Skip to content
Snippets Groups Projects
Unverified Commit 616a3c64 authored by Sébastien Gaya's avatar Sébastien Gaya
Browse files

sso context

parent 601f99bd
No related branches found
No related tags found
No related merge requests found
class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
# include Users::AddBrandToRequestParams
# include Users::LayoutChoice
# include I18nHelper
protect_from_forgery except: :saml
before_action :redirect_unless_university_has_sso
skip_before_action :verify_authenticity_token, only: :saml
......@@ -23,9 +18,9 @@ class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
def saml_setup
# SAML config is stored in current brand
request.env['omniauth.strategy'].options[:issuer] = "#{user_saml_omniauth_authorize_url}/metadata"
request.env['omniauth.strategy'].options[:idp_sso_target_url] = current_university.sso_target_url
request.env['omniauth.strategy'].options[:idp_cert] = current_university.sso_cert
request.env['omniauth.strategy'].options[:name_identifier_format] = current_university.sso_name_identifier_format
request.env['omniauth.strategy'].options[:idp_sso_target_url] = current_context.sso_target_url
request.env['omniauth.strategy'].options[:idp_cert] = current_context.sso_cert
request.env['omniauth.strategy'].options[:name_identifier_format] = current_context.sso_name_identifier_format
render plain: "Omniauth SAML setup phase.", status: 404
end
......@@ -33,7 +28,7 @@ class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
private
def manage_user(user_infos)
@user = User.from_omniauth(current_university, user_infos)
@user = User.from_omniauth(current_context, user_infos)
if @user&.persisted?
@user.remember_me = true
......@@ -45,6 +40,6 @@ class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
end
def redirect_unless_university_has_sso
redirect_to root_path and return unless current_university.has_sso?
redirect_to root_path and return unless current_context.has_sso?
end
end
......@@ -18,6 +18,28 @@ module University::WithSso
super(value)
end
def sso_cert
sso_inherit_from_university? ? university.sso_cert : @sso_cert
end
def sso_mapping
sso_inherit_from_university? ? university.sso_mapping : @sso_mapping
end
def sso_name_identifier_format
sso_inherit_from_university? ? university.sso_name_identifier_format : @sso_name_identifier_format
end
def sso_provider
sso_inherit_from_university? ? university.sso_provider : @sso_provider
end
def sso_target_url
sso_inherit_from_university? ? university.sso_target_url : @sso_target_url
end
private
def sso_mapping_should_have_email
errors.add(:sso_mapping, :missing_email) unless (sso_mapping || []).detect { |sso_item| sso_item['internal_key'] == 'email' }
end
......
......@@ -3,8 +3,9 @@ module User::WithOmniauth
included do
def self.from_omniauth(university, attributes)
mapping = university.sso_mapping || []
def self.from_omniauth(context, attributes)
mapping = context.sso_mapping || []
university = context.is_a?(University) ? context : context.university
# first step: we find the email (we are supposed to have an email mapping)
email = get_email_from_mapping(mapping, attributes)
......@@ -12,6 +13,7 @@ module User::WithOmniauth
user = User.where(university: university, email: email.downcase).first_or_create do |u|
u.password = "#{Devise.friendly_token[0,20]}!" # meets password complexity requirements
u.registration_context = context
end
# update user data according to mapping & infos provided by SSO
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment