I am using ruby on rails default setup on c9 : version 4.
So I am using omniauth for microsoft emails to login. I have registered my domains at microsfot (and my workspace is open for public)
I have another platform registered for my heroku deployment too.
When I deploy my ruby program to Heroku, everything works as intended -> however if I run it on c9 and attempt to log in, I get a splash screen telling me a 502 error -> and in the terminal I am told, the record (user information) is successfully stored in database, yet when it goes to redirect, I get a 302 error.
The add more complexity, I have to only let a particular sub domain actually log in, and if they are not of that sub domain, they are rejected:
class SessionsController < ApplicationController #This method will login as the user and save the data I want in session def create auth = request.env["omniauth.auth"] domain = auth['info']['email'].split('@') if domain == "kcl.ac.uk" session[:omniauth] = auth.except('extra') user = User.sign_in_from_omniauth(auth) session[:user_id] = user.id redirect_to root_url else redirect_to root_url end end #This method will log the user out and delete any session data I have def destroy session[:user_id] = nil session[:omniauth] = nil redirect_to root_path end end
The redirections WORKS for people who are rejected.
Here is the sign in methods for completion:
class User < ActiveRecord::Base has_many :responses has_many :posts has_one :is_admin def self.sign_in_from_omniauth(auth) find_by(provider: auth['provider'], uid: auth['uid']) || create_user_from_omniauth(auth) end def self.create_user_from_omniauth(auth) create( provider: auth['provider'], uid: auth['uid'], name: auth['info']['first_name'], last_name: auth['info']['last_name'], alias: auth['info']['alias'], email: auth['info']['email'], display_name: auth['info']['display_name'] ) end end
May I stress that this actually works on live deployment (this case Heroku). I do successfully choose the correct secret key etc.
From what I can tell this is a problem with outside in redirections? But I’m honestly not too sure. The only other thing to mention is that this worked on c9 only a few days ago, and no one on my team, myself included, has altered the login code…