This repository has been archived by the owner on Mar 21, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 5
/
plugin.rb
198 lines (169 loc) · 6.7 KB
/
plugin.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
# frozen_string_literal: true
# name: discourse-crowd
# about: Atlassian Crowd Login Provider
# version: 0.1
# author: Robin Ward
require_dependency 'auth/oauth2_authenticator'
gem "omniauth_crowd", "2.2.3"
# mode of crowd authentication, how the discourse will behave after the user types in the
# credentials
class CrowdAuthenticatorMode
def after_create_account(user, auth)
end
def set_groups(user, auth)
return unless SiteSetting.crowd_groups_enabled
user_crowd_groups = (auth[:info] && auth[:info].groups) ? auth[:info].groups : nil
group_map = {}
check_groups = {}
SiteSetting.crowd_groups_mapping.split("|").each do |map|
keyval = map.split(":", 2)
group_map[keyval[0]] = keyval[1]
check_groups[keyval[1]] = 0
end
if !(user_crowd_groups == nil || group_map.empty?)
user_crowd_groups.each { |user_crowd_group|
if group_map.has_key?(user_crowd_group) || !SiteSetting.crowd_groups_remove_unmapped_groups
result = nil
discourse_groups = group_map[user_crowd_group] || ""
discourse_groups.split(",").each { |discourse_group|
next unless discourse_group
check_groups[discourse_group] = 1
actual_group = Group.find_by(name: discourse_group)
next if actual_group.automatic # skip if it's an auto_group
if (!actual_group)
Rails.logger.warn("WARN: crowd_group '#{user_crowd_group}' is configured to map to discourse_group '#{discourse_group}' but this does not seem to exist")
next
end
result = actual_group.add(user)
Rails.logger.debug("DEBUG: user_crowd_group '#{user_crowd_group}' mapped to discourse_group '#{discourse_group}' added to user '#{user.username}'") if result && SiteSetting.crowd_verbose_log
}
end
}
end
check_groups.keys.each { |discourse_group|
actual_group = Group.find_by(name: discourse_group)
next unless actual_group
next if actual_group.automatic # skip if it's an auto_group
next if check_groups[discourse_group] > 0
result = actual_group.remove(user)
Rails.logger.warn("DEBUG: User '#{user.username}' removed from discourse_group '#{discourse_group}'") if result && SiteSetting.crowd_verbose_log
}
end
end
# this is mode where when the user will create an account locally in the discourse,
# not using any provider, then the account won't be accessible by the crowd authentication method,
# that means you cannot log in by crowd in locally created account
class CrowdAuthenticatorModeSeparated < CrowdAuthenticatorMode
def after_authenticate(auth)
result = Auth::Result.new
uid = auth[:uid]
result.name = auth[:info].name
result.username = uid
result.email = auth[:info].email
# Allow setting to decide whether to validate email or not. Some Jira setups don't.
result.email_valid = SiteSetting.crowd_validate_email
current_info = ::PluginStore.get("crowd", "crowd_user_#{uid}")
if current_info
result.user = User.where(id: current_info[:user_id]).first
end
# If no link exists try by email
result.user ||= User.find_by_email(result.email)
set_groups(result.user, auth) if result.user
result.extra_data = { crowd_user_id: uid }
result
end
def after_create_account(user, auth)
::PluginStore.set("crowd", "crowd_user_#{auth[:extra_data][:crowd_user_id]}", user_id: user.id)
set_groups(user, auth)
end
def set_groups(user, auth)
super(user, auth)
end
end
# mode of authentication, where user can access the locally created account with the
# crowd authentication method, is the opposity of `separated`
class CrowdAuthenticatorModeMixed < CrowdAuthenticatorMode
def after_authenticate(auth)
crowd_uid = auth[:uid]
crowd_info = auth[:info]
result = Auth::Result.new
# Allow setting to decide whether to validate email or not. Some Jira setups don't.
result.email_valid = SiteSetting.crowd_validate_email
result.user = User.where(username: crowd_uid).first
if (!result.user)
result.user = User.new
result.user.name = crowd_info.name
result.user.username = crowd_uid
result.user.email = crowd_info.email
result.user.save
end
set_groups(user, auth)
result
end
def after_create_account(user, auth)
set_groups(user, auth)
end
def set_groups(user, auth)
super(user, auth)
end
end
class CrowdAuthenticator < ::Auth::OAuth2Authenticator
def register_middleware(omniauth)
return unless GlobalSetting.try(:crowd_server_url).present?
OmniAuth::Strategies::Crowd.class_eval do
def get_credentials
if defined?(CSRFTokenVerifier) &&
CSRFTokenVerifier.method_defined?(:form_authenticity_token)
token = begin
verifier = CSRFTokenVerifier.new
verifier.call(env)
verifier.form_authenticity_token
end
end
if (defined? GlobalSetting.crowd_custom_css)
if (defined? GlobalSetting.crowd_css_replace) && "true" == GlobalSetting.crowd_css_replace
OmniAuth.config.form_css = GlobalSetting.crowd_custom_css
else
OmniAuth.config.form_css << GlobalSetting.crowd_custom_css
end
end
OmniAuth::Form.build(title: (GlobalSetting.try(:crowd_popup_title) || GlobalSetting.try(:crowd_title) || "Crowd Authentication")) do
text_field 'Username', 'username'
password_field 'Password', 'password'
html "\n<input type='hidden' name='authenticity_token' value='#{token}'/>" if token
button 'Login'
if GlobalSetting.respond_to?(:crowd_custom_html)
html GlobalSetting.crowd_custom_html
end
end.to_response
end
end
omniauth.provider :crowd,
name: 'crowd',
crowd_server_url: GlobalSetting.try(:crowd_server_url),
application_name: GlobalSetting.try(:crowd_application_name),
application_password: GlobalSetting.try(:crowd_application_password)
end
def initialize(provider)
super(provider)
if (defined? GlobalSetting.crowd_plugin_mode) && "mixed" == GlobalSetting.crowd_plugin_mode
@mode = CrowdAuthenticatorModeMixed.new
else
@mode = CrowdAuthenticatorModeSeparated.new
end
end
def after_authenticate(auth)
if SiteSetting.crowd_verbose_log
Rails.logger.warn("Crowd verbose log:\n #{auth.inspect}")
end
@mode.after_authenticate(auth)
end
def after_create_account(user, auth)
@mode.after_create_account(user, auth)
end
def enabled?
true
end
end
auth_provider title: GlobalSetting.try(:crowd_title),
authenticator: CrowdAuthenticator.new('crowd')