Commit 5c94f9a8ec71e1a85bc3d93a3a22eae3bc80c888
1 parent
2d1fb53a
Exists in
theme-brasil-digital-from-staging
and in
9 other branches
oauth_client: ensure that the signup email is the same provided by oauth
Showing
3 changed files
with
12 additions
and
4 deletions
Show diff stats
plugins/oauth_client/controllers/public/oauth_client_plugin_public_controller.rb
| @@ -9,6 +9,7 @@ class OauthClientPluginPublicController < PublicController | @@ -9,6 +9,7 @@ class OauthClientPluginPublicController < PublicController | ||
| 9 | session[:user] = user | 9 | session[:user] = user |
| 10 | redirect_to :controller => :account, :action => :login | 10 | redirect_to :controller => :account, :action => :login |
| 11 | else | 11 | else |
| 12 | + session[:oauth_email] = auth.info.email | ||
| 12 | name = auth.info.name | 13 | name = auth.info.name |
| 13 | name ||= auth.extra && auth.extra.raw_info ? auth.extra.raw_info.name : '' | 14 | name ||= auth.extra && auth.extra.raw_info ? auth.extra.raw_info.name : '' |
| 14 | redirect_to :controller => :account, :action => :signup, :user => {:login => login, :email => auth.info.email, :oauth_providers => [{:provider => auth.provider, :uid => auth.uid}]}, :profile_data => {:name => name} | 15 | redirect_to :controller => :account, :action => :signup, :user => {:login => login, :email => auth.info.email, :oauth_providers => [{:provider => auth.provider, :uid => auth.uid}]}, :profile_data => {:name => name} |
plugins/oauth_client/lib/oauth_client_plugin.rb
| @@ -69,4 +69,8 @@ class OauthClientPlugin < Noosfero::Plugin | @@ -69,4 +69,8 @@ class OauthClientPlugin < Noosfero::Plugin | ||
| 69 | end | 69 | end |
| 70 | end | 70 | end |
| 71 | 71 | ||
| 72 | + def account_controller_filters | ||
| 73 | + {:type => 'before_filter', :method_name => 'signup', :block => proc { raise "Wrong email for oauth signup" if request.post? && session[:oauth_email].present? && session[:oauth_email] != params[:user][:email] } } | ||
| 74 | + end | ||
| 75 | + | ||
| 72 | end | 76 | end |
plugins/oauth_client/views/account/_oauth_signup.html.erb
| @@ -2,10 +2,13 @@ | @@ -2,10 +2,13 @@ | ||
| 2 | <%= hidden_field_tag 'user[oauth_providers][][uid]', @user.oauth_providers.first[:uid] %> | 2 | <%= hidden_field_tag 'user[oauth_providers][][uid]', @user.oauth_providers.first[:uid] %> |
| 3 | 3 | ||
| 4 | <style> | 4 | <style> |
| 5 | - #signup-password { | ||
| 6 | - display: none; | ||
| 7 | - } | ||
| 8 | - #signup-password-confirmation { | 5 | + #signup-password, |
| 6 | + #signup-password-confirmation, | ||
| 7 | + #signup-email { | ||
| 9 | display: none; | 8 | display: none; |
| 10 | } | 9 | } |
| 11 | </style> | 10 | </style> |
| 11 | + | ||
| 12 | +<div id='signup-email-readonly'> | ||
| 13 | + <%= labelled_form_field(_('Email'), text_field(:user, :email, :class => "disabled", :readonly => true)) %> | ||
| 14 | +</div> |