sso context

616a3c64 · Sébastien Gaya · 601f99bd · 616a3c64 · 616a3c64 · 616a3c64
Unverified Commit 616a3c64 authored 2 years ago by Sébastien Gaya
--- a/app/controllers/users/omniauth_callbacks_controller.rb
+++ b/app/controllers/users/omniauth_callbacks_controller.rb
 class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
-  # include Users::AddBrandToRequestParams
-  # include Users::LayoutChoice
-  # include I18nHelper
-
-
  protect_from_forgery except: :saml
  before_action :redirect_unless_university_has_sso
  skip_before_action :verify_authenticity_token, only: :saml
@@ -23,9 +18,9 @@ class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
  def saml_setup
    # SAML config is stored in current brand
    request.env['omniauth.strategy'].options[:issuer] = "#{user_saml_omniauth_authorize_url}/metadata"
-    request.env['omniauth.strategy'].options[:idp_sso_target_url] = current_university.sso_target_url
-    request.env['omniauth.strategy'].options[:idp_cert] = current_university.sso_cert
-    request.env['omniauth.strategy'].options[:name_identifier_format] = current_university.sso_name_identifier_format
+    request.env['omniauth.strategy'].options[:idp_sso_target_url] = current_context.sso_target_url
+    request.env['omniauth.strategy'].options[:idp_cert] = current_context.sso_cert
+    request.env['omniauth.strategy'].options[:name_identifier_format] = current_context.sso_name_identifier_format

    render plain: "Omniauth SAML setup phase.", status: 404
  end
@@ -33,7 +28,7 @@ class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
  private

  def manage_user(user_infos)
-    @user = User.from_omniauth(current_university, user_infos)
+    @user = User.from_omniauth(current_context, user_infos)

    if @user&.persisted?
      @user.remember_me = true
@@ -45,6 +40,6 @@ class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
  end

  def redirect_unless_university_has_sso
-    redirect_to root_path and return unless current_university.has_sso?
+    redirect_to root_path and return unless current_context.has_sso?
  end
 end
--- a/app/models/university/with_sso.rb
+++ b/app/models/university/with_sso.rb
@@ -18,6 +18,28 @@ module University::WithSso
    super(value)
  end

+  def sso_cert
+    sso_inherit_from_university? ? university.sso_cert : @sso_cert
+  end
+
+  def sso_mapping
+    sso_inherit_from_university? ? university.sso_mapping : @sso_mapping
+  end
+
+  def sso_name_identifier_format
+    sso_inherit_from_university? ? university.sso_name_identifier_format : @sso_name_identifier_format
+  end
+
+  def sso_provider
+    sso_inherit_from_university? ? university.sso_provider : @sso_provider
+  end
+
+  def sso_target_url
+    sso_inherit_from_university? ? university.sso_target_url : @sso_target_url
+  end
+
+  private
+
  def sso_mapping_should_have_email
    errors.add(:sso_mapping, :missing_email) unless (sso_mapping || []).detect { |sso_item| sso_item['internal_key'] == 'email' }
  end

--- a/app/models/user/with_omniauth.rb
+++ b/app/models/user/with_omniauth.rb
@@ -3,8 +3,9 @@ module User::WithOmniauth

  included do

-    def self.from_omniauth(university, attributes)
-      mapping = university.sso_mapping || []
+    def self.from_omniauth(context, attributes)
+      mapping = context.sso_mapping || []
+      university = context.is_a?(University) ? context : context.university

      # first step: we find the email (we are supposed to have an email mapping)
      email = get_email_from_mapping(mapping, attributes)
@@ -12,6 +13,7 @@ module User::WithOmniauth

      user = User.where(university: university, email: email.downcase).first_or_create do |u|
        u.password = "#{Devise.friendly_token[0,20]}!" # meets password complexity requirements
+        u.registration_context = context
      end

      # update user data according to mapping & infos provided by SSO