Use google signin

app/assets/javascripts/google.js.erb

@@ -0,0 +1,33 @@
+// Google API forces this function to be in the global namespace
+function laddersGoogleStart() {
+  gapi.load('auth2', function() {
+    auth2 = gapi.auth2.init({
+      client_id: '<%= Rails.application.secrets.google_key %>',
+      scope: 'profile email'
+    });
+  });
+}
+
+(function() {
+  function signIn(authResult) {
+    if (!authResult.code) {
+      return
+    }
+    $.ajax({
+      type: 'POST',
+      url: '/auth/google',
+      headers: {
+        'X-Requested-With': 'XMLHttpRequest'
+      },
+      data: {code: authResult.code}
+    });
+  }
+
+  function error(error) {
+    console.log(error);
+  }
+
+  $(document).on('click', '#googleLogin', function() {
+    auth2.grantOfflineAccess().then(signIn, error);
+  });
+})();

app/controllers/sessions_controller.rb

@@ -1,6 +1,11 @@
 class SessionsController < ApplicationController
   skip_before_action :verify_authenticity_token, :only => [:callback]
 
+  def new
+    @authhash = session['authhash']
+    redirect_to session_path unless @authhash
+  end
+
   def show
   end
 
@@ -46,6 +51,7 @@ def callback
   end
 
   def failure
+    reset_session
     redirect_to session_path, :notice => case params[:message]
     when /invalid_credentials/i
       t('sessions.failure.invalid')
@@ -56,6 +62,54 @@ def failure
     end
   end
 
+  def google
+    if !request.headers['X-Requested-With']
+      redirect_to auth_failure_path
+      return
+    end
+
+    access_token_uri = URI('https://accounts.google.com/o/oauth2/token')
+    people_api_uri = URI('https://www.googleapis.com/plus/v1/people/me/openIdConnect')
+
+    access_token_response = Net::HTTP.post_form(access_token_uri, {
+      code: params['code'],
+      client_id: Rails.application.secrets.google_key,
+      client_secret: Rails.application.secrets.google_secret,
+      redirect_uri: root_url.chomp('/'),
+      grant_type: 'authorization_code'
+    })
+    token = JSON.parse(access_token_response.body)
+
+    profile_request = Net::HTTP::Get.new(people_api_uri)
+    profile_request['Authorization'] = "#{token['token_type']} #{token['access_token']}"
+    profile_response = Net::HTTP.start(people_api_uri.hostname, people_api_uri.port, use_ssl: people_api_uri.scheme == 'https') do |http|
+      http.request(profile_request)
+    end
+    profile = JSON.parse(profile_response.body)
+
+    if !profile['sub']
+      redirect_to auth_failure_path
+      return
+    end
+
+    @authhash = {
+      'provider' => 'google_oauth2',
+      'uid' => profile['sub'],
+      'name' => profile['name'],
+      'email' => profile['email'],
+      'first_name' => profile['given_name'],
+      'last_name' => profile['family_name'],
+      'image_url' => profile['picture'],
+    }
+    session['authhash'] = @authhash
+    auth = Service.find_by(provider: 'google_oauth2', uid: @authhash['uid'])
+    if auth && auth.update_attributes(@authhash)
+      authenticate_and_redirect(auth.user, auth)
+    else
+      redirect_to auth_failure_path
+    end
+  end
+
   private
 
   def authenticate_and_redirect(user, service)

app/views/layouts/application.html.erb

@@ -13,8 +13,9 @@
       <script src="http://html5shim.googlecode.com/svn/trunk/html5.js" type="text/javascript"></script>
     <![endif]-->
 
-    <%= stylesheet_link_tag "application", :media => "all", "data-turbolinks-track" => true %>
-    <%= javascript_include_tag "application", "data-turbolinks-track" => true %>
+    <%= stylesheet_link_tag    'application', media: 'all', 'data-turbolinks-track': 'reload' %>
+    <%= javascript_include_tag 'application', 'data-turbolinks-track': 'reload' %>
+    <script src="https://apis.google.com/js/client:platform.js?onload=laddersGoogleStart" data-turbolinks-track="reload" async defer></script>
   </head>
   <body>
     <% if Rails.application.secrets.google_analytics %>

app/views/sessions/show.html.erb

@@ -5,7 +5,7 @@
 
 <div class="btn-group-vertical" data-no-turbolink>
   <% unless Rails.env.production? %>
-    <%= link_to '/auth/developer', :rel => 'external', :class => 'btn btn-default btn-lg' do %><%= glyph 'sign-blank' %> <%= t '.login_with', :name => 'Developer'%><% end %>
+    <%= link_to '/auth/developer', :rel => 'external', :class => 'btn btn-default btn-lg', :data => {turbolinks: false} do %><%= glyph 'sign-blank' %> <%= t '.login_with', :name => 'Developer'%><% end %>
   <% end %>
-  <%= link_to '/auth/google_oauth2', :rel => 'external', :class => 'btn btn-default btn-lg' do%><%= glyph 'google-plus' %> <%= t '.login_with', :name => 'Google'%><% end %>
+  <%= button_tag :id => 'googleLogin', :rel => 'external', :class => 'btn btn-default btn-lg' do%><%= glyph 'google-plus' %> <%= t '.login_with', :name => 'Google'%><% end %>
 </div>

config/routes.rb

@@ -16,8 +16,9 @@
   get 'auth/:service/callback' => 'sessions#callback'
   post 'auth/:service/callback' => 'sessions#callback'
   get 'auth/failure' => 'sessions#failure'
+  post 'auth/google' => 'sessions#google'
   get 'logout' => 'sessions#destroy'
-  resource :session, :only => [:show, :create, :destroy]
+  resource :session, :only => [:show, :create, :destroy, :new]
 
   resource :home, :only => [:show]