Allow different omniauth settings per tenant

Co-Authored-By: Javi Martín <javim@elretirao.net>
consuldemocracy · Oct 9, 2022 · 883d4c5 · 883d4c5
1 parent 3c2be8a
commit 883d4c5
Show file tree

Hide file tree

Showing 4 changed files with 70 additions and 11 deletions.
diff --git a/app/views/shared/_social_media_meta_tags.html.erb b/app/views/shared/_social_media_meta_tags.html.erb
@@ -17,4 +17,4 @@
 <meta id="ogimage" property="og:image" content="<%= root_url + (local_assigns[:og_image_url] || "social_media_icon.png") %>" />
 <meta property="og:site_name" content="<%= setting["org_name"] %>" />
 <meta id="ogdescription" property="og:description" content="<%= description %>" />
-<meta property="fb:app_id" content="<%= Rails.application.secrets.facebook_key %>" />
+<meta property="fb:app_id" content="<%= Tenant.current_secrets.facebook_key %>" />
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
@@ -245,14 +245,26 @@
   # Add a new OmniAuth provider. Check the wiki for more information on setting
   # up on your models and hooks.
   # config.omniauth :github, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo'
-  config.omniauth :twitter, Rails.application.secrets.twitter_key, Rails.application.secrets.twitter_secret
-  config.omniauth :facebook, Rails.application.secrets.facebook_key, Rails.application.secrets.facebook_secret, scope: "email", info_fields: "email,name,verified"
-  config.omniauth :google_oauth2, Rails.application.secrets.google_oauth2_key, Rails.application.secrets.google_oauth2_secret
+  config.omniauth :twitter,
+                  Rails.application.secrets.twitter_key,
+                  Rails.application.secrets.twitter_secret,
+                  setup: OmniauthTenantSetup.twitter
+  config.omniauth :facebook,
+                  Rails.application.secrets.facebook_key,
+                  Rails.application.secrets.facebook_secret,
+                  scope: "email",
+                  info_fields: "email,name,verified",
+                  setup: OmniauthTenantSetup.facebook
+  config.omniauth :google_oauth2,
+                  Rails.application.secrets.google_oauth2_key,
+                  Rails.application.secrets.google_oauth2_secret,
+                  setup: OmniauthTenantSetup.google_oauth2
   config.omniauth :wordpress_oauth2,
                   Rails.application.secrets.wordpress_oauth2_key,
                   Rails.application.secrets.wordpress_oauth2_secret,
                   strategy_class: OmniAuth::Strategies::Wordpress,
-                  client_options: { site: Rails.application.secrets.wordpress_oauth2_site }
+                  client_options: { site: Rails.application.secrets.wordpress_oauth2_site },
+                  setup: OmniauthTenantSetup.wordpress_oauth2
 
   # ==> Warden configuration
   # If you want to use other strategies, that are not supported by Devise, or

diff --git a/config/secrets.yml.example b/config/secrets.yml.example
@@ -57,8 +57,8 @@ staging:
     # my_tenant_subdomain:
     #   secret_key: my_secret_value
     #
-    # Currently you can overwrite SMTP, SMS, manager, microsoft API and
-    # HTTP basic settings.
+    # Currently you can overwrite SMTP, SMS, manager, microsoft API,
+    # HTTP basic, twitter, facebook, google and wordpress settings.
   <<: *maps
   <<: *apis
 
@@ -93,8 +93,8 @@ preproduction:
     # my_tenant_subdomain:
     #   secret_key: my_secret_value
     #
-    # Currently you can overwrite SMTP, SMS, manager, microsoft API and
-    # HTTP basic settings.
+    # Currently you can overwrite SMTP, SMS, manager, microsoft API,
+    # HTTP basic, twitter, facebook, google and wordpress settings.
   twitter_key: ""
   twitter_secret: ""
   facebook_key: ""
@@ -134,8 +134,8 @@ production:
     # my_tenant_subdomain:
     #   secret_key: my_secret_value
     #
-    # Currently you can overwrite SMTP, SMS, manager, microsoft API and
-    # HTTP basic settings.
+    # Currently you can overwrite SMTP, SMS, manager, microsoft API,
+    # HTTP basic, twitter, facebook, google and wordpress settings.
   twitter_key: ""
   twitter_secret: ""
   facebook_key: ""

diff --git a/lib/omniauth_tenant_setup.rb b/lib/omniauth_tenant_setup.rb
@@ -0,0 +1,47 @@
+module OmniauthTenantSetup
+  class << self
+    def twitter
+      ->(env) do
+        oauth(env, secrets.twitter_key, secrets.twitter_secret)
+      end
+    end
+
+    def facebook
+      ->(env) do
+        oauth2(env, secrets.facebook_key, secrets.facebook_secret)
+      end
+    end
+
+    def google_oauth2
+      ->(env) do
+        oauth2(env, secrets.google_oauth2_key, secrets.google_oauth2_secret)
+      end
+    end
+
+    def wordpress_oauth2
+      ->(env) do
+        oauth2(env, secrets.wordpress_oauth2_key, secrets.wordpress_oauth2_secret)
+      end
+    end
+
+    private
+
+      def oauth(env, key, secret)
+        unless Tenant.default?
+          env["omniauth.strategy"].options[:consumer_key] = key
+          env["omniauth.strategy"].options[:consumer_secret] = secret
+        end
+      end
+
+      def oauth2(env, key, secret)
+        unless Tenant.default?
+          env["omniauth.strategy"].options[:client_id] = key
+          env["omniauth.strategy"].options[:client_secret] = secret
+        end
+      end
+
+      def secrets
+        Tenant.current_secrets
+      end
+  end
+end