fix!(omniauth): keep verified email in session between registration f…

…orm when needed
OpenSourcePolitics · Jan 15, 2025 · be38220 · be38220
1 parent be5f07d
commit be38220
Show file tree

Hide file tree

Showing 2 changed files with 53 additions and 0 deletions.
diff --git a/config/application.rb b/config/application.rb
@@ -48,6 +48,7 @@ class Application < Rails::Application
     config.after_initialize do
       # Controllers
       require "extends/controllers/decidim/devise/sessions_controller_extends"
+      require "extends/controllers/decidim/devise/omniauth_registrations_controller_extends"
       require "extends/controllers/decidim/editor_images_controller_extends"
       require "extends/controllers/decidim/proposals/proposals_controller_extends"
       require "extends/controllers/decidim/newsletters_controller_extends"

diff --git a/lib/extends/controllers/decidim/devise/omniauth_registrations_controller_extends.rb b/lib/extends/controllers/decidim/devise/omniauth_registrations_controller_extends.rb
@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+module OmniauthRegistrationsControllerExtends
+  extend ActiveSupport::Concern
+
+  included do
+    def create
+      form_params = user_params_from_oauth_hash || params[:user]
+
+      @form = form(Decidim::OmniauthRegistrationForm).from_params(form_params)
+      @form.email ||= verified_email
+
+      Decidim::CreateOmniauthRegistration.call(@form, verified_email) do
+        on(:ok) do |user|
+          if user.active_for_authentication?
+            sign_in_and_redirect user, event: :authentication
+            set_flash_message :notice, :success, kind: @form.provider.capitalize
+          else
+            expire_data_after_sign_in!
+            user.resend_confirmation_instructions unless user.confirmed?
+            redirect_to decidim.root_path
+            flash[:notice] = t("devise.registrations.signed_up_but_unconfirmed")
+          end
+        end
+
+        on(:invalid) do
+          set_flash_message :notice, :success, kind: @form.provider.capitalize
+          session["devise.omniauth.verified_email"] = verified_email
+          render :new
+        end
+
+        on(:error) do |user|
+          if user.errors[:email]
+            set_flash_message :alert, :failure, kind: @form.provider.capitalize, reason: t("decidim.devise.omniauth_registrations.create.email_already_exists")
+          end
+          session["devise.omniauth.verified_email"] = verified_email
+          render :new
+        end
+      end
+    end
+
+    private
+
+    def verified_email
+      @verified_email ||= oauth_data.dig(:info, :email) || session.delete("devise.omniauth.verified_email")
+    end
+  end
+end
+
+Decidim::Devise::OmniauthRegistrationsController.class_eval do
+  include(OmniauthRegistrationsControllerExtends)
+end