在 OmniAuth 中的某些条件下阻止用户访问 /auth/:provider
[英]Prevent user from accessing /auth/:provider under some conditions in OmniAuth
问题描述
Is there any way to prevent users from accessing /auth/:provider if, say, they are not logged in?
有没有办法阻止用户访问/auth/:provider如果他们没有登录? I've tried to use before_request_phase callback and Rack::Response to redirect them to sign in page but it haven't worked.我尝试使用before_request_phase回调和Rack::Response将它们重定向到登录页面,但没有奏效。
My application is not using omniauth for user authentication.我的应用程序没有使用 omniauth 进行用户身份验证。 Instead, it is used to connect third-party accounts to the user profile.相反,它用于将第三方帐户连接到用户配置文件。
Thanks!谢谢!
2 个解决方案
解决方案1
1 2021-06-04 08:58:23
OmniAuth.config.before_request_phase = lambda do |env|
user = env['warden'].authenticate!
end
解决方案2
0 已采纳 2017-06-11 05:47:12
Ok, the solution I found was to create a new OmniAuth Strategy which inherits from the one I wanted to use and to override the request_phase method.好的,我找到的解决方案是创建一个新的 OmniAuth 策略,它继承自我想要使用的策略并覆盖request_phase方法。 Could not get the same behaviour using only OmniAuth configs in its initializer.在其初始值设定项中仅使用 OmniAuth 配置无法获得相同的行为。
def request_phase
if env['rack.session']['warden.user.user.key'].present?
super
else
redirect '/'
end
end
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.