(:user, provider), method: :post, class: (has_icon ? 'oauth-image-link' : 'btn') = link_to provider_image_tag(provider), omniauth_authorize_path(:user, provider), method: :post, class: 'oauth-login' + (has_icon ? ' oauth-image-link' : ' btn')
%fieldset
= check_box_tag :remember_me
= label_tag :remember_me, "Remember Me"
:javascript
$("#remember_me").click(function(event){
var rememberMe = $(event.target).is(":checked");
$(".oauth-login").each(function(i, element) {
var href = $(element).attr('href');
if (rememberMe) {
$(element).attr('href', href + '?remember_me=1');
} else {
$(element).attr('href', href.replace('?remember_me=1', ''));
}
});
});
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment