decidim-microsoft 1.0.0

data/README.md

@@ -0,0 +1,184 @@
+# OmniAuth::Decidim
+
+[![[CI] Lint](https://github.com/openpoke/decidim-module-microsoft/actions/workflows/lint.yml/badge.svg)](https://github.com/openpoke/decidim-module-microsoft/actions/workflows/lint.yml)
+[![[CI] Test](https://github.com/openpoke/decidim-module-microsoft/actions/workflows/test.yml/badge.svg)](https://github.com/openpoke/decidim-module-microsoft/actions/workflows/test.yml)
+[![Maintainability](https://api.codeclimate.com/v1/badges/7d9a138a045b30851a33/maintainability)](https://codeclimate.com/github/openpoke/decidim-module-microsoft/maintainability)
+[![codecov](https://codecov.io/gh/openpoke/decidim-module-microsoft/branch/main/graph/badge.svg?token=V3KR51DGFN)](https://codecov.io/gh/openpoke/decidim-module-microsoft)
+[![Gem Version](https://badge.fury.io/rb/decidim-microsoft.svg)](https://badge.fury.io/rb/decidim-microsoft)
+
+This is the Microsoft/Azure ActiveDirectory (v2) strategy for login into Decidim using OmniAuth (SSO).
+
+![Login with Azure](features/login.png)
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'decidim-microsoft'
+```
+
+And then execute:
+
+```
+bundle
+```
+
+## Usage
+
+### Register a new App in your Azure account
+
+Extracted from the initial instructions explained here:
+
+https://medium.com/committed-engineers/setup-azure-ad-oauth-2-0-with-ruby-on-rails-and-devise-39848e3ed532
+
+1. Go to your Azure account, [configure a new tenant](https://docs.microsoft.com/en-gb/azure/active-directory/fundamentals/active-directory-access-create-new-tenant) if you don't have any.
+
+2. Register a new app n your tenant Azure Active Directory: ![Config step 1](features/azure_conf1.png)
+
+3. Use `https://example.org/users/auth/azure_activedirectory_v2/callback` as the callback URI (change `example.org` for your own domain)
+
+4. Generate a new client ID/Secret in "Certificates & secrets" ![Config step 2](features/azure_conf2.png)
+
+5. Use the `Appliction (client) ID`, `Directory (tentant) ID` and the `Secret ID` to define the ENV variables.
+
+6. Happy login!
+
+### Configure the Decidim OAuth clients
+
+By default, this strategy can be automatically configure using just these ENV vars:
+
+```
+AZURE_CLIENT_ID=XXXX
+AZURE_TENANT_ID=XXXX
+AZURE_CLIENT_SECRET=XXXX
+```
+
+By setting the ENV var `AZURE_CLIENT_ID` to value that's not empty, the "login with microsoft" button will appear automatically in you Decidim instance.
+
+You can also customize the way you extract these secrets by creating a initializer file, such as:
+
+```ruby
+# config/initializers/microsoft_omniauth.rb
+
+Decidim::Microsoft.configure do |config|
+  config.omniauth = {
+    enabled: Rails.application.secrets.dig(:omniauth, :microsoft, :enabled),
+    client_id: Rails.application.secrets.dig(:omniauth, :microsoft, :client_id:),
+    tenant_id: Rails.application.secrets.dig(:omniauth, :microsoft, :tenant_id),
+    client_secret: Rails.application.secrets.dig(:omniauth, :microsoft, :client_secret),
+    icon_path: Rails.application.secrets.dig(:omniauth, :microsoft, :icon_path), # be aware of webpacker, must by media/images/something
+    # optional variables:
+    # See https://github.com/RIPAGlobal/omniauth-azure-activedirectory-v2/blob/master/lib/omniauth/strategies/azure_activedirectory_v2.rb
+    scope: Rails.application.secrets.dig(:omniauth, :microsoft, :scope),
+    base_azure_url: Rails.application.secrets.dig(:omniauth, :microsoft, :base_azure_url),
+    authorize_params: Rails.application.secrets.dig(:omniauth, :microsoft, :authorize_params),
+    domain_hint: Rails.application.secrets.dig(:omniauth, :microsoft, :domain_hint)
+  }
+end
+```
+
+And, of course, having these values in your `config/secrets.yml` file.
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/openpoke/decidim-module-microsoft.
+
+### Developing
+
+To start contributing to this project, first:
+
+- Install the basic dependencies (such as Ruby and PostgreSQL)
+- Clone this repository
+
+Decidim's main repository also provides a Docker configuration file if you
+prefer to use Docker instead of installing the dependencies locally on your
+machine.
+
+You can create the development app by running the following commands after
+cloning this project:
+
+```bash
+$ bundle
+$ DATABASE_USERNAME=<username> DATABASE_PASSWORD=<password> bundle exec rake development_app
+```
+
+Note that the database user has to have rights to create and drop a database in
+order to create the dummy test app database.
+
+Then to test how the module works in Decidim, start the development server:
+
+```bash
+$ cd development_app
+$ DATABASE_USERNAME=<username> DATABASE_PASSWORD=<password> bundle exec rails s
+```
+
+In case you are using [rbenv](https://github.com/rbenv/rbenv) and have the
+[rbenv-vars](https://github.com/rbenv/rbenv-vars) plugin installed for it, you
+can add the environment variables to the root directory of the project in a file
+named `.rbenv-vars`. If these are defined for the environment, you can omit
+defining these in the commands shown above.
+
+#### Code Styling
+
+Please follow the code styling defined by the different linters that ensure we
+are all talking with the same language collaborating on the same project. This
+project is set to follow the same rules that Decidim itself follows.
+
+[Rubocop](https://rubocop.readthedocs.io/) linter is used for the Ruby language.
+
+You can run the code styling checks by running the following commands from the
+console:
+
+```
+$ bundle exec rubocop
+```
+
+To ease up following the style guide, you should install the plugin to your
+favorite editor, such as:
+
+- Atom - [linter-rubocop](https://atom.io/packages/linter-rubocop)
+- Sublime Text - [Sublime RuboCop](https://github.com/pderichs/sublime_rubocop)
+- Visual Studio Code - [Rubocop for Visual Studio Code](https://github.com/misogi/vscode-ruby-rubocop)
+
+### Testing
+
+To run the tests run the following in the gem development path:
+
+```bash
+$ bundle
+$ DATABASE_USERNAME=<username> DATABASE_PASSWORD=<password> bundle exec rake test_app
+$ DATABASE_USERNAME=<username> DATABASE_PASSWORD=<password> bundle exec rspec
+```
+
+Note that the database user has to have rights to create and drop a database in
+order to create the dummy test app database.
+
+In case you are using [rbenv](https://github.com/rbenv/rbenv) and have the
+[rbenv-vars](https://github.com/rbenv/rbenv-vars) plugin installed for it, you
+can add these environment variables to the root directory of the project in a
+file named `.rbenv-vars`. In this case, you can omit defining these in the
+commands shown above.
+
+### Test code coverage
+
+If you want to generate the code coverage report for the tests, you can use
+the `SIMPLECOV=1` environment variable in the rspec command as follows:
+
+```bash
+$ SIMPLECOV=1 bundle exec rspec
+```
+
+This will generate a folder named `coverage` in the project root which contains
+the code coverage report.
+
+### Localization
+
+If you would like to see this module in your own language, you can help with its
+translation at Crowdin:
+
+https://crowdin.com/project/decidim-module-microsoft
+
+## License
+
+See [LICENSE-AGPLv3.txt](LICENSE-AGPLv3.txt).

data/Rakefile

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+require "decidim/dev/common_rake"
+require "fileutils"
+
+def seed_db(path)
+  Dir.chdir(path) do
+    system("bundle exec rake db:seed")
+  end
+end
+
+desc "Generates a dummy app for testing"
+task test_app: "decidim:generate_external_test_app" do
+  ENV["RAILS_ENV"] = "test"
+end
+
+desc "Generates a development app."
+task :development_app do
+  Bundler.with_original_env do
+    generate_decidim_app(
+      "development_app",
+      "--app_name",
+      "#{base_app_name}_development_app",
+      "--path",
+      "..",
+      "--recreate_db",
+      "--demo"
+    )
+  end
+
+  seed_db("development_app")
+end

data/app/packs/entrypoints/decidim_microsoft.js

@@ -0,0 +1,2 @@
+// Images
+require.context("../images", true)

data/app/packs/images/microsoft_logo.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 23 23"><path fill="#f3f3f3" d="M0 0h23v23H0z"/><path fill="#f35325" d="M1 1h10v10H1z"/><path fill="#81bc06" d="M12 1h10v10H12z"/><path fill="#05a6f0" d="M1 12h10v10H1z"/><path fill="#ffba08" d="M12 12h10v10H12z"/></svg>

data/bin/rails

@@ -0,0 +1,6 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+Dir.chdir("development_app")
+
+load "bin/rails"

data/codecov.yml

@@ -0,0 +1,11 @@
+coverage:
+  status:
+    patch: false
+    project:
+      default:
+        threshold: 0.1%
+github_checks:
+  annotations: false
+flag_management:
+  default_rules:
+    carryforward: true

data/config/assets.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+base_path = File.expand_path("..", __dir__)
+
+Decidim::Webpacker.register_path("#{base_path}/app/packs")
+Decidim::Webpacker.register_entrypoints(
+  decidim_microsoft: "#{base_path}/app/packs/entrypoints/decidim_microsoft.js"
+)

data/config/i18n-tasks.yml

@@ -0,0 +1,12 @@
+---
+
+base_locale: en
+locales: [en]
+
+data:
+  external:
+    - "<%= %x[bundle info decidim-core --path].chomp %>/config/locales/%{locale}.yml"
+
+ignore_unused:
+
+ignore_missing:

data/config/locales/en.yml

@@ -0,0 +1,10 @@
+---
+en:
+  decidim:
+    system:
+      organizations:
+        omniauth_settings:
+          azure_activedirectory_v2:
+            client_id: Application (client) ID
+            client_secret: Client secret ID
+            tenant_id: Directory (tenant) ID

data/decidim-microsoft.gemspec

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+lib = File.expand_path("lib", __dir__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "decidim/microsoft/version"
+
+Gem::Specification.new do |spec|
+  spec.name = "decidim-microsoft"
+  spec.version = Decidim::Microsoft::VERSION
+  spec.authors = ["Ivan Vergés"]
+  spec.email = ["ivan@pokecode.net"]
+
+  spec.summary = "OmniAuth strategy for microsoft"
+  spec.description = "OmniAuth strategy for microsoft"
+  spec.license = "AGPL-3.0"
+  spec.homepage = "https://github.com/openpoke/decidim-module-microsoft"
+  spec.required_ruby_version = ">= 2.7"
+
+  spec.files = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.bindir = "exe"
+  spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "decidim-core", Decidim::Microsoft::COMPAT_DECIDIM_VERSION
+  spec.add_dependency "omniauth-azure-activedirectory-v2", "~> 1.0"
+
+  spec.add_development_dependency "decidim-dev", Decidim::Microsoft::COMPAT_DECIDIM_VERSION
+end

data/lib/decidim/microsoft/engine.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+require "omniauth/strategies/azure_activedirectory_v2"
+
+module Decidim
+  module Microsoft
+    # This is the engine that runs on the public interface of decidim-microsoft.
+    class Engine < ::Rails::Engine
+      isolate_namespace Decidim::Microsoft
+
+      initializer "decidim_microsoft.omniauth" do
+        next unless Decidim::Microsoft.omniauth.present? && Decidim::Microsoft.omniauth[:enabled]
+
+        Rails.application.config.middleware.use OmniAuth::Builder do
+          provider Decidim::Microsoft::OMNIAUTH_PROVIDER_NAME, Decidim::Microsoft.omniauth
+        end
+
+        # Force Decidim to look at this provider if not defined in secrets.yml
+        if Rails.application.secrets.dig(:omniauth, Decidim::Microsoft::OMNIAUTH_PROVIDER_NAME).blank?
+          Rails.application.secrets[:omniauth][Decidim::Microsoft::OMNIAUTH_PROVIDER_NAME] = Decidim::Microsoft.omniauth
+        end
+      end
+
+      initializer "decidim_microsoft.webpacker.assets_path" do
+        Decidim.register_assets_path File.expand_path("app/packs", root)
+      end
+    end
+  end
+end

data/lib/decidim/microsoft/version.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module Decidim
+  module Microsoft
+    VERSION = "1.0.0"
+    DECIDIM_VERSION = "0.26.2"
+    COMPAT_DECIDIM_VERSION = [">= 0.25.0", "< 0.28"].freeze
+  end
+end

data/lib/decidim/microsoft.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+require "decidim/microsoft/engine"
+
+module Decidim
+  # This namespace holds the logic of the `decidim-microsoft` module.
+  module Microsoft
+    include ActiveSupport::Configurable
+
+    OMNIAUTH_PROVIDER_NAME = :azure_activedirectory_v2
+
+    # setup a hash with :client_id, :client_secret and :site to enable omniauth authentication
+    config_accessor :omniauth do
+      {
+        enabled: ENV["AZURE_CLIENT_ID"].present?,
+        client_id: ENV["AZURE_CLIENT_ID"],
+        tenant_id: ENV["AZURE_TENANT_ID"],
+        client_secret: ENV["AZURE_CLIENT_SECRET"],
+        icon_path: "media/images/microsoft_logo.svg"
+      }
+    end
+  end
+end

data/lib/omniauth/microsoft.rb

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+require "omniauth/strategies/microsoft"

data/lib/omniauth/strategies/microsoft.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+require "omniauth-oauth2"
+
+module OmniAuth
+  module Strategies
+    class Microsoft < OmniAuth::Strategies::OAuth2
+    end
+  end
+end

metadata

@@ -0,0 +1,124 @@
+--- !ruby/object:Gem::Specification
+name: decidim-microsoft
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Ivan Vergés
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2022-08-17 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: decidim-core
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.25.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '0.28'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.25.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '0.28'
+- !ruby/object:Gem::Dependency
+  name: omniauth-azure-activedirectory-v2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: decidim-dev
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.25.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '0.28'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.25.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '0.28'
+description: OmniAuth strategy for microsoft
+email:
+- ivan@pokecode.net
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".github/workflows/lint.yml"
+- ".github/workflows/test.yml"
+- ".gitignore"
+- ".rspec"
+- ".rubocop.yml"
+- ".rubocop_rails.yml"
+- ".rubocop_ruby.yml"
+- ".ruby-version"
+- CODE_OF_CONDUCT.md
+- Gemfile
+- Gemfile.lock
+- LICENSE-AGPLv3.txt
+- README.md
+- Rakefile
+- app/packs/entrypoints/decidim_microsoft.js
+- app/packs/images/microsoft_logo.svg
+- bin/rails
+- codecov.yml
+- config/assets.rb
+- config/i18n-tasks.yml
+- config/locales/en.yml
+- decidim-microsoft.gemspec
+- lib/decidim/microsoft.rb
+- lib/decidim/microsoft/engine.rb
+- lib/decidim/microsoft/version.rb
+- lib/omniauth/microsoft.rb
+- lib/omniauth/strategies/microsoft.rb
+homepage: https://github.com/openpoke/decidim-module-microsoft
+licenses:
+- AGPL-3.0
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '2.7'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.6
+signing_key: 
+specification_version: 4
+summary: OmniAuth strategy for microsoft
+test_files: []