WIP: test devise github oauth integration

Gemfile.lock

@@ -26,6 +26,9 @@ PATH
       jsonapi-resources (>= 0.10.0)
       mobility (>= 1.0.1, < 2.0)
       mobility-actiontext (~> 1.1)
+      omniauth
+      omniauth-github (~> 2.0.0)
+      omniauth-rails_csrf_protection
       pundit (>= 2.1, < 2.4)
       pundit-resources
       rack-cors (>= 1.1.1, < 2.1.0)
@@ -236,6 +239,10 @@ GEM
       railties (>= 5.0.0)
     faker (3.4.1)
       i18n (>= 1.8.11, < 2)
+    faraday (2.9.1)
+      faraday-net_http (>= 2.0, < 3.2)
+    faraday-net_http (3.1.0)
+      net-http
     ffi (1.17.0-x86_64-linux-gnu)
     fog-aws (3.22.0)
       fog-core (~> 2.1)
@@ -268,6 +275,7 @@ GEM
     google-protobuf (4.27.1-x86_64-linux)
       bigdecimal
       rake (>= 13)
+    hashie (5.0.0)
     http-accept (1.7.0)
     http-cookie (1.0.5)
       domain_name (~> 0.5)
@@ -323,7 +331,11 @@ GEM
       mobility (~> 1.2)
     msgpack (1.7.2)
     multi_json (1.15.0)
+    multi_xml (0.7.1)
+      bigdecimal (~> 3.1)
     mutex_m (0.2.0)
+    net-http (0.4.1)
+      uri
     net-imap (0.4.12)
       date
       net-protocol
@@ -337,6 +349,26 @@ GEM
     nio4r (2.7.3)
     nokogiri (1.16.5-x86_64-linux)
       racc (~> 1.4)
+    oauth2 (2.0.9)
+      faraday (>= 0.17.3, < 3.0)
+      jwt (>= 1.0, < 3.0)
+      multi_xml (~> 0.5)
+      rack (>= 1.2, < 4)
+      snaky_hash (~> 2.0)
+      version_gem (~> 1.1)
+    omniauth (2.1.2)
+      hashie (>= 3.4.6)
+      rack (>= 2.2.3)
+      rack-protection
+    omniauth-github (2.0.1)
+      omniauth (~> 2.0)
+      omniauth-oauth2 (~> 1.8)
+    omniauth-oauth2 (1.8.0)
+      oauth2 (>= 1.4, < 3)
+      omniauth (~> 2.0)
+    omniauth-rails_csrf_protection (1.0.2)
+      actionpack (>= 4.2)
+      omniauth (~> 2.0)
     optimist (3.1.0)
     orm_adapter (0.5.0)
     parallel (1.24.0)
@@ -543,6 +575,9 @@ GEM
       simplecov_json_formatter (~> 0.1)
     simplecov-html (0.12.3)
     simplecov_json_formatter (0.1.4)
+    snaky_hash (2.0.1)
+      hashie
+      version_gem (~> 1.1, >= 1.1.1)
     spring (4.2.1)
     spring-watcher-listen (2.1.0)
       listen (>= 2.7, < 4.0)
@@ -581,6 +616,8 @@ GEM
       unf_ext
     unf_ext (0.0.8.2)
     unicode-display_width (2.5.0)
+    uri (0.13.0)
+    version_gem (1.1.4)
     warden (1.2.9)
       rack (>= 2.0.9)
     warden-jwt_auth (0.8.0)

app/concerns/better_together/devise_user.rb

@@ -12,6 +12,26 @@ module DeviseUser
 
       validates :email, presence: true, uniqueness: { case_sensitive: false }
 
+      def self.from_omniauth(auth)
+        find_or_create_by(provider: auth.provider, uid: auth.uid) do |user|
+          user.email = auth.info.email
+          user.password = Devise.friendly_token[0, 20]
+          # user.name = auth.info.name   # assuming the user model has a name
+          # user.image = auth.info.image # assuming the user model has an image
+          # If you are using confirmable and the provider(s) you use validate emails, 
+          # uncomment the line below to skip the confirmation emails.
+          # user.skip_confirmation!
+        end
+      end
+
+      def self.new_with_session(params, session)
+        super.tap do |user|
+          if data = session["devise.github_data"] && session["devise.github_data"]["extra"]["raw_info"]
+            user.email = data["email"] if user.email.blank?
+          end
+        end
+      end
+
       # TODO: address the confirmation and password reset email modifications for api users when the API is under
       # active development and full use.
       # override devise method to include additional info as opts hash
@@ -27,6 +47,10 @@ def send_confirmation_instructions(opts = {})
         send_devise_notification(:confirmation_instructions, @raw_confirmation_token, opts)
       end
 
+      def send_devise_notification(notification, *args)
+        devise_mailer.send(notification, self, *args).deliver_later
+      end
+
       # # override devise method to include additional info as opts hash
       def send_reset_password_instructions(opts = {})
         token = set_reset_password_token

app/controllers/better_together/omniauth_callbacks_controller.rb

@@ -0,0 +1,22 @@
+
+class BetterTogether::OmniauthCallbacksController < Devise::OmniauthCallbacksController
+  # See https://github.com/omniauth/omniauth/wiki/FAQ#rails-session-is-clobbered-after-callback-on-developer-strategy
+  skip_before_action :verify_authenticity_token, only: :github
+
+  def github
+    # You need to implement the method below in your model (e.g. app/models/user.rb)
+    @user = BetterTogether.user_class.constantize.from_omniauth(request.env["omniauth.auth"])
+
+    if @user.persisted?
+      sign_in_and_redirect @user, event: :authentication # this will throw if @user is not activated
+      set_flash_message(:notice, :success, kind: "GitHub") if is_navigational_format?
+    else
+      session["devise.github_data"] = request.env["omniauth.auth"].except(:extra) # Removing extra as it can overflow some session stores
+      redirect_to new_user_registration_url
+    end
+  end
+
+  def failure
+    redirect_to helpers.base_url
+  end
+end

app/models/better_together/user.rb

@@ -6,9 +6,11 @@ class User < ApplicationRecord
     include ::BetterTogether::DeviseUser
     # Include default devise modules. Others available are:
     # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
-    devise :database_authenticatable,
+    devise :database_authenticatable, :omniauthable,
            :recoverable, :rememberable, :validatable, :confirmable,
-           :jwt_authenticatable, jwt_revocation_strategy: JwtDenylist
+           :jwt_authenticatable,
+           jwt_revocation_strategy: JwtDenylist,
+           omniauth_providers: %i[github]
 
     has_one :person_identification,
             lambda {

app/views/devise/sessions/new.html.erb

@@ -29,6 +29,7 @@
         <div class="text-center">
           <%= f.submit "Log in", class: 'btn btn-primary' %>
         </div>
+        <%= link_to "Sign in with GitHub", user_github_omniauth_authorize_path, data: { turbo: false } %>
       <% end %>
 
       <!-- Additional Links -->

better_together.gemspec

@@ -42,6 +42,9 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'jsonapi-resources', '>= 0.10.0'
   spec.add_dependency 'mobility', '>= 1.0.1', '< 2.0'
   spec.add_dependency 'mobility-actiontext', '~> 1.1'
+  spec.add_dependency 'omniauth'
+  spec.add_dependency 'omniauth-github', '~> 2.0.0'
+  spec.add_dependency 'omniauth-rails_csrf_protection'
   spec.add_dependency 'pundit', '>= 2.1', '< 2.4'
   spec.add_dependency 'pundit-resources'
   spec.add_dependency 'rack-cors', '>= 1.1.1', '< 2.1.0'

config/initializers/devise.rb

@@ -273,7 +273,7 @@
   # ==> OmniAuth
   # Add a new OmniAuth provider. Check the wiki for more information on setting
   # up on your models and hooks.
-  # config.omniauth :github, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo'
+  config.omniauth :github, ENV.fetch('GITHUB_CLIENT_ID', nil), ENV.fetch('GITHUB_CLIENT_SECRET', nil), scope: 'user,public_repo'
 
   # ==> Warden configuration
   # If you want to use other strategies, that are not supported by Devise, or

config/routes.rb

@@ -6,7 +6,7 @@
     devise_for :users,
                class_name: BetterTogether.user_class.to_s,
                module: 'devise',
-               skip: %i[unlocks omniauth_callbacks],
+               skip: %i[unlocks],
                path: 'users',
                path_names: {
                  sign_in: 'sign-in',

db/migrate/20240611222741_add_omniauth_to_better_together_users.rb

@@ -0,0 +1,6 @@
+class AddOmniauthToBetterTogetherUsers < ActiveRecord::Migration[7.1]
+  def change
+    add_column :better_together_users, :provider, :string
+    add_column :better_together_users, :uid, :string
+  end
+end

lib/better_together/engine.rb

@@ -11,6 +11,7 @@
 require 'devise/jwt'
 require 'font-awesome-sass'
 require 'importmap-rails'
+require 'omniauth-github'
 require 'reform/rails'
 require 'sprockets/railtie'
 require 'stimulus-rails'
@@ -22,7 +23,8 @@ class Engine < ::Rails::Engine
     engine_name 'better_together'
     isolate_namespace BetterTogether
 
-    config.autoload_paths += Dir["#{config.root}/lib/better_together/**/"]
+    config.autoload_paths = Dir["#{config.root}/lib/better_together/**/"] +
+      config.autoload_paths.to_a
 
     config.generators do |g|
       g.orm :active_record, primary_key_type: :uuid
@@ -63,7 +65,7 @@ class Engine < ::Rails::Engine
     # Add engine manifest to precompile assets in production
     initializer 'better_together.assets' do |app|
       # Ensure we are not modifying frozen arrays
-      app.config.assets.precompile += %w[better_together_manifest.js]
+      app.config.assets.precompile = %w[better_together_manifest.js] + app.config.assets.precompile.to_a
       app.config.assets.paths = [root.join('app', 'assets', 'images'),
                                  root.join('app', 'javascript')] + app.config.assets.paths.to_a
     end

spec/dummy/config/application.rb

@@ -23,8 +23,6 @@ class Application < Rails::Application
     # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
     # config.time_zone = 'Central Time (US & Canada)'
 
-    config.active_storage.replace_on_assign_to_many = true
-
     config.generators do |g|
       g.orm :active_record, primary_key_type: :uuid
       g.fixture_replacement :factory_bot, dir: 'spec/factories'

spec/dummy/config/initializers/assets.rb

@@ -7,8 +7,3 @@
 
 # Add additional assets to the asset load path.
 # Rails.application.config.assets.paths << Emoji.images_path
-
-# Precompile additional assets.
-# application.js, application.css, and all non-JS/CSS in the app/assets
-# folder are already added.
-# Rails.application.config.assets.precompile += %w( admin.js admin.css )