Missing Rearview::User.valid_email? method about rearview HOT 8 CLOSED

Internally we use oauth2, but I wanted the open source version to use database authentication out of the box. At the same time I wanted to provide a way for users to use oauth2 if they wanted, so that's why I included the omniauth controller.

But you are not missing something, I am. This is dead code specific to LivingSocial that should be removed.

Thanks for pointing it out.

from rearview.

I'm assuming the missing piece of code was checking that the email belongs to one of your domains; in this case, it makes sense to leave it. We use the same pattern, and I believe other companies do the same.

Also, why oauth2 and not openid?

from rearview.

Sounds like you are using oauth2?

The implementation in our extension of Rearview::User is something like this:

  def self.valid_email?(email)
    email.present? && (email.ends_with?('hungrymachine.com')|| email.ends_with?('livingsocial.com'))
  end

This would not be generic/usable for the general public. Is this another candidate for a configuration option (maybe an email matching regex) or did you have something else in mind?

config.oauth2_valid_emails = /(hungrymachine|livingsocial)\.com$/

def self.valid_email?(email)
  email.present? && email.match(Rearview.config.oauth2_valid_emails)
end

from rearview.

Once you move the valid domains list to a configuration, it becomes reusable. For example:

# Rearview.config.valid_domains = ['hungrymachine.com', 'livingsocial.com']

def self.valid_email?(email)
  email.present? && Rearview.config.valid_domains.map { |domain| email.ends_with?(domain) }.any?
end

I had some issues with the oauth configuration (and omniauth in general), and ended up using this method: https://github.com/plataformatec/devise/wiki/OmniAuth%3A-Overview#google-apps although for you it won't be good, as it seems limited to a single domain.

from rearview.

What problems did you run into?

from rearview.

I think my main issue was that I had to add the following line to the User model:

devise :omniauthable, :omniauth_providers => [:google_apps]

Until I figured this out, I've did several changes; including rewriting Devise's initiailzier and moving from oauth2 to the gem mentioned above. If you want, I can try to reset git history and retry making oauth2 working.

from rearview.

This is an area that needs some polishing with either some documentation, configuration, and improving the view so it knows which type of sign-in to use.

You should be able to get oauth2 to work fine with those changes. For our engine host the user model devise call looks like this:

  devise :omniauthable,:database_authenticatable,:omniauth_providers => [:google_oauth2]

Keep in mind that this alone will not get oauth2 working. You need to also setup things correctly on the google side, and edit devise.rb:

config.omniauth :google_oauth2,
              'xxxx', #app ID
              'xxxx', #client ID
              :scope => 'https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile',
              :access_type => 'offline',
              :approval_prompt => ''

To answer your previous question RE: openid vs oauth2. Most of our internal apps now use oauth2 so rearview follows that standard. Also though, some of the other apps I work with use features like Google Drive, and oauth2 works much better when integrating with google apps. So in the end its easier to deal with if all our apps use the same auth approach.

from rearview.

👍 makes sense.

I think that it's better to start with documentation and switch to configuration if it seems that most users will need it.

from rearview.