Implement "remember me" for OAuth-based login.

- Pass a `remember_me` query parameter along with the initial OAuth request, and pick this parameter up during the omniauth callback from request.env['omniauth.params']`. - For 2FA-based login, copy the `remember_me` param from `omniauth.params` to `params`, which the 2FA process will pick up. - For non-2FA-based login, simply call the `remember_me` devise method to set the session cookie.

Implement "remember me" for OAuth-based login.
- Pass a `remember_me` query parameter along with the initial OAuth request, and pick this parameter up during the omniauth callback from request.env['omniauth.params']`. - For 2FA-based login, copy the `remember_me` param from `omniauth.params` to `params`, which the 2FA process will pick up. - For non-2FA-based login, simply call the `remember_me` devise method to set the session cookie.
633793cf · Timothy Andrew · c8eef2d2 · 633793cf · 633793cf
Commit 633793cf authored Jun 07, 2017 by Timothy Andrew
Showing with 26 additions and 1 deletion

app/controllers/omniauth_callbacks_controller.rb app/controllers/omniauth_callbacks_controller.rb +8 -0

app/views/devise/shared/_omniauth_box.html.haml app/views/devise/shared/_omniauth_box.html.haml +18 -1

No files found.
--- a/app/controllers/omniauth_callbacks_controller.rb
+++ b/app/controllers/omniauth_callbacks_controller.rb
 class OmniauthCallbacksController < Devise::OmniauthCallbacksController
  include AuthenticatesWithTwoFactor
+  include Devise::Controllers::Rememberable

  protect_from_forgery except: [:kerberos, :saml, :cas3]

@@ -115,8 +116,10 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
    if @user.persisted? && @user.valid?
      log_audit_event(@user, with: oauth['provider'])
      if @user.two_factor_enabled?
+        params[:remember_me] = '1' if remember_me?
        prompt_for_two_factor(@user)
      else
+        remember_me(@user) if remember_me?
        sign_in_and_redirect(@user)
      end
    else
@@ -147,4 +150,9 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
    AuditEventService.new(user, user, options)
      .for_authentication.security_event
  end
+
+  def remember_me?
+    request_params = request.env['omniauth.params']
+    request_params['remember_me'] == '1'
+  end
 end
--- a/app/views/devise/shared/_omniauth_box.html.haml
+++ b/app/views/devise/shared/_omniauth_box.html.haml
@@ -6,4 +6,21 @@
    - providers.each do |provider|
      %span.light
        - has_icon = provider_has_icon?(provider)
-        = link_to provider_image_tag(provider), omniauth_authorize_path(:user, provider), method: :post, class: (has_icon ? 'oauth-image-link' : 'btn')
+        = link_to provider_image_tag(provider), omniauth_authorize_path(:user, provider), method: :post, class: 'oauth-login' + (has_icon ? ' oauth-image-link' : ' btn')
+    %fieldset
+      = check_box_tag :remember_me
+      = label_tag :remember_me, "Remember Me"
+
+:javascript
+  $("#remember_me").click(function(event){
+    var rememberMe = $(event.target).is(":checked");
+    $(".oauth-login").each(function(i, element) {
+      var href = $(element).attr('href');
+
+      if (rememberMe) {
+        $(element).attr('href', href + '?remember_me=1');
+      } else {
+        $(element).attr('href', href.replace('?remember_me=1', ''));
+      }
+    });
+  });