Handle OmniAuth::Error (invalid_credentials) for Identity Login

andrewhl picture andrewhl · Jul 12, 2012 · Viewed 9.3k times · Source

I'm using OmniAuth Identity for normal logins. Rails 3.2.3 and Ruby 1.9.3p194.

Currently, when an existing user attempts to login with invalid credentials, I get the following error:

Started POST "/auth/identity/callback" for 127.0.0.1 at 2012-07-12 17:00:03 -0400
(identity) Callback phase initiated.
  Identity Load (0.1ms)  SELECT "identities".* FROM "identities" WHERE "identities"."email" = 'test' LIMIT 1
(identity) Authentication failure! invalid_credentials encountered.

OmniAuth::Error (invalid_credentials):
  omniauth (1.1.0) lib/omniauth/failure_endpoint.rb:25:in `raise_out!'
  omniauth (1.1.0) lib/omniauth/failure_endpoint.rb:20:in `call'
  omniauth (1.1.0) lib/omniauth/failure_endpoint.rb:12:in `call'
  omniauth (1.1.0) lib/omniauth/strategy.rb:457:in `fail!'
  omniauth-identity (1.0.0) lib/omniauth/strategies/identity.rb:24:in `callback_phase'
  omniauth (1.1.0) lib/omniauth/strategy.rb:219:in `callback_call'
  omniauth (1.1.0) lib/omniauth/strategy.rb:175:in `call!'
  omniauth (1.1.0) lib/omniauth/strategy.rb:157:in `call'
  omniauth (1.1.0) lib/omniauth/strategy.rb:177:in `call!'
  omniauth (1.1.0) lib/omniauth/strategy.rb:157:in `call'
  omniauth (1.1.0) lib/omniauth/builder.rb:48:in `call'
  sass (3.1.19) lib/sass/plugin/rack.rb:54:in `call'
  warden (1.2.1) lib/warden/manager.rb:35:in `block in call'
  warden (1.2.1) lib/warden/manager.rb:34:in `catch'
  warden (1.2.1) lib/warden/manager.rb:34:in `call'
  actionpack (3.2.3) lib/action_dispatch/middleware/best_standards_support.rb:17:in `call'
  rack (1.4.1) lib/rack/etag.rb:23:in `call'
  rack (1.4.1) lib/rack/conditionalget.rb:35:in `call'
  actionpack (3.2.3) lib/action_dispatch/middleware/head.rb:14:in `call'
  actionpack (3.2.3) lib/action_dispatch/middleware/params_parser.rb:21:in `call'
  actionpack (3.2.3) lib/action_dispatch/middleware/flash.rb:242:in `call'
  rack (1.4.1) lib/rack/session/abstract/id.rb:205:in `context'
  rack (1.4.1) lib/rack/session/abstract/id.rb:200:in `call'
  actionpack (3.2.3) lib/action_dispatch/middleware/cookies.rb:338:in `call'
  activerecord (3.2.3) lib/active_record/query_cache.rb:64:in `call'
  activerecord (3.2.3) lib/active_record/connection_adapters/abstract/connection_pool.rb:467:in `call'
  actionpack (3.2.3) lib/action_dispatch/middleware/callbacks.rb:28:in `block in call'
  activesupport (3.2.3) lib/active_support/callbacks.rb:405:in `_run__2431360578939212022__call__3674666166259335855__callbacks'
  activesupport (3.2.3) lib/active_support/callbacks.rb:405:in `__run_callback'
  activesupport (3.2.3) lib/active_support/callbacks.rb:385:in `_run_call_callbacks'
  activesupport (3.2.3) lib/active_support/callbacks.rb:81:in `run_callbacks'
  actionpack (3.2.3) lib/action_dispatch/middleware/callbacks.rb:27:in `call'
  actionpack (3.2.3) lib/action_dispatch/middleware/reloader.rb:65:in `call'
  actionpack (3.2.3) lib/action_dispatch/middleware/remote_ip.rb:31:in `call'
  actionpack (3.2.3) lib/action_dispatch/middleware/debug_exceptions.rb:16:in `call'
  actionpack (3.2.3) lib/action_dispatch/middleware/show_exceptions.rb:56:in `call'
  railties (3.2.3) lib/rails/rack/logger.rb:26:in `call_app'
  railties (3.2.3) lib/rails/rack/logger.rb:16:in `call'
  quiet_assets (1.0.1) lib/quiet_assets.rb:20:in `call_with_quiet_assets'
  actionpack (3.2.3) lib/action_dispatch/middleware/request_id.rb:22:in `call'
  rack (1.4.1) lib/rack/methodoverride.rb:21:in `call'
  rack (1.4.1) lib/rack/runtime.rb:17:in `call'
  activesupport (3.2.3) lib/active_support/cache/strategy/local_cache.rb:72:in `call'
  rack (1.4.1) lib/rack/lock.rb:15:in `call'
  actionpack (3.2.3) lib/action_dispatch/middleware/static.rb:62:in `call'
  railties (3.2.3) lib/rails/engine.rb:479:in `call'
  railties (3.2.3) lib/rails/application.rb:220:in `call'
  rack (1.4.1) lib/rack/content_length.rb:14:in `call'
  railties (3.2.3) lib/rails/rack/debugger.rb:20:in `call'
  railties (3.2.3) lib/rails/rack/log_tailer.rb:14:in `call'
  rack (1.4.1) lib/rack/handler/webrick.rb:59:in `service'
  /Users/andrew/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/webrick/httpserver.rb:138:in `service'
  /Users/andrew/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/webrick/httpserver.rb:94:in `run'
  /Users/andrew/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/webrick/server.rb:191:in `block in start_thread'

I'd like to be able to add some sort of error handler or rescue to this form, but I'm not sure how to. Here is the form:

sessions/new.html.haml

%p
  %strong Don’t use these services?
  = link_to "Create an account", new_identity_path
  or login below

= form_tag "/auth/identity/callback" do
  .field
    = label_tag :auth_key, "Email"
    %br
      = text_field_tag :auth_key
  .field
    = label_tag :password
    %br
      = password_field_tag :password

My session controller:

sessions_controller.rb

class SessionsController < ApplicationController

  def create
    debugger
    user = User.from_omniauth(env["omniauth.auth"])
    puts "ENVIRONMENT VARIABLE: #{env["omniauth.auth"].inspect}"
    puts "This is the user id: #{user.id}"

    session[:user_id] = user.id
    redirect_to root_url, notice: "Signed in!"

  end

  def destroy
    session[:user_id] = nil
    redirect_to root_url, notice: "Signed out!"
  end

  def failure
    redirect_to signup_path, alert: "Authentication failed, please try again."
  end

end
  .actions= submit_tag "Login"

My user model:

user.rb

class User < ActiveRecord::Base
  attr_accessible :email, :name, :provider, :uid

  validates_presence_of :email
  validates_uniqueness_of :email
  validates_format_of :email, :with => /^[-a-z0-9_+\.]+\@([-a-z0-9]+\.)+[a-z0-9]{2,4}$/i

  def self.from_omniauth(auth)
    where(auth.slice("provider", "uid")).first || create_from_omniauth(auth)
  end

  def self.create_from_omniauth(auth)

    puts "Auth object: #{auth.inspect}"
    create! do |user|
      user.provider = auth["provider"]
      user.uid = auth["uid"]
      user.name = auth["info"]["name"]
      user.email = auth["info"]["email"]
      user.admin = false
    end


  end

end

My OmniAuth config file:

omniauth.rb

OmniAuth.config.logger = Rails.logger

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :github, ENV['6c268d450fb1149afc3d'], ENV['1dba63b45a0c8b7e62dea9fc5c9a8f69bf6142b1']
  provider :identity, on_failed_registration: lambda { |env|
    IdentitiesController.action(:new).call(env)
  }
end

I tried adding something like this to end of my sessions#create action:

rescue OmniAuth::Error
  flash[:error] = "invalid credentials"
  redirect_to signup_path

But I still just got the original error message on invalid login. What can I do to handle invalid OmniAuth Identity logins?

Update:

The solution was to add the following code the omniauth.rb:

OmniAuth.config.on_failure = Proc.new { |env|
  OmniAuth::FailureEndpoint.new(env).redirect_to_failure
}

And a failure method to sessions_controller.rb:

def failure
  redirect_to login_path, alert: "Authentication failed, please try again."
end

(And an obligatory server restart)

Answer

jdl picture jdl · Jul 13, 2012

This appears to be an intentional development mode result. Scroll to "OmniAuth::FailureEndpoint does not redirect in development mode" in the FAQ.