@tomhughes commented on this pull request.
> + if params.expect(:provider) == "facebook"
+ encoded_signature, payload = params.expect(:signed_request).split(".",
2)
+ signature = Base64.urlsafe_decode64(encoded_signature)
+ if signature == OpenSSL::HMAC.digest("SHA256",
Settings.facebook_auth_secret, payload)
+ data = JSON.parse(Base64.urlsafe_decode64(payload))
+ user = User.find_by(:auth_provider => "facebook", :auth_uid =>
data["user_id"])
+
+ if user
+ user.auth_provider = nil
+ user.auth_uid = nil
+ user.save!
+
+ @confirmation_code = Rails
+ .application
+ .message_verifier(:social_login_deletion)
+ .generate([data["user_id"], Time.now.to_i])
+
+ render :formats => [:json]
+ else
+ head :not_found
+ end
+ else
+ head :bad_request
+ end
+ else
+ head :not_found
+ end
I've reworked it to be more exception based though
`ActionController::BadRequest` is the only one I'm raising explicitly, and I'm
a bit nervous about that to be honest as I'm not sure those exceptions are
intended for external use as they're not documented at all.
Possibly we should define our own exception instead?
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/7093#discussion_r3312861286
You are receiving this because you are subscribed to this thread.
Message ID:
<openstreetmap/openstreetmap-website/pull/7093/review/[email protected]>_______________________________________________
rails-dev mailing list
[email protected]
https://lists.openstreetmap.org/listinfo/rails-dev