thecore_auth_commons 3.4.2 → 3.5.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/app/controllers/users/omniauth_callbacks_controller.rb +40 -0
- data/app/models/user.rb +13 -1
- data/config/initializers/omniauth.rb +30 -0
- data/lib/thecore_auth_commons/version.rb +1 -1
- data/lib/thecore_auth_commons.rb +17 -0
- metadata +45 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 29a083c2300c45d950b99efa4ff7e8a5642c11212acd01d392bb07f63fb38a19
|
|
4
|
+
data.tar.gz: 9a20546917d55959cf5aa5d4c272c43e7f09efc5888d80d05d9edbb634b499f8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: dbf9f9bcc726736caf0b785807609235d98b56f2180e9b9bd1af32b1167333c739ab27d6992a038b33d8a859612ce09bb6474f9f9851c5f4f0aa6bb74ebb702b
|
|
7
|
+
data.tar.gz: edf61e953a0cc68f0d9bde2866499e609241519f9511397cb6730e6549d560cfebbdb2a395ec0f61020c8ca0e8a2089b0c7f4dfe6e59e4dec92629ade6066b67
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
# app/controllers/users/omniauth_callbacks_controller.rb
|
|
2
|
+
class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
|
|
3
|
+
def google_oauth2
|
|
4
|
+
callback 'Google', from_params, 'google'
|
|
5
|
+
end
|
|
6
|
+
|
|
7
|
+
def entra_id
|
|
8
|
+
callback 'Microsoft Entra ID', from_params, 'entra_id'
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
def callback name, from_params, provider
|
|
12
|
+
Rails.logger.info "#{name} callback received with params: #{from_params.inspect}"
|
|
13
|
+
|
|
14
|
+
user = ThecoreAuthCommons.check_user from_params[:email], from_params[:name], from_params[:surname], provider
|
|
15
|
+
|
|
16
|
+
if user.present?
|
|
17
|
+
sign_out_all_scopes
|
|
18
|
+
flash[:notice] = t 'devise.omniauth_callbacks.success', kind: name
|
|
19
|
+
sign_in_and_redirect user, event: :authentication
|
|
20
|
+
else
|
|
21
|
+
flash[:alert] = t 'devise.omniauth_callbacks.failure', kind: name, reason: "#{from_params[:email]} is not authorized."
|
|
22
|
+
redirect_to new_user_session_path
|
|
23
|
+
end
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
def from_params
|
|
27
|
+
Rails.logger.info "Omniauth params: #{auth.info.inspect}"
|
|
28
|
+
@from_params ||= {
|
|
29
|
+
uid: auth.uid,
|
|
30
|
+
email: auth.info.email,
|
|
31
|
+
# in the params from Microsoft or Google there must be laso the name and surname, maybe with different key, assign them to the name and surname keys in this object
|
|
32
|
+
name: auth.info.given_name.presence || auth.info.first_name.presence || auth.info.name,
|
|
33
|
+
surname: auth.info.family_name.presence || auth.info.last_name.presence || auth.info.surname
|
|
34
|
+
}
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
def auth
|
|
38
|
+
@auth ||= request.env['omniauth.auth']
|
|
39
|
+
end
|
|
40
|
+
end
|
data/app/models/user.rb
CHANGED
|
@@ -1,6 +1,18 @@
|
|
|
1
1
|
class User < ApplicationRecord
|
|
2
2
|
# Get the minimum password length from the Environemnt or set it to 8
|
|
3
|
-
devise :database_authenticatable,
|
|
3
|
+
devise :database_authenticatable,
|
|
4
|
+
:rememberable,
|
|
5
|
+
:trackable,
|
|
6
|
+
:timeoutable,
|
|
7
|
+
:omniauthable,
|
|
8
|
+
:validatable,
|
|
9
|
+
# Devise modules configurations:
|
|
10
|
+
# Omniauthable allows the user to sign in with external providers
|
|
11
|
+
:omniauth_providers => [:google_oauth2, :entra_id],
|
|
12
|
+
# Validatable allows the user to validate their email and password
|
|
13
|
+
:password_length => ENV.fetch('MIN_PASSWORD_LENGTH', 8).to_i..128,
|
|
14
|
+
:timeout_in => ENV.fetch('SESSION_TIMEOUT_IN_MINUTES', 31).to_i.minutes
|
|
15
|
+
|
|
4
16
|
|
|
5
17
|
# REFERENCES
|
|
6
18
|
has_many :role_users, dependent: :destroy, inverse_of: :user
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
include Devise::OmniAuth::UrlHelpers if defined?(Devise::OmniAuth::UrlHelpers)
|
|
2
|
+
|
|
3
|
+
Rails.application.config.middleware.use OmniAuth::Builder do
|
|
4
|
+
provider(
|
|
5
|
+
:entra_id,
|
|
6
|
+
{
|
|
7
|
+
client_id: ENV['ENTRA_CLIENT_ID'],
|
|
8
|
+
client_secret: ENV['ENTRA_CLIENT_SECRET'],
|
|
9
|
+
tenant_id: ENV['ENTRA_TENANT_ID'], # Needed for Microsoft
|
|
10
|
+
scope: 'openid profile email User.Read',
|
|
11
|
+
response_type: 'code'
|
|
12
|
+
},
|
|
13
|
+
{
|
|
14
|
+
label: "Microsoft"
|
|
15
|
+
}
|
|
16
|
+
)
|
|
17
|
+
provider(
|
|
18
|
+
:google_oauth2,
|
|
19
|
+
ENV['GOOGLE_CLIENT_ID'],
|
|
20
|
+
ENV['GOOGLE_CLIENT_SECRET'],
|
|
21
|
+
{
|
|
22
|
+
scope: 'email,profile',
|
|
23
|
+
prompt: 'select_account',
|
|
24
|
+
access_type: 'online'
|
|
25
|
+
}
|
|
26
|
+
)
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
OmniAuth.config.allowed_request_methods = [:get, :post]
|
|
30
|
+
OmniAuth.config.silence_get_warning = true
|
data/lib/thecore_auth_commons.rb
CHANGED
|
@@ -4,12 +4,29 @@ require 'kaminari'
|
|
|
4
4
|
require 'activerecord-nulldb-adapter'
|
|
5
5
|
require "thecore_settings"
|
|
6
6
|
require "net/ldap"
|
|
7
|
+
require 'omniauth'
|
|
8
|
+
require 'omniauth-google-oauth2'
|
|
9
|
+
require 'omniauth-entra-id'
|
|
7
10
|
|
|
8
11
|
require "thecore_auth_commons/engine"
|
|
9
12
|
|
|
10
13
|
require "thecore/seed"
|
|
11
14
|
|
|
12
15
|
module ThecoreAuthCommons
|
|
16
|
+
def self.oauth_vars?
|
|
17
|
+
(ENV['ENTRA_CLIENT_ID'].present? && ENV['ENTRA_CLIENT_SECRET'].present? && ENV['ENTRA_TENANT_ID'].present?) || (ENV['GOOGLE_CLIENT_ID'].present? && ENV['GOOGLE_CLIENT_SECRET'].present?)
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def self.check_user email, name, surname, provider
|
|
21
|
+
u = User.find_or_initialize_by(email: email)
|
|
22
|
+
u.name = name
|
|
23
|
+
u.surname = surname
|
|
24
|
+
u.password = u.password_confirmation = generate_secure_password
|
|
25
|
+
u.auth_source = provider # 'google' or 'microsoft'
|
|
26
|
+
u.admin = true
|
|
27
|
+
u.save if u.changed?
|
|
28
|
+
u
|
|
29
|
+
end
|
|
13
30
|
|
|
14
31
|
def self.import_ldap_users_task
|
|
15
32
|
puts "== Avvio sincronizzazione utenti da LDAP =="
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: thecore_auth_commons
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.5.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Gabriele Tassoni
|
|
@@ -23,6 +23,48 @@ dependencies:
|
|
|
23
23
|
- - ">="
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
25
|
version: '0'
|
|
26
|
+
- !ruby/object:Gem::Dependency
|
|
27
|
+
name: omniauth
|
|
28
|
+
requirement: !ruby/object:Gem::Requirement
|
|
29
|
+
requirements:
|
|
30
|
+
- - "~>"
|
|
31
|
+
- !ruby/object:Gem::Version
|
|
32
|
+
version: '2.1'
|
|
33
|
+
type: :runtime
|
|
34
|
+
prerelease: false
|
|
35
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
36
|
+
requirements:
|
|
37
|
+
- - "~>"
|
|
38
|
+
- !ruby/object:Gem::Version
|
|
39
|
+
version: '2.1'
|
|
40
|
+
- !ruby/object:Gem::Dependency
|
|
41
|
+
name: omniauth-google-oauth2
|
|
42
|
+
requirement: !ruby/object:Gem::Requirement
|
|
43
|
+
requirements:
|
|
44
|
+
- - "~>"
|
|
45
|
+
- !ruby/object:Gem::Version
|
|
46
|
+
version: '1.2'
|
|
47
|
+
type: :runtime
|
|
48
|
+
prerelease: false
|
|
49
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
50
|
+
requirements:
|
|
51
|
+
- - "~>"
|
|
52
|
+
- !ruby/object:Gem::Version
|
|
53
|
+
version: '1.2'
|
|
54
|
+
- !ruby/object:Gem::Dependency
|
|
55
|
+
name: omniauth-entra-id
|
|
56
|
+
requirement: !ruby/object:Gem::Requirement
|
|
57
|
+
requirements:
|
|
58
|
+
- - "~>"
|
|
59
|
+
- !ruby/object:Gem::Version
|
|
60
|
+
version: '3.0'
|
|
61
|
+
type: :runtime
|
|
62
|
+
prerelease: false
|
|
63
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
64
|
+
requirements:
|
|
65
|
+
- - "~>"
|
|
66
|
+
- !ruby/object:Gem::Version
|
|
67
|
+
version: '3.0'
|
|
26
68
|
- !ruby/object:Gem::Dependency
|
|
27
69
|
name: devise
|
|
28
70
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -193,6 +235,7 @@ extra_rdoc_files: []
|
|
|
193
235
|
files:
|
|
194
236
|
- README.md
|
|
195
237
|
- Rakefile
|
|
238
|
+
- app/controllers/users/omniauth_callbacks_controller.rb
|
|
196
239
|
- app/controllers/users/sessions_controller.rb
|
|
197
240
|
- app/jobs/background_ldap_import_job.rb
|
|
198
241
|
- app/models/action.rb
|
|
@@ -212,6 +255,7 @@ files:
|
|
|
212
255
|
- config/initializers/add_to_db_migrations.rb
|
|
213
256
|
- config/initializers/after_initialize.rb
|
|
214
257
|
- config/initializers/concern_cancancan.rb
|
|
258
|
+
- config/initializers/omniauth.rb
|
|
215
259
|
- config/locales/en.permissions.yml
|
|
216
260
|
- config/locales/en.thecore_auth_commons.yml
|
|
217
261
|
- config/locales/it.permissions.yml
|