Merge pull request #151 from pulibrary/omniauth-update

Add omniauth gem

Gemfile

@@ -14,6 +14,7 @@ gem "honeybadger"
 gem "isni"
 gem "jbuilder"
 gem "oauth2", "~> 2.0.x"
+gem "omniauth", "~> 2.1", ">= 2.1.2"
 gem "omniauth-orcid"
 gem "pg"
 gem "puma", "5.6.8"
@@ -25,7 +26,7 @@ gem "vite_ruby"
 gem "sul_orcid_client"
 
 # Single sign on
-gem "devise"
+gem "devise", "~> 4.9"
 gem "omniauth-cas", "~> 3.0"
 
 group :development, :test do
@@ -38,10 +39,10 @@ group :development, :test do
 end
 
 group :development do
-  gem "byebug"
   gem "capistrano", "3.17.2", require: false
   gem "capistrano-passenger", require: false
   gem "capistrano-rails", "~> 1.6", require: false
+  gem "pry-byebug"
   # Use console on exceptions pages [https://github.com/rails/web-console]
   gem "web-console"
 end

Gemfile.lock

@@ -144,6 +144,7 @@ GEM
       super_diff
       thor
       zeitwerk (~> 2.1)
+    coderay (1.1.3)
     coercible (1.0.0)
       descendants_tracker (~> 0.0.1)
     commonmarker (0.23.10)
@@ -247,6 +248,7 @@ GEM
       net-smtp
     marcel (1.0.4)
     matrix (0.4.2)
+    method_source (1.1.0)
     mini_mime (1.1.5)
     minitest (5.23.1)
     msgpack (1.7.2)
@@ -315,6 +317,12 @@ GEM
     patience_diff (1.2.0)
       optimist (~> 3.0)
     pg (1.5.6)
+    pry (0.14.2)
+      coderay (~> 1.1)
+      method_source (~> 1.0)
+    pry-byebug (3.10.1)
+      byebug (~> 11.0)
+      pry (>= 0.13, < 0.15)
     psych (5.1.2)
       stringio
     public_suffix (5.0.5)
@@ -503,15 +511,14 @@ DEPENDENCIES
   bcrypt_pbkdf
   bixby
   bootsnap
-  byebug
   capistrano (= 3.17.2)
   capistrano-passenger
   capistrano-rails (~> 1.6)
   capybara
   coveralls_reborn
   database_cleaner-active_record
   debug
-  devise
+  devise (~> 4.9)
   ed25519
   factory_bot_rails
   ffaker
@@ -520,9 +527,11 @@ DEPENDENCIES
   isni
   jbuilder
   oauth2 (~> 2.0.x)
+  omniauth (~> 2.1, >= 2.1.2)
   omniauth-cas (~> 3.0)
   omniauth-orcid
   pg
+  pry-byebug
   puma (= 5.6.8)
   rack (= 2.2.8.1)
   rails (~> 7.1.0)

app/controllers/application_controller.rb

@@ -2,11 +2,18 @@
 class ApplicationController < ActionController::Base
   protect_from_forgery with: :exception
   before_action :authenticate_user!
+  # include Devise::Controllers::UrlHelpers
+  # include Rails.application.routes.url_helpers
+  # include Rails.application.routes.mounted_helpers
 
   def new_session_path(_scope)
     new_user_session_path
   end
 
+  def session_path(_scope)
+    new_user_session_path
+  end
+
   def after_sign_in_path_for(_resource)
     "/users/#{@user.id}"
   end

config/initializers/devise.rb

@@ -290,10 +290,11 @@
 
   ## For CAS
   config.omniauth :cas, host: "fed.princeton.edu", url: "https://fed.princeton.edu/cas"
-  OmniAuth.config.allowed_request_methods = [:get, :post]
 
   ## For OCID Failure
   config.omniauth :orcid, callback: "/auth/orcid/callback"
+  OmniAuth.config.allowed_request_methods = [:get, :post]
+  OmniAuth.config.request_validation_phase = OmniAuth::AuthenticityTokenProtection.new(allow_if: ->(_env) { true })
 
   # ==> Mountable engine configurations
   # When using Devise inside an engine, let's call it `MyEngine`, and this engine

config/routes.rb

@@ -11,7 +11,6 @@
   resources :users, only: [:show]
 
   get "orcids/:id", to: "orcids#show", as: :orcid_show
-  # match "/auth/orcid/callback", to: "users/omniauth_callbacks#orcid", via: [:get, :post]
   match "/auth/orcid/callback", to: "orcids#create", via: [:get, :post]
 
   get "home/index"
@@ -20,15 +19,13 @@
   # Can be used by load balancers and uptime monitors to verify that the app is live.
   get "up" => "rails/health#show", as: :rails_health_check
 
-  # Defines the root path route ("/")
-  # root "posts#index"
-
   root "home#index"
 
   devise_for :users, controllers: { omniauth_callbacks: "users/omniauth_callbacks" }
 
   devise_scope :user do
     get "sign_in", to: "devise/sessions#new", as: :new_user_session
+    get "sign_in", to: "users/omniauth_callbacks#passthru", as: :session
     get "sign_out", to: "devise/sessions#destroy", as: :destroy_user_session
   end
 end