FIX #36 登録できるメールアドレスのドメインを限定

Author: nasum

app/controllers/sessions_controller.rb

@@ -2,12 +2,17 @@ class SessionsController < ApplicationController
   def callback
     auth = request.env['omniauth.auth']
 
-    user = User.find_by(google_uid: auth[:uid])
-    unless user
-      user = User.create(google_uid: auth[:uid], name: auth[:info][:name], email: auth[:info][:email], image_url: auth[:info][:image])
+    if auth.info['email'].split('@')[1] == ENV['RESTRICT_DOMAIN']
+      user = User.find_by(google_uid: auth[:uid])
+      user = User.form_omniauth(auth) unless user
+      session[:user_id] = user.id
+      redirect_to root_path
+    else
+      flash[:error] = "
+        ドメインが#{ENV['RESTRICT_DOMAIN']}ではありません。正しいドメインでサインイン・ログインしてください
+      "
+      redirect_to root_path
     end
-    session[:user_id] = user.id
-    redirect_to root_path
   end
 
   def destroy

app/models/user.rb

@@ -13,4 +13,13 @@
 
 class User < ActiveRecord::Base
   has_many :poem, dependent: :destroy
+
+  def self.form_omniauth(auth)
+    User.create(
+      google_uid: auth[:uid],
+      name: auth[:info][:name],
+      email: auth[:info][:email],
+      image_url: auth[:info][:image]
+    )
+  end
 end

config/initializers/omniauth.rb

@@ -1,5 +1,6 @@
 Rails.application.config.middleware.use OmniAuth::Builder do
-  provider :google_oauth2, ENV["GOOGLE_CLIENT_ID"], ENV["GOOGLE_CLIENT_SECRET"]
+  options = { hd: ENV["RESTRICT_DOMAIN"] }
+  provider :google_oauth2, ENV["GOOGLE_CLIENT_ID"], ENV["GOOGLE_CLIENT_SECRET"], options
 end
 OmniAuth.config.on_failure = Proc.new { |env|
   OmniAuth::FailureEndpoint.new(env).redirect_to_failure