Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
Enables cross-space authentication when spaces live under the same base domain (subdomains), by sharing the session cookie across subdomains and ensuring OmniAuth/ORCID flows redirect users back to the originating space safely.
Changes:
- Configure session cookies for cross-subdomain sharing and add legacy-cookie cleanup on login/logout.
- Add “space-aware” redirects for OmniAuth and ORCID callbacks (only for allowed subdomain spaces).
- Introduce subdomain detection + helper gating to show OmniAuth/ORCID UI only where supported; expand test coverage accordingly.
Reviewed changes
Copilot reviewed 20 out of 21 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| test/unit/config_test.rb | Adds coverage for parsing base_uri domain. |
| test/models/space_test.rb | Adds unit tests for Space#is_subdomain?. |
| test/integration/omniauth_test.rb | Verifies post-auth redirect behavior back to origin space (and safety on other domains). |
| test/integration/login_test.rb | Verifies legacy host-only cookie is cleared on login/logout. |
| test/controllers/users_controller_test.rb | Ensures ORCID button visibility respects subdomain support rules. |
| test/controllers/static_controller_test.rb | Ensures OmniAuth login options only show on supported (subdomain) spaces. |
| test/controllers/orcid_controller_test.rb | Verifies ORCID redirect URI + state handling + callback redirects per space rules. |
| config/routes.rb | Wires Devise sessions to a custom controller for legacy cookie cleanup. |
| config/initializers/session_store.rb | Sets cookie domain to enable cross-subdomain session sharing. |
| config/application.rb | Adds TeSS::Config.base_uri to derive a base domain from base_url. |
| app/views/users/show.html.erb | Gates ORCID authenticate/link button behind space_supports_omniauth?. |
| app/views/layouts/_login_menu.html.erb | Hides OmniAuth login options when the space doesn’t support cross-host auth. |
| app/models/space.rb | Adds Space#is_subdomain? helper for “under base domain” checks. |
| app/helpers/spaces_helper.rb | Adds space_supports_omniauth? helper used by views. |
| app/helpers/application_helper.rb | Adds space_id param to OmniAuth authorize requests for non-default spaces. |
| app/controllers/tess_devise/sessions_controller.rb | Clears legacy host-only session cookie on create/destroy. |
| app/controllers/orcid_controller.rb | Adds state-based space return handling and uses base host for redirect URI. |
| app/controllers/concerns/space_redirect.rb | Adds shared redirect helper to safely redirect to allowed subdomain spaces. |
| app/controllers/callbacks_controller.rb | Adds space-aware redirect after OmniAuth callback. |
| Gemfile.lock | Locks addressable dependency. |
| Gemfile | Adds addressable for base-domain parsing. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary of changes
Motivation and context
Checklist
to license it to the TeSS codebase under the
BSD license.