class AuthController < ApplicationController skip_before_action :verify_session def login end def logout session.destroy redirect_to login_path end def auth redirect_to client.auth_code.authorize_url(redirect_uri: ENV['gitlab_callback']) end def callback access_token = client.auth_code.get_token(params[:code], redirect_uri: ENV['gitlab_callback']) session[:token] = access_token.token user_info(access_token) redirect_to accounts_path end private def user_info access_token @user_info ||= JSON.parse(access_token.get(ENV['gitlab_oauth'] + '/api/v3/user').body) session[:name] = @user_info['name'] session[:avatar] = @user_info['avatar_url'] session[:admin] = @user_info['is_admin'] end def client OAuth2::Client.new( ENV['gitlab_client'], ENV['gitlab_secret'], site: ENV['gitlab_oauth'] ) end end