Rails.application.routes.draw do
match '/auth/:provider/callback', to: 'sessions#create', via: %i(get post)
match '/auth/sign_out', to: 'sessions#delete', via: %i(get)
root 'welcome#index'
end
Rails.application.config.middleware.use OmniAuth::Builder do
unless Rails.env.production?
provider :developer, fields: %i(name email), uid_field: :email
end
end
class SessionsController < ApplicationController
skip_before_action :verify_authenticity_token, only: :create
def create
self.current_user = auth_hash
redirect_to '/'
end
def delete
session[:user_id] = nil
redirect_to '/'
end
protected
def auth_hash
request.env['omniauth.auth']
end
end
class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception
def current_user=(user)
session[:user_id] = user.uid
end
def current_user
session[:user_id]
end
helper_method :current_user
end