「発展編 omniauth を使って GitHub 認証を実装する」の差分

.env.example

@@ -0,0 +1,2 @@
+GITHUB_ID=(your id)
+GITHUB_SECRET=(your secret)

Gemfile

@@ -53,6 +53,7 @@ gem 'image_processing', '~> 1.2'
 group :development, :test do
   # See https://guides.rubyonrails.org/debugging_rails_applications.html#debugging-with-the-debug-gem
   gem 'debug', platforms: %i[mri mingw x64_mingw]
+  gem 'dotenv-rails'
 end
 
 group :development do
@@ -86,4 +87,7 @@ gem 'carrierwave'
 gem 'devise'
 gem 'devise-i18n'
 gem 'kaminari'
+gem 'omniauth'
+gem 'omniauth-github'
+gem 'omniauth-rails_csrf_protection'
 gem 'rails_autolink'

Gemfile.lock

@@ -66,9 +66,10 @@ GEM
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
       tzinfo (~> 2.0)
-    addressable (2.8.5)
-      public_suffix (>= 2.0.2, < 6.0)
+    addressable (2.8.7)
+      public_suffix (>= 2.0.2, < 7.0)
     ast (2.4.2)
+    base64 (0.3.0)
     bcrypt (3.1.19)
     better_html (2.0.2)
       actionview (>= 6.0)
@@ -80,12 +81,12 @@ GEM
     bindex (0.8.1)
     bootsnap (1.16.0)
       msgpack (~> 1.2)
-    builder (3.2.4)
-    capybara (3.39.2)
+    builder (3.3.0)
+    capybara (3.40.0)
       addressable
       matrix
       mini_mime (>= 0.1.3)
-      nokogiri (~> 1.8)
+      nokogiri (~> 1.11)
       rack (>= 1.6.0)
       rack-test (>= 0.6.3)
       regexp_parser (>= 1.5, < 3.0)
@@ -97,7 +98,7 @@ GEM
       image_processing (~> 1.1)
       marcel (~> 1.0.0)
       ssrf_filter (~> 1.0)
-    concurrent-ruby (1.2.2)
+    concurrent-ruby (1.3.5)
     crass (1.0.6)
     date (3.3.3)
     debug (1.8.0)
@@ -111,20 +112,29 @@ GEM
       warden (~> 1.2.3)
     devise-i18n (1.11.0)
       devise (>= 4.9.0)
+    dotenv (2.8.1)
+    dotenv-rails (2.8.1)
+      dotenv (= 2.8.1)
+      railties (>= 3.2)
     erb_lint (0.4.0)
       activesupport
       better_html (>= 2.0.1)
       parser (>= 2.7.1.4)
       rainbow
       rubocop
       smart_properties
-    erubi (1.12.0)
+    erubi (1.13.1)
     faker (3.2.0)
       i18n (>= 1.8.11, < 2)
+    faraday (2.7.10)
+      faraday-net_http (>= 2.0, < 3.1)
+      ruby2_keywords (>= 0.0.4)
+    faraday-net_http (3.0.2)
     ffi (1.15.5)
-    globalid (1.1.0)
-      activesupport (>= 5.0)
-    i18n (1.14.1)
+    globalid (1.2.1)
+      activesupport (>= 6.1)
+    hashie (5.0.0)
+    i18n (1.14.7)
       concurrent-ruby (~> 1.0)
     i18n_generators (2.2.2)
       activerecord (>= 3.0.0)
@@ -142,6 +152,7 @@ GEM
       actionview (>= 5.0.0)
       activesupport (>= 5.0.0)
     json (2.6.3)
+    jwt (2.7.1)
     kaminari (1.2.2)
       activesupport (>= 4.1.0)
       kaminari-actionview (= 1.2.2)
@@ -163,7 +174,8 @@ GEM
       letter_opener (~> 1.7)
       railties (>= 5.2)
       rexml
-    loofah (2.21.3)
+    logger (1.7.0)
+    loofah (2.24.1)
       crass (~> 1.0.2)
       nokogiri (>= 1.12.0)
     mail (2.8.1)
@@ -173,12 +185,13 @@ GEM
       net-smtp
     marcel (1.0.2)
     matrix (0.4.2)
-    method_source (1.0.0)
+    method_source (1.1.0)
     mini_magick (4.12.0)
-    mini_mime (1.1.2)
-    mini_portile2 (2.8.4)
-    minitest (5.19.0)
+    mini_mime (1.1.5)
+    mini_portile2 (2.8.9)
+    minitest (5.25.5)
     msgpack (1.7.2)
+    multi_xml (0.6.0)
     net-imap (0.3.7)
       date
       net-protocol
@@ -189,20 +202,42 @@ GEM
     net-smtp (0.3.3)
       net-protocol
     nio4r (2.5.9)
-    nokogiri (1.15.3)
+    nokogiri (1.18.8)
       mini_portile2 (~> 2.8.2)
       racc (~> 1.4)
+    oauth2 (2.0.9)
+      faraday (>= 0.17.3, < 3.0)
+      jwt (>= 1.0, < 3.0)
+      multi_xml (~> 0.5)
+      rack (>= 1.2, < 4)
+      snaky_hash (~> 2.0)
+      version_gem (~> 1.1)
+    omniauth (2.1.1)
+      hashie (>= 3.4.6)
+      rack (>= 2.2.3)
+      rack-protection
+    omniauth-github (2.0.1)
+      omniauth (~> 2.0)
+      omniauth-oauth2 (~> 1.8)
+    omniauth-oauth2 (1.8.0)
+      oauth2 (>= 1.4, < 3)
+      omniauth (~> 2.0)
+    omniauth-rails_csrf_protection (1.0.1)
+      actionpack (>= 4.2)
+      omniauth (~> 2.0)
     orm_adapter (0.5.0)
     parallel (1.23.0)
     parser (3.2.2.3)
       ast (~> 2.4.1)
       racc
-    public_suffix (5.0.3)
+    public_suffix (6.0.2)
     puma (6.3.0)
       nio4r (~> 2.0)
-    racc (1.7.1)
-    rack (2.2.8)
-    rack-test (2.1.0)
+    racc (1.8.1)
+    rack (2.2.16)
+    rack-protection (3.0.6)
+      rack
+    rack-test (2.2.0)
       rack (>= 1.3)
     rails (7.0.6)
       actioncable (= 7.0.6)
@@ -218,13 +253,13 @@ GEM
       activesupport (= 7.0.6)
       bundler (>= 1.15.0)
       railties (= 7.0.6)
-    rails-dom-testing (2.2.0)
+    rails-dom-testing (2.3.0)
       activesupport (>= 5.0.0)
       minitest
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.6.0)
+    rails-html-sanitizer (1.6.2)
       loofah (~> 2.21)
-      nokogiri (~> 1.14)
+      nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0)
     rails_autolink (1.1.8)
       actionview (> 3.1)
       activesupport (> 3.1)
@@ -237,14 +272,14 @@ GEM
       thor (~> 1.0)
       zeitwerk (~> 2.5)
     rainbow (3.1.1)
-    rake (13.0.6)
-    regexp_parser (2.8.1)
+    rake (13.3.0)
+    regexp_parser (2.10.0)
     reline (0.3.7)
       io-console (~> 0.5)
     responders (3.1.0)
       actionpack (>= 5.2)
       railties (>= 5.2)
-    rexml (3.2.6)
+    rexml (3.4.1)
     rubocop (1.45.1)
       json (~> 2.3)
       parallel (~> 1.10)
@@ -270,12 +305,18 @@ GEM
     ruby-progressbar (1.13.0)
     ruby-vips (2.1.4)
       ffi (~> 1.12)
-    rubyzip (2.3.2)
-    selenium-webdriver (4.11.0)
+    ruby2_keywords (0.0.5)
+    rubyzip (2.4.1)
+    selenium-webdriver (4.33.0)
+      base64 (~> 0.2)
+      logger (~> 1.4)
       rexml (~> 3.2, >= 3.2.5)
       rubyzip (>= 1.2.2, < 3.0)
       websocket (~> 1.0)
     smart_properties (1.17.0)
+    snaky_hash (2.0.1)
+      hashie
+      version_gem (~> 1.1, >= 1.1.1)
     sprockets (4.2.0)
       concurrent-ruby (~> 1.0)
       rack (>= 2.2.4, < 4)
@@ -288,29 +329,29 @@ GEM
     ssrf_filter (1.1.1)
     stimulus-rails (1.2.1)
       railties (>= 6.0.0)
-    thor (1.2.2)
+    thor (1.3.2)
     timeout (0.4.0)
-    turbo-rails (1.4.0)
+    turbo-rails (2.0.12)
       actionpack (>= 6.0.0)
-      activejob (>= 6.0.0)
       railties (>= 6.0.0)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
     unicode-display_width (2.4.2)
+    version_gem (1.1.3)
     warden (1.2.9)
       rack (>= 2.0.9)
     web-console (4.2.0)
       actionview (>= 6.0.0)
       activemodel (>= 6.0.0)
       bindex (>= 0.4.0)
       railties (>= 6.0.0)
-    websocket (1.2.9)
+    websocket (1.2.11)
     websocket-driver (0.7.6)
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.5)
     xpath (3.2.0)
       nokogiri (~> 1.8)
-    zeitwerk (2.6.11)
+    zeitwerk (2.7.3)
 
 PLATFORMS
   ruby
@@ -322,6 +363,7 @@ DEPENDENCIES
   debug
   devise
   devise-i18n
+  dotenv-rails
   erb_lint
   faker
   i18n_generators
@@ -330,6 +372,9 @@ DEPENDENCIES
   jbuilder
   kaminari
   letter_opener_web
+  omniauth
+  omniauth-github
+  omniauth-rails_csrf_protection
   puma
   rails (~> 7.0.6)
   rails_autolink

app/controllers/users/omniauth_callbacks_controller.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
+  def github
+    @user = User.from_omniauth(request.env['omniauth.auth'])
+
+    if @user.persisted?
+      sign_in_and_redirect @user, event: :authentication
+      set_flash_message(:notice, :success, kind: 'GitHub') if is_navigational_format?
+    else
+      alert = t('devise.omniauth_callbacks.failure', kind: 'GitHub', reason: @user.errors.full_messages.join(', '))
+      redirect_to new_user_session_url, alert:
+    end
+  end
+
+  def failure
+    redirect_to new_user_session_url
+  end
+end

app/controllers/users/registrations_controller.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+class Users::RegistrationsController < Devise::RegistrationsController
+  protected
+
+  # Override
+  def update_resource(resource, params)
+    if params[:password].blank?
+      # パスワード変更を伴わない場合はオーバーライドする
+      # current_passwordが残っていると、これを更新しようとしてエラーになるのでparamsから削除
+      params.delete(:current_password)
+      resource.update_without_password(params)
+    else
+      # パスワード変更を伴う場合はデフォルトの実装を使う
+      super
+    end
+  end
+end

app/models/user.rb

@@ -2,7 +2,8 @@
 
 class User < ApplicationRecord
   devise :database_authenticatable, :registerable,
-         :recoverable, :rememberable, :validatable
+         :recoverable, :rememberable, :validatable,
+         :omniauthable, omniauth_providers: %i[github]
 
   has_many :reports, dependent: :destroy
   has_many :comments, dependent: :destroy
@@ -11,6 +12,16 @@ class User < ApplicationRecord
     attachable.variant :thumb, resize_to_limit: [150, 150]
   end
 
+  validates :uid, uniqueness: { scope: :provider }, if: -> { uid.present? }
+
+  def self.from_omniauth(auth)
+    find_or_create_by(provider: auth.provider, uid: auth.uid) do |user|
+      user.name = auth.info.name
+      user.email = auth.info.email
+      user.password = Devise.friendly_token[0, 20]
+    end
+  end
+
   def name_or_email
     name.presence || email
   end

app/views/devise/shared/_links.html.erb

@@ -21,7 +21,7 @@
 
   <%- if devise_mapping.omniauthable? %>
     <%- resource_class.omniauth_providers.each do |provider| %>
-      <%= link_to t('.sign_in_with_provider', provider: OmniAuth::Utils.camelize(provider)), omniauth_authorize_path(resource_name, provider), method: :post %><br />
+      <%= button_to t('.sign_in_with_provider', provider: OmniAuth::Utils.camelize(provider)), omniauth_authorize_path(resource_name, provider), data: { turbo: false } %><br />
     <% end %>
   <% end %>
 </nav>

app/views/layouts/_menu.html.erb

@@ -20,7 +20,7 @@
       <%= link_to t('devise.registrations.edit.title'), edit_user_registration_path %>
     </li>
     <li>
-      <%= link_to t('views.common.sign_out'), destroy_user_session_path, data: { turbo_method: :delete } %>
+      <%= button_to t('views.common.sign_out'), destroy_user_session_path, method: :delete %>
     </li>
   </ul>
 </div>

config/boot.rb

@@ -1,4 +1,7 @@
 ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__)
 
+# https://zenn.dev/ayu0819/articles/3d361c5a14c2df
+require "logger"
+
 require "bundler/setup" # Set up gems listed in the Gemfile.
 require "bootsnap/setup" # Speed up boot time by caching expensive operations.

config/initializers/devise.rb

@@ -271,7 +271,10 @@
   # ==> OmniAuth
   # Add a new OmniAuth provider. Check the wiki for more information on setting
   # up on your models and hooks.
-  # config.omniauth :github, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo'
+  if ENV["GITHUB_ID"].blank? || ENV["GITHUB_SECRET"].blank?
+    raise "環境変数 GITHUB_ID と GITHUB_SECRET を設定してください。（開発環境ではdotenv-railsを利用してください）"
+  end
+  config.omniauth :github, ENV["GITHUB_ID"], ENV["GITHUB_SECRET"], scope: "user"
 
   # ==> Warden configuration
   # If you want to use other strategies, that are not supported by Devise, or

config/routes.rb

@@ -1,6 +1,6 @@
 Rails.application.routes.draw do
   mount LetterOpenerWeb::Engine, at: "/letter_opener" if Rails.env.development?
-  devise_for :users
+  devise_for :users, controllers: { omniauth_callbacks: 'users/omniauth_callbacks', registrations: "users/registrations" }
   root to: 'books#index'
   resources :books do
     scope module: :books do