问题描述

所以我试图使用omniauth2检查电子邮件是否拥有@ domain.com，但我认为使用数据库表将允许更多的功能以及更安全的等等。

So I was trying to use omniauth2 to check if the email had the right @domain.com but I think using a database table will allow more functionality as well as being more secure and such.

我以前的问题：

我想我要使用数据库表格检查Google通过电子邮件白名单进行身份验证的电子邮件，有没有办法用devise和omniauth2这样做？这样我可以说只有某些用户在获得Google认证后才被授权。我以前的问题列出了最多的信息，但如果有更多的信息可以让我知道。
谢谢。

I think I want to use a database table to check the email that google authenticated against a whitelist of emails, is there anyway to do this with devise and omniauth2? That way I can say only certain users are authorized after they get authenticated with Google. I have most info listed on my previous question but if there is some more info I can give let me know.Thanks.

编辑：不知道这有多大帮助，但这里是一个类似的问题;然而，我仍然使用谷歌和全球

Not sure how much this helps but here is a question similar; however, I am still using google and omniauth Whitelisting with devise

编辑：我认为上述设计白名单非常接近答案，但还有一些缺点。我不知道如何开始实现我特别是红宝石的所有新东西。

I think the above "Whitelisting with devise" is pretty close to the answer, but there are still a few kinks to work out. I'm not sure how to start implementing everything I'm pretty new to ruby in particular.

这是我的路线：

   devise_for :user, :controllers => { :omniauth_callbacks => "user/omniauth_callbacks" }
And that controller:

    class User::OmniauthCallbacksController < Devise::OmniauthCallbacksController
      def google_oauth2
      @user = User.find_for_google_oauth2(request.env["omniauth.auth"], current_user)
        if @user.persisted?
          flash[:notice] = I18n.t "devise.omniauth_callbacks.success", :kind => "Google"
          sign_in_and_redirect @user, :event => :authentication
        else
          session["devise.google_data"] = request.env["omniauth.auth"]
          redirect_to new_user_registration_url
        end
      end
    end

如果我明白了正确设置白名单，我必须在其间创建另一个控制器，并使用它检查电子邮件？任何帮助将不胜感激。

If I understand the Whitelisting with devise correctly I have to create another controller in between and use that to check the email? Any help would be greatly appreciated.

编辑：这是我的user.rb我认为这可能会持有答案：

Here is my user.rb I think this might hold the answer possibly?:

class User < ActiveRecord::Base
devise :database_authenticatable, :registerable, :omniauthable,
         :recoverable, :rememberable, :trackable, :validatable, :omniauth_providers => [:google_oauth2]

  attr_accessible :email, :password, :password_confirmation, :remember_me, :username, :provider, :uid, :avatar

def self.find_for_google_oauth2(access_token, signed_in_resource=nil)
    data = access_token.info
    user = User.where(:email => data["email"]).first

    unless user
        user = User.create(name: data["name"],
             email: data["email"],
             password: Devise.friendly_token[0,20]
            )
    end
    user
end
end

推荐答案

我会向用户模型添加验证，因此，如果来自oauth的电子邮件不是形成某个域，则不会创建用户：

I'd add a validation to the User Model so, no user would be created if the email that comes from oauth is not form a certain domain:

validates :email,
           presence: true,
           uniqueness: true,
           format: {
                   message: 'domain must be example.com',
                   with: /\A[\w+-.]+@example.com\z/i
                   }

这篇关于使用Google OAuth2.0限制登录，并使用Ruby设计为特定的白名单表的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！