/
redmine_oauth_controller.rb
104 lines (93 loc) · 3 KB
/
redmine_oauth_controller.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
require 'account_controller'
require 'json'
require 'jwt'
class RedmineOauthController < AccountController
include Helpers::MailHelper
include Helpers::Checker
def oauth_azure
if Setting.plugin_redmine_omniauth_azure['azure_oauth_authentication']
session['back_url'] = params['back_url']
redirect_to oauth_client.auth_code.authorize_url(:redirect_uri => oauth_azure_callback_url, :scope => scopes)
else
password_authentication
end
end
def oauth_azure_callback
if params['error']
flash['error'] = l(:notice_access_denied)
redirect_to signin_path
else
token = oauth_client.auth_code.get_token(params['code'], :redirect_uri => oauth_azure_callback_url, :resource => "00000002-0000-0000-c000-000000000000")
user_info = JWT.decode(token.token, nil, false)
logger.error user_info
email = user_info.first['unique_name']
if email
checked_try_to_login email, user_info.first
else
flash['error'] = l(:notice_no_verified_email_we_could_use)
redirect_to signin_path
end
end
end
def checked_try_to_login(email, user)
if allowed_domain_for?(email)
try_to_login email, user
else
flash['error'] = l(:notice_domain_not_allowed, :domain => parse_email(email)['domain'])
redirect_to signin_path
end
end
def try_to_login email, info
params['back_url'] = session['back_url']
session.delete(:back_url)
user = User.joins(:email_addresses)
.where('email_addresses.address' => email, 'email_addresses.is_default' => true)
.first_or_initialize
if user.new_record?
# Self-registration off
redirect_to(home_url) && return unless Setting.self_registration?
# Create on the fly
user.firstname, user.lastname = info["name"].split(' ') unless info['name'].nil?
user.firstname ||= info["name"]
user.lastname ||= info["name"]
user.mail = email
user.login = info['login']
user.login ||= [user.firstname, user.lastname]*"."
user.random_password
user.register
case Setting.self_registration
when '1'
register_by_email_activation(user) do
onthefly_creation_failed(user)
end
when '3'
register_automatically(user) do
onthefly_creation_failed(user)
end
else
register_manually_by_administrator(user) do
onthefly_creation_failed(user)
end
end
else
# Existing record
if user.active?
successful_authentication(user)
else
account_pending
end
end
end
def oauth_client
@client ||= OAuth2::Client.new(settings['client_id'], settings['client_secret'],
:site => 'https://login.windows.net',
:authorize_url => '/' + settings['tenant_id'] + '/oauth2/authorize',
:token_url => '/' + settings['tenant_id'] + '/oauth2/token')
end
def settings
@settings ||= Setting.plugin_redmine_omniauth_azure
end
def scopes
'user:email'
end
end