Upgrade devise to 4.9.4 and OmniAuth

A required update to `devise` and `omniauth` gems. The breaking change is the changed form method from GET to POST. This change requires all OmniAuth buttons to be wrapped into a form to ensure we can use the POST method on them.
IT61 · Apr 28, 2024 · 47428f1 · 47428f1
1 parent 2e76eac
commit 47428f1
Show file tree

Hide file tree

Showing 7 changed files with 117 additions and 99 deletions.
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -68,7 +68,7 @@ GEM
       execjs
     awesome_print (1.8.0)
     base64 (0.2.0)
-    bcrypt (3.1.13)
+    bcrypt (3.1.20)
     bootsnap (1.18.3)
       msgpack (~> 1.2)
     bourbon (6.0.0)
@@ -116,7 +116,7 @@ GEM
     declarative (0.0.10)
     declarative-option (0.1.0)
     deep_merge (1.2.2)
-    devise (4.7.1)
+    devise (4.9.4)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 4.1.0)
@@ -214,7 +214,6 @@ GEM
     image_processing (1.12.2)
       mini_magick (>= 4.9.5, < 5)
       ruby-vips (>= 2.0.17, < 3)
-    jaro_winkler (1.5.6)
     jquery-rails (4.3.5)
       rails-dom-testing (>= 1, < 3)
       railties (>= 4.2.0)
@@ -276,31 +275,33 @@ GEM
       mini_portile2 (~> 2.8.2)
       racc (~> 1.4)
     normalize-rails (4.1.1)
-    oauth2 (1.4.11)
+    oauth2 (2.0.9)
       faraday (>= 0.17.3, < 3.0)
       jwt (>= 1.0, < 3.0)
-      multi_json (~> 1.3)
       multi_xml (~> 0.5)
       rack (>= 1.2, < 4)
-    omniauth (1.9.2)
+      snaky_hash (~> 2.0)
+      version_gem (~> 1.1)
+    omniauth (2.1.2)
       hashie (>= 3.4.6)
-      rack (>= 1.6.2, < 3)
-    omniauth-github (1.3.0)
-      omniauth (~> 1.5)
-      omniauth-oauth2 (>= 1.4.0, < 2.0)
-    omniauth-google-oauth2 (0.8.2)
+      rack (>= 2.2.3)
+      rack-protection
+    omniauth-github (2.0.1)
+      omniauth (~> 2.0)
+      omniauth-oauth2 (~> 1.8)
+    omniauth-google-oauth2 (1.1.2)
       jwt (>= 2.0)
-      oauth2 (~> 1.1)
-      omniauth (~> 1.1)
-      omniauth-oauth2 (>= 1.6)
-    omniauth-oauth2 (1.7.3)
+      oauth2 (~> 2.0)
+      omniauth (~> 2.0)
+      omniauth-oauth2 (~> 1.8)
+    omniauth-oauth2 (1.8.0)
       oauth2 (>= 1.4, < 3)
-      omniauth (>= 1.9, < 3)
-    omniauth-rails_csrf_protection (0.1.2)
+      omniauth (~> 2.0)
+    omniauth-rails_csrf_protection (1.0.1)
       actionpack (>= 4.2)
-      omniauth (>= 1.3.1)
-    omniauth-vkontakte (1.5.0)
-      omniauth-oauth2 (~> 1.5)
+      omniauth (~> 2.0)
+    omniauth-vkontakte (1.8.1)
+      omniauth-oauth2 (>= 1.5, <= 1.8.0)
     orm_adapter (0.5.0)
     os (1.0.1)
     parallel (1.19.1)
@@ -331,6 +332,9 @@ GEM
       rack (~> 2.0)
     rack-mini-profiler (1.1.4)
       rack (>= 1.2.0)
+    rack-protection (3.2.0)
+      base64 (>= 0.1.0)
+      rack (~> 2.2, >= 2.2.4)
     rack-test (2.1.0)
       rack (>= 1.3)
     rack-timeout (0.6.0)
@@ -387,10 +391,11 @@ GEM
       declarative (< 0.1.0)
       declarative-option (< 0.2.0)
       uber (< 0.2.0)
-    responders (3.0.0)
-      actionpack (>= 5.0)
-      railties (>= 5.0)
+    responders (3.1.1)
+      actionpack (>= 5.2)
+      railties (>= 5.2)
     retriable (3.1.2)
+    rexml (3.2.6)
     rspec-core (3.13.0)
       rspec-support (~> 3.13.0)
     rspec-expectations (3.13.0)
@@ -408,13 +413,13 @@ GEM
       rspec-mocks (~> 3.10)
       rspec-support (~> 3.10)
     rspec-support (3.13.1)
-    rubocop (0.77.0)
-      jaro_winkler (~> 1.5.1)
+    rubocop (0.83.0)
       parallel (~> 1.10)
-      parser (>= 2.6)
+      parser (>= 2.7.0.1)
       rainbow (>= 2.2.2, < 4.0)
+      rexml
       ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 1.4.0, < 1.7)
+      unicode-display_width (>= 1.4.0, < 2.0)
     rubocop-performance (1.5.2)
       rubocop (>= 0.71.0)
     ruby-progressbar (1.10.1)
@@ -460,6 +465,9 @@ GEM
       actionpack (>= 3.1)
       railties (>= 3.1)
       slim (>= 3.0, < 6.0, != 5.0.0)
+    snaky_hash (2.0.1)
+      hashie
+      version_gem (~> 1.1, >= 1.1.1)
     sprockets (4.2.1)
       concurrent-ruby (~> 1.0)
       rack (>= 2.2.4, < 4)
@@ -469,9 +477,9 @@ GEM
       sprockets (>= 3.0.0)
     ssrf_filter (1.1.1)
     stackprof (0.2.13)
-    standard (0.1.7)
-      rubocop (~> 0.77.0)
-      rubocop-performance (~> 1.5.1)
+    standard (0.4.6)
+      rubocop (~> 0.83.0)
+      rubocop-performance (~> 1.5.2)
     temple (0.10.3)
     thor (0.20.3)
     thread_safe (0.3.6)
@@ -487,8 +495,9 @@ GEM
       execjs (>= 0.3.0, < 3)
     unicode-display_width (1.6.0)
     uniform_notifier (1.12.1)
-    warden (1.2.8)
-      rack (>= 2.0.6)
+    version_gem (1.1.4)
+    warden (1.2.9)
+      rack (>= 2.0.9)
     webmock (3.7.6)
       addressable (>= 2.3.6)
       crack (>= 0.3.2)
@@ -588,4 +597,4 @@ RUBY VERSION
    ruby 2.7.8p225
 
 BUNDLED WITH
-   2.4.10
+   2.4.22
diff --git a/app/assets/stylesheets/pages/_login.scss b/app/assets/stylesheets/pages/_login.scss
@@ -2,7 +2,7 @@
   position: fixed;
   top: 0;
   left: 0;
-  background: image_url('it61_bg');
+  background: image_url("it61_bg");
   background-position: center center;
   background-repeat: no-repeat;
   background-attachment: fixed;
@@ -34,19 +34,18 @@
   }
 
   .login-buttons {
-    margin: 54px 0 auto;
     display: flex;
     flex-direction: row;
     justify-content: center;
+    gap: 0.5rem;
 
-    @include clearfix;
+    @include media($mobile-xs) {
+      flex-direction: column;
 
-    a {
-      @include span-columns(3);
-      @include media($mobile-xs) {
-        @include span-columns(6);
-        @include omega(2n);
-        margin-bottom: 2.5%;
+      form {
+        button {
+          width: 100%;
+        }
       }
     }
   }

diff --git a/app/helpers/user_helper.rb b/app/helpers/user_helper.rb
@@ -7,39 +7,31 @@ def my_profile?(user)
     user == current_user
   end
 
-  def social_account_linked(user, provider)
-    if linked user, provider
-      "button-linked"
-    else
-      "button-not-linked"
-    end
-  end
-
   def all_providers
     {
       facebook: {
         name: t("socials.facebook"),
         class: "fa fa-facebook",
         buttonclass: "btn btn-fb",
-        link: "/users/auth/facebook",
+        link: user_facebook_omniauth_authorize_path,
       },
       google_oauth2: {
         name: t("socials.google_plus"),
         class: "fa fa-google-plus",
         buttonclass: "btn btn-google",
-        link: "/users/auth/google_oauth2",
+        link: user_google_oauth2_omniauth_authorize_path,
       },
       vkontakte: {
         name: t("socials.vk"),
         class: "fa fa-vk",
         buttonclass: "btn btn-vk",
-        link: "/users/auth/vkontakte",
+        link: user_vkontakte_omniauth_authorize_path,
       },
       github: {
         name: t("socials.github"),
         class: "fa fa-github",
         buttonclass: "btn btn-github",
-        link: "/users/auth/github",
+        link: user_github_omniauth_authorize_path,
       },
     }
   end
@@ -56,36 +48,11 @@ def provider_buttons_info(user)
     res
   end
 
-  def linked_providers(user)
-    select_providers user do |linked, p|
-      linked.include? p.to_s
-    end
-  end
-
-  def not_linked_providers(user)
-    select_providers user do |linked, p|
-      !(linked.include? p.to_s)
-    end
-  end
-
   def default_avatar_url
     CGI.escape(image_url("user_default.svg"))
   end
 
   def photo(user)
     user.avatar.file.nil? ? image_url("user_default.png") : user.avatar_url(:square_250)
   end
-
-  private
-
-  def linked(user, provider)
-    user.social_accounts.exists?(provider: provider)
-  end
-
-  def select_providers(user)
-    linked = user.social_accounts.pluck :provider
-    all_providers.select do |p, _|
-      yield linked, p
-    end
-  end
 end
diff --git a/app/models/user.rb b/app/models/user.rb
@@ -126,18 +126,22 @@ def update_with_fresh(params)
     assign_attributes(params)
     if fresh_fields_present?
       self.fresh = false
-
-      if save
-        yield self
-        true
-      else
-        false
-      end
+      save
     else
       false
     end
   end
 
+  def linked_social_accounts
+    social_accounts.filter do |social_account|
+      Devise.omniauth_providers.include?(social_account.provider.to_sym)
+    end
+  end
+
+  def unlinked_social_providers
+    Devise.omniauth_providers.map(&:to_s) - linked_social_accounts.map(&:provider)
+  end
+
   private
 
   def assign_defaults

diff --git a/app/views/users/form/_social_accounts_section.html.slim b/app/views/users/form/_social_accounts_section.html.slim
@@ -1,14 +1,22 @@
 h3 = t(".social_accounts")
+
 .outer
   .social-container.full
     .social-label = t(".connected")
-    - linked_providers(user).each do |_provider, info|
+    - user.linked_social_accounts.each do |social_account|
+      - info = all_providers[social_account.provider.to_sym]
       = link_to "#", class: info[:buttonclass] do
         i class=(info[:class])
         span = info[:name]
+
   .social-container.full
-    .social-label = t("add")
-    - not_linked_providers(user).each do |_, info|
-      = link_to info[:link], class: info[:buttonclass].to_s, target: "_blank" do
-        i class="#{info[:class]}"
-        span = info[:name]
+    .social-label
+      = t("add")
+
+    - user.unlinked_social_providers.each do |provider|
+      - info = all_providers[provider.to_sym]
+
+      = form_with url: info[:link], method: :post do |f|
+        = f.button nil, type: :submit, class: info[:buttonclass], target: "_blank" do
+          i class="#{info[:class]}"
+          span = info[:name]
diff --git a/app/views/users/profile/sign_in.html.slim b/app/views/users/profile/sign_in.html.slim
@@ -2,10 +2,16 @@
 .card.login-card
   h2 = t(".sign_in")
   p = t(".using_preferred_way")
+
   .login-buttons
-    = link_to user_google_oauth2_omniauth_authorize_path, class: "btn btn-small btn-gray", method: :post do
-      i.fa.fa-google
-    = link_to user_vkontakte_omniauth_authorize_path, class: "btn btn-small btn-gray", method: :post do
-      i.fa.fa-vk
-    = link_to user_github_omniauth_authorize_path, class: "btn btn-small btn-gray", method: :post do
-      i.fa.fa-github
+    = form_with url: user_google_oauth2_omniauth_authorize_path, method: :post do |f|
+      = f.button nil, type: :submit, class: "btn btn-small btn-gray" do
+        i.fa.fa-google
+
+    = form_with url: user_vkontakte_omniauth_authorize_path, method: :post do |f|
+      = f.button nil, type: :submit, class: "btn btn-small btn-gray" do
+        i.fa.fa-vk
+
+    = form_with url: user_github_omniauth_authorize_path, method: :post do |f|
+      = f.button nil, type: :submit, class: "btn btn-small btn-gray" do
+        i.fa.fa-github
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
@@ -3,7 +3,7 @@
     expect(build(:user)).to be_valid
   end
 
-  let! (:user) { create(:user) }
+  let!(:user) { create(:user) }
   subject { user }
 
   describe "ActiveModel validations" do
@@ -115,4 +115,29 @@
       it { should_not have_abilities(:publish, event) }
     end
   end
+
+  describe ".linked_social_accounts" do
+    subject(:linked_social_accounts) { user.linked_social_accounts }
+
+    it { is_expected.to eq([]) }
+
+    context 'with the connected GitHub social account' do
+      let!(:github_account) { create(:social_account, :github, user: user) }
+
+      it { is_expected.to eq([github_account]) }
+    end
+  end
+
+  describe ".unlinked_social_providers" do
+    subject(:unlinked_social_providers) { user.unlinked_social_providers }
+
+    it { is_expected.to eq(["github", "vkontakte", "google_oauth2"]) }
+
+    context 'with the connected GitHub social account' do
+      let!(:github_account) { create(:social_account, user: user) }
+
+      it { is_expected.to eq(["github", "google_oauth2"]) }
+    end
+  end
+
 end