thecore_auth_commons 3.5.1 → 3.5.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 29a083c2300c45d950b99efa4ff7e8a5642c11212acd01d392bb07f63fb38a19
|
|
4
|
+
data.tar.gz: 9a20546917d55959cf5aa5d4c272c43e7f09efc5888d80d05d9edbb634b499f8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: dbf9f9bcc726736caf0b785807609235d98b56f2180e9b9bd1af32b1167333c739ab27d6992a038b33d8a859612ce09bb6474f9f9851c5f4f0aa6bb74ebb702b
|
|
7
|
+
data.tar.gz: edf61e953a0cc68f0d9bde2866499e609241519f9511397cb6730e6549d560cfebbdb2a395ec0f61020c8ca0e8a2089b0c7f4dfe6e59e4dec92629ade6066b67
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
# app/controllers/users/omniauth_callbacks_controller.rb
|
|
2
|
+
class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
|
|
3
|
+
def google_oauth2
|
|
4
|
+
callback 'Google', from_params, 'google'
|
|
5
|
+
end
|
|
6
|
+
|
|
7
|
+
def entra_id
|
|
8
|
+
callback 'Microsoft Entra ID', from_params, 'entra_id'
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
def callback name, from_params, provider
|
|
12
|
+
Rails.logger.info "#{name} callback received with params: #{from_params.inspect}"
|
|
13
|
+
|
|
14
|
+
user = ThecoreAuthCommons.check_user from_params[:email], from_params[:name], from_params[:surname], provider
|
|
15
|
+
|
|
16
|
+
if user.present?
|
|
17
|
+
sign_out_all_scopes
|
|
18
|
+
flash[:notice] = t 'devise.omniauth_callbacks.success', kind: name
|
|
19
|
+
sign_in_and_redirect user, event: :authentication
|
|
20
|
+
else
|
|
21
|
+
flash[:alert] = t 'devise.omniauth_callbacks.failure', kind: name, reason: "#{from_params[:email]} is not authorized."
|
|
22
|
+
redirect_to new_user_session_path
|
|
23
|
+
end
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
def from_params
|
|
27
|
+
Rails.logger.info "Omniauth params: #{auth.info.inspect}"
|
|
28
|
+
@from_params ||= {
|
|
29
|
+
uid: auth.uid,
|
|
30
|
+
email: auth.info.email,
|
|
31
|
+
# in the params from Microsoft or Google there must be laso the name and surname, maybe with different key, assign them to the name and surname keys in this object
|
|
32
|
+
name: auth.info.given_name.presence || auth.info.first_name.presence || auth.info.name,
|
|
33
|
+
surname: auth.info.family_name.presence || auth.info.last_name.presence || auth.info.surname
|
|
34
|
+
}
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
def auth
|
|
38
|
+
@auth ||= request.env['omniauth.auth']
|
|
39
|
+
end
|
|
40
|
+
end
|
data/app/models/user.rb
CHANGED
|
@@ -1,6 +1,18 @@
|
|
|
1
1
|
class User < ApplicationRecord
|
|
2
2
|
# Get the minimum password length from the Environemnt or set it to 8
|
|
3
|
-
devise :database_authenticatable,
|
|
3
|
+
devise :database_authenticatable,
|
|
4
|
+
:rememberable,
|
|
5
|
+
:trackable,
|
|
6
|
+
:timeoutable,
|
|
7
|
+
:omniauthable,
|
|
8
|
+
:validatable,
|
|
9
|
+
# Devise modules configurations:
|
|
10
|
+
# Omniauthable allows the user to sign in with external providers
|
|
11
|
+
:omniauth_providers => [:google_oauth2, :entra_id],
|
|
12
|
+
# Validatable allows the user to validate their email and password
|
|
13
|
+
:password_length => ENV.fetch('MIN_PASSWORD_LENGTH', 8).to_i..128,
|
|
14
|
+
:timeout_in => ENV.fetch('SESSION_TIMEOUT_IN_MINUTES', 31).to_i.minutes
|
|
15
|
+
|
|
4
16
|
|
|
5
17
|
# REFERENCES
|
|
6
18
|
has_many :role_users, dependent: :destroy, inverse_of: :user
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
include Devise::OmniAuth::UrlHelpers if defined?(Devise::OmniAuth::UrlHelpers)
|
|
2
|
+
|
|
3
|
+
Rails.application.config.middleware.use OmniAuth::Builder do
|
|
4
|
+
provider(
|
|
5
|
+
:entra_id,
|
|
6
|
+
{
|
|
7
|
+
client_id: ENV['ENTRA_CLIENT_ID'],
|
|
8
|
+
client_secret: ENV['ENTRA_CLIENT_SECRET'],
|
|
9
|
+
tenant_id: ENV['ENTRA_TENANT_ID'], # Needed for Microsoft
|
|
10
|
+
scope: 'openid profile email User.Read',
|
|
11
|
+
response_type: 'code'
|
|
12
|
+
},
|
|
13
|
+
{
|
|
14
|
+
label: "Microsoft"
|
|
15
|
+
}
|
|
16
|
+
)
|
|
17
|
+
provider(
|
|
18
|
+
:google_oauth2,
|
|
19
|
+
ENV['GOOGLE_CLIENT_ID'],
|
|
20
|
+
ENV['GOOGLE_CLIENT_SECRET'],
|
|
21
|
+
{
|
|
22
|
+
scope: 'email,profile',
|
|
23
|
+
prompt: 'select_account',
|
|
24
|
+
access_type: 'online'
|
|
25
|
+
}
|
|
26
|
+
)
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
OmniAuth.config.allowed_request_methods = [:get, :post]
|
|
30
|
+
OmniAuth.config.silence_get_warning = true
|
data/lib/thecore_auth_commons.rb
CHANGED
|
@@ -13,6 +13,20 @@ require "thecore_auth_commons/engine"
|
|
|
13
13
|
require "thecore/seed"
|
|
14
14
|
|
|
15
15
|
module ThecoreAuthCommons
|
|
16
|
+
def self.oauth_vars?
|
|
17
|
+
(ENV['ENTRA_CLIENT_ID'].present? && ENV['ENTRA_CLIENT_SECRET'].present? && ENV['ENTRA_TENANT_ID'].present?) || (ENV['GOOGLE_CLIENT_ID'].present? && ENV['GOOGLE_CLIENT_SECRET'].present?)
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def self.check_user email, name, surname, provider
|
|
21
|
+
u = User.find_or_initialize_by(email: email)
|
|
22
|
+
u.name = name
|
|
23
|
+
u.surname = surname
|
|
24
|
+
u.password = u.password_confirmation = generate_secure_password
|
|
25
|
+
u.auth_source = provider # 'google' or 'microsoft'
|
|
26
|
+
u.admin = true
|
|
27
|
+
u.save if u.changed?
|
|
28
|
+
u
|
|
29
|
+
end
|
|
16
30
|
|
|
17
31
|
def self.import_ldap_users_task
|
|
18
32
|
puts "== Avvio sincronizzazione utenti da LDAP =="
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: thecore_auth_commons
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.5.
|
|
4
|
+
version: 3.5.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Gabriele Tassoni
|
|
@@ -235,6 +235,7 @@ extra_rdoc_files: []
|
|
|
235
235
|
files:
|
|
236
236
|
- README.md
|
|
237
237
|
- Rakefile
|
|
238
|
+
- app/controllers/users/omniauth_callbacks_controller.rb
|
|
238
239
|
- app/controllers/users/sessions_controller.rb
|
|
239
240
|
- app/jobs/background_ldap_import_job.rb
|
|
240
241
|
- app/models/action.rb
|
|
@@ -254,6 +255,7 @@ files:
|
|
|
254
255
|
- config/initializers/add_to_db_migrations.rb
|
|
255
256
|
- config/initializers/after_initialize.rb
|
|
256
257
|
- config/initializers/concern_cancancan.rb
|
|
258
|
+
- config/initializers/omniauth.rb
|
|
257
259
|
- config/locales/en.permissions.yml
|
|
258
260
|
- config/locales/en.thecore_auth_commons.yml
|
|
259
261
|
- config/locales/it.permissions.yml
|