stackoom
  简体   繁体   中英

Prevent user from accessing /auth/:provider under some conditions in OmniAuth

 原文  2017-06-08 22:58:13       ruby-on-rails/ ruby/ omniauth/ rack

Question

Is there any way to prevent users from accessing /auth/:provider if, say, they are not logged in? I've tried to use before_request_phase callback and Rack::Response to redirect them to sign in page but it haven't worked.

My application is not using omniauth for user authentication. Instead, it is used to connect third-party accounts to the user profile.

Thanks!

2 answers

solution1
 1  2021-06-04 08:58:23

OmniAuth.config.before_request_phase = lambda do |env|
  user = env['warden'].authenticate!
end

solution2
 0 ACCPTED  2017-06-11 05:47:12

Ok, the solution I found was to create a new OmniAuth Strategy which inherits from the one I wanted to use and to override the request_phase method. Could not get the same behaviour using only OmniAuth configs in its initializer.

def request_phase
  if env['rack.session']['warden.user.user.key'].present?
    super
  else
    redirect '/'
  end
end

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to change route of omniauth from /auth/:provider to /myapp/auth/:provider How to get the auth URL from an OmniAuth provider without redirect How to change /auth/:provider path by omniauth Why does Omniauth redirect to /auth/failure and not /auth/:provider/failure? Prevent user from accessing page if not current user Omniauth isn't catching the initial get “/auth/:provider” request Authenticate Devise User Before Accessing Omniauth Routes How to get twitter user name from request.env[“omniauth.auth”] (Rails) No route matches "omniauth/:provider" when using devise, omniauth and devise-token-auth Origin of OmniAuth - Where was /auth/facebook called from
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM