Force Omniauth login via popup when certain links clicked and then friendly forward

Question

Following this Q&A thread, I've got it so that a user can log-in via Omniauth Facebook strategy using a popup. Here's my code:

view:

<%= link_to("Sign in with Facebook", "/auth/facebook", :id => "signin", 
:data => {:width => 600, :height => 400}) %>

application.js:

function popupCenter(url, width, height, name) {
  var left = (screen.width/2)-(width/2);
  var top = (screen.height/2)-(height/2);
  return window.open(url, name, "menubar=no,toolbar=no,status=no,width="+width+",height="+height+",toolbar=no,left="+left+",top="+top);
}

$(document).ready(function() {
  $('a#signin').click(function(e) {
    popupCenter($(this).attr('href'), $(this).attr('data-width'), $(this).attr('data-height'), 'authPopup');
    e.stopPropagation();
    return false;
  });
});

sessions_controller.rb:

  def create
    user = AuthProviders::FacebookUser.find_or_create_user_from(auth_hash)
    session[:current_user_id] = user.id
    @return_to = origin || root_url
    render :callback, :layout => false
  end

  protected

  def auth_hash
    request.env['omniauth.auth']
  end

  def origin
    request.env['omniauth.origin']
  end

views/sessions/callback.html.erb:

<script type="text/javascript">
  if (window.opener) {
    window.opener.location = '<%= @return_to %>';
  }
  else {
    window.location = '<%= @return_to %>';
  }
  return window.close();
</script>

This works great and all, but I need the code to be able to handle two additional scenarios:

(1) User clicks on a link and controller action renders a plain old html response, but that page can only be viewed when there's a current_user (i.e., signed in). When the link is clicked, the user is forced to sign in via Facebook using the popup. Once authenticated, the user is forwarded to the original request page. For example, a user clicks this link and because he's not logged in he's prompted to sign in via Facebook and then is returned to requested page:

<%= active_link_to("Your Stuff", user_stuff_path(current_user), :wrap_tag => :li) %>

When you're not using a popup, this is pretty easy to do using Hartly's Friendly Forwarding chapter.

(2) The other scenario is similar to (1), but instead of html, the controller action renders javascript, which then opens up a (Twitter bootstrap) modal dialog. The user must be signed in to view this modal box, so the app needs to present the user with the Facebook auth dialog and then forward him/her back to the modal box. Here's a sample link in my app:

<%= link_to(event.home_pick_path, :remote => true, :class => "#{event.home_button_class}", :rel => "tooltip", :data => {:placement => "top", "original-title" => "#{event.home_bet_tooltip}"}) do %>
  <div class="team-name"><%= event.home_team_nickname %></div>
<% end %>

The request URL looks like this: /picks/new?pick_line_id=1&pick_num=1.

So I imagine whatever the solution is to these two scenarios, there's some plumbing involved, so I appreciate your time to respond in advance.

Answer 1

I think you are over engineering. I'd go for a much simple approach, but of course it depends on your business logic.

If there is no current user i'd render in the same url "a 401" template with a "login" button, wich would trigger the Fb login button.

in the callback (not tested)..

def create
  if session[:redirect_to].nil?
    session[:redirect_to] = origin
  end
  user = AuthProviders::FacebookUser.find_or_create_user_from(auth_hash)
  session[:current_user_id] = user.id
  unless session[:redirect_to].nil?
    redirect = session[:redirect_to] || root_url
    session[:redirect_to] = nil
    redirect_to redirect
  end 
end

Of course there is no template to handle it as you don't need it.