@pablobm commented on this pull request.


> +      if params.expect(:provider) == "facebook"
+        encoded_signature, payload = params.expect(:signed_request).split(".", 
2)
+        signature = Base64.urlsafe_decode64(encoded_signature)
+        if signature == OpenSSL::HMAC.digest("SHA256", 
Settings.facebook_auth_secret, payload)
+          data = JSON.parse(Base64.urlsafe_decode64(payload))
+          user = User.find_by(:auth_provider => "facebook", :auth_uid => 
data["user_id"])
+
+          if user
+            user.auth_provider = nil
+            user.auth_uid = nil
+            user.save!
+
+            @confirmation_code = Rails
+                                 .application
+                                 .message_verifier(:social_login_deletion)
+                                 .generate([data["user_id"], Time.now.to_i])
+
+            render :formats => [:json]
+          else
+            head :not_found
+          end
+        else
+          head :bad_request
+        end
+      else
+        head :not_found
+      end

Alternatively could be done with exceptions:


```suggestion
      raise ActionController::RoutingError, "Unknown provider" unless 
params.expect(:provider) == "facebook"

      encoded_signature, payload = params.expect(:signed_request).split(".", 2)
      signature = Base64.urlsafe_decode64(encoded_signature)
      raise ActionController::BadRequest unless signature == 
OpenSSL::HMAC.digest("SHA256", Settings.facebook_auth_secret, payload)

      data = JSON.parse(Base64.urlsafe_decode64(payload))
      user = User.find_by(:auth_provider => "facebook", :auth_uid => 
data["user_id"])

      raise ActionController::RoutingError, "No matching user" unless user

      user.auth_provider = nil
      user.auth_uid = nil
      user.save!

      @confirmation_code = Rails
                           .application
                           .message_verifier(:social_login_deletion)
                           .generate([data["user_id"], Time.now.to_i])

      render :formats => [:json]
```

Which bring another reason to test the "no facebook" case: turns out that 
`ActionController::RoutingError` requires a message, and I only noticed because 
the second instance was being tested (but not the first one).

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/7093#discussion_r3282928476
You are receiving this because you are subscribed to this thread.

Message ID: 
<openstreetmap/openstreetmap-website/pull/7093/review/[email protected]>
_______________________________________________
rails-dev mailing list
[email protected]
https://lists.openstreetmap.org/listinfo/rails-dev

Reply via email to