@pablobm commented on this pull request.


> +      if params.expect(:provider) == "facebook"
+        encoded_signature, payload = params.expect(:signed_request).split(".", 
2)
+        signature = Base64.urlsafe_decode64(encoded_signature)
+        if signature == OpenSSL::HMAC.digest("SHA256", 
Settings.facebook_auth_secret, payload)
+          data = JSON.parse(Base64.urlsafe_decode64(payload))
+          user = User.find_by(:auth_provider => "facebook", :auth_uid => 
data["user_id"])
+
+          if user
+            user.auth_provider = nil
+            user.auth_uid = nil
+            user.save!
+
+            @confirmation_code = Rails
+                                 .application
+                                 .message_verifier(:social_login_deletion)
+                                 .generate([data["user_id"], Time.now.to_i])
+
+            render :formats => [:json]
+          else
+            head :not_found
+          end
+        else
+          head :bad_request
+        end
+      else
+        head :not_found
+      end

I like this 👍 I should have thought of using `find_by!`.

Yeah, those exceptions sit in a weird place where they are not well documented, 
but I think the community tends to know about them. (My perception; might be 
wrong). Having said that... looks like this is a bit better documented now, I 
just found this in the Rails guides: 
https://guides.rubyonrails.org/configuring.html#config-action-dispatch-rescue-responses

So I think this is ok, but if you think it'd be clearer to be more explicit 
with a custom exception (either adding it to the list or having a custom 
`rescue_from`), then that works for me too.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/7093#discussion_r3335440430
You are receiving this because you are subscribed to this thread.

Message ID: 
<openstreetmap/openstreetmap-website/pull/7093/review/[email protected]>
_______________________________________________
rails-dev mailing list
[email protected]
https://lists.openstreetmap.org/listinfo/rails-dev

Reply via email to