-
Notifications
You must be signed in to change notification settings - Fork 26
Devise and Database.com
Add [cs_api][accounts] field to config.yml file.(See config.example.yml file)
Run migration with rake db:migrate
Run Rails server and connect.
Account model is introduced to wrap all API requests concened with accounts. I referenced cs-api source directly while working.
Examples are
account = Accoune.new(user) # or
account = user.account
account.authenticate(password)
account.create
account.reset_password
Account.find(username)
You can see tests from account_spec.rb file. VCR is awesome!!!
Added access_token sfdc_username profile_pic accountid attributes to users table.
This job was not easy. The big principal is 'API call first, and then devise'.
User signing-up occurs with 2 ways, from email authentication and from third-party. For Email authentication added @user.create_account to Users::RegistrationsController, and for third-party authenticaiton added user.create_account to AuthenticationsController.
Users::SessionsController is responsible for login. Added authenticate_account filter before create action. If API call success, it updates access_token.
User account can be searched by Account.find method.
I rewrote Users::PasswordsController since we did not need to send email notification with devise. With reset API call, reset_password_token(or passcode) is generated and notification email is sent to user by Salesforce.(right?) I assumed that reset password url in notification email sent by Salesforce has rest_password_token and username parameters. So url is something like http://HOSTNAME/resource/password/edit?reset_password_token=abcdef&username=testuser' If this usl is clicked, it shows edit form including rest_password_token and username as hdden field, and they are used to update API.
-
ApiModel.requestmethod is added to handle requests that need authentication. - And some refactorings are added.
This is a minimal omniauth devise integration and there are a few issues I can see. For example:
Twitter and Github does not provide the email address in the OAuth response. For now I just created my own pseudo-email address consisting of the uid@provider.com -- this isn't ideal if we're to rely on the email to contact the user. We might need to either require a second screen to enforce filling in of email, or add the ability to edit the profile in the future.
Users that have accounts in two or more oauth providers are currently created as separate users. Later on there should be a way to merge user accounts.
The email column is created as unique, so in the case of Facebook and OpenID, if one signs up with Facebook, one cannot sign up with google openid anymore. Later on there should be code where it's possible to reauthenticate with either of these providers and link the accounts together. Perhaps by creating a separate authentications table we can mitigate this, but then the problem with twtter and github not providing email crops up. I'd prefer we solve first the twitter/github email requirement, then we can separate the authentication from the user account (with the assumption that the same email address means the same user account).