From 863b2ececcfe7f43f4096f26bebc25ff214e68c1 Mon Sep 17 00:00:00 2001
From: Ilya Kolodnik <ilya.kolodnik@twinslash.com>
Date: Mon, 29 Apr 2013 10:31:55 +0300
Subject: [PATCH] add error processing when access denied

---
 app/controllers/redmine_oauth_controller.rb | 25 ++++++++++++---------
 config/locales/en.yml                       |  1 +
 config/locales/ru.yml                       |  3 ++-
 3 files changed, 18 insertions(+), 11 deletions(-)

diff --git a/app/controllers/redmine_oauth_controller.rb b/app/controllers/redmine_oauth_controller.rb
index 0efac4c..93f928a 100644
--- a/app/controllers/redmine_oauth_controller.rb
+++ b/app/controllers/redmine_oauth_controller.rb
@@ -14,19 +14,24 @@ class RedmineOauthController < AccountController
   end
 
   def oauth_google_callback
-    token = oauth_client.auth_code.get_token(params[:code], :redirect_uri => oauth_google_callback_url)
-    result = token.get('https://www.googleapis.com/oauth2/v1/userinfo')
-    info = JSON.parse(result.body)
-    if info && info["verified_email"]
-      if allowed_domain_for?(info["email"])
-        try_to_login info
+    if params[:error]
+      flash[:error] = l(:notice_access_denied)
+      redirect_to signin_path
+    else
+      token = oauth_client.auth_code.get_token(params[:code], :redirect_uri => oauth_google_callback_url)
+      result = token.get('https://www.googleapis.com/oauth2/v1/userinfo')
+      info = JSON.parse(result.body)
+      if info && info["verified_email"]
+        if allowed_domain_for?(info["email"])
+          try_to_login info
+        else
+          flash[:error] = l(:notice_domain_not_allowed, :domain => parse_email(info["email"])[:domain])
+          redirect_to signin_path
+        end
       else
-        flash[:error] = l(:notice_domain_not_allowed, :domain => parse_email(info["email"])[:domain])
+        flash[:error] = l(:notice_unable_to_obtain_google_credentials)
         redirect_to signin_path
       end
-    else
-      flash[:error] = l(:notice_unable_to_obtain_google_credentials)
-      redirect_to signin_path
     end
   end
 
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 82a366e..c78fd41 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -1,4 +1,5 @@
 en:
   notice_unable_to_obtain_google_credentials: "Unable to obtain credentials from Google."
   notice_domain_not_allowed: "You can not login using %{domain} domain."
+  notice_access_denied: "You must allow to use you Google credentials to enter this site."
   login_via_google: "Login via Google"
diff --git a/config/locales/ru.yml b/config/locales/ru.yml
index 5655666..5e52f73 100644
--- a/config/locales/ru.yml
+++ b/config/locales/ru.yml
@@ -1,4 +1,5 @@
 ru:
   notice_unable_to_obtain_google_credentials: "Не удалось получить данные от Google."
   notice_domain_not_allowed: "Вы не можете войти в систему при помощи домена %{domain}."
-  login_via_google: "Войти с Google"
\ No newline at end of file
+  notice_access_denied: "Для корректного входа необходимо разрешить приложению доступ к аккаунту."
+  login_via_google: "Войти с Google"
-- 
GitLab