parent
8fa924e372
commit
e668180044
|
@ -153,6 +153,10 @@ STREAMING_CLUSTER_NUM=1
|
||||||
# Name of the pam service used for checking if an user can register (pam "account" section is evaluated)
|
# Name of the pam service used for checking if an user can register (pam "account" section is evaluated)
|
||||||
# PAM_CONTROLLED_SERVICE=rpam
|
# PAM_CONTROLLED_SERVICE=rpam
|
||||||
|
|
||||||
|
# Global OAuth settings (optional) :
|
||||||
|
# If you have only one strategy, you may want to enable this
|
||||||
|
# OAUTH_REDIRECT_AT_SIGN_IN=true
|
||||||
|
|
||||||
# Optional CAS authentication (cf. omniauth-cas) :
|
# Optional CAS authentication (cf. omniauth-cas) :
|
||||||
# CAS_ENABLED=true
|
# CAS_ENABLED=true
|
||||||
# CAS_URL=https://sso.myserver.com/
|
# CAS_URL=https://sso.myserver.com/
|
||||||
|
|
|
@ -10,6 +10,15 @@ class Auth::SessionsController < Devise::SessionsController
|
||||||
prepend_before_action :authenticate_with_two_factor, if: :two_factor_enabled?, only: [:create]
|
prepend_before_action :authenticate_with_two_factor, if: :two_factor_enabled?, only: [:create]
|
||||||
before_action :set_instance_presenter, only: [:new]
|
before_action :set_instance_presenter, only: [:new]
|
||||||
|
|
||||||
|
def new
|
||||||
|
Devise.omniauth_configs.each do |provider, config|
|
||||||
|
if config.strategy.redirect_at_sign_in
|
||||||
|
return redirect_to(omniauth_authorize_path(resource_name, provider))
|
||||||
|
end
|
||||||
|
end
|
||||||
|
super
|
||||||
|
end
|
||||||
|
|
||||||
def create
|
def create
|
||||||
super do |resource|
|
super do |resource|
|
||||||
remember_me(resource)
|
remember_me(resource)
|
||||||
|
|
|
@ -53,7 +53,8 @@ module Omniauthable
|
||||||
private
|
private
|
||||||
|
|
||||||
def user_params_from_auth(auth)
|
def user_params_from_auth(auth)
|
||||||
assume_verified = Devise.omniauth_configs[:saml].strategy.security.assume_email_is_verified
|
strategy = Devise.omniauth_configs[auth.provider.to_sym].strategy
|
||||||
|
assume_verified = strategy.try(:security).try(:assume_email_is_verified)
|
||||||
email_is_verified = auth.info.verified || auth.info.verified_email || assume_verified
|
email_is_verified = auth.info.verified || auth.info.verified_email || assume_verified
|
||||||
email = auth.info.verified_email || auth.info.email
|
email = auth.info.verified_email || auth.info.email
|
||||||
email = email_is_verified && !User.exists?(email: auth.info.email) && email
|
email = email_is_verified && !User.exists?(email: auth.info.email) && email
|
||||||
|
|
|
@ -4,10 +4,12 @@ end
|
||||||
|
|
||||||
Devise.setup do |config|
|
Devise.setup do |config|
|
||||||
# Devise omniauth strategies
|
# Devise omniauth strategies
|
||||||
|
options = {}
|
||||||
|
options[:redirect_at_sign_in] = ENV['OAUTH_REDIRECT_AT_SIGN_IN'] == 'true'
|
||||||
|
|
||||||
# CAS strategy
|
# CAS strategy
|
||||||
if ENV['CAS_ENABLED'] == 'true'
|
if ENV['CAS_ENABLED'] == 'true'
|
||||||
cas_options = {}
|
cas_options = options
|
||||||
cas_options[:url] = ENV['CAS_URL'] if ENV['CAS_URL']
|
cas_options[:url] = ENV['CAS_URL'] if ENV['CAS_URL']
|
||||||
cas_options[:host] = ENV['CAS_HOST'] if ENV['CAS_HOST']
|
cas_options[:host] = ENV['CAS_HOST'] if ENV['CAS_HOST']
|
||||||
cas_options[:port] = ENV['CAS_PORT'] if ENV['CAS_PORT']
|
cas_options[:port] = ENV['CAS_PORT'] if ENV['CAS_PORT']
|
||||||
|
@ -18,7 +20,7 @@ Devise.setup do |config|
|
||||||
cas_options[:login_url] = ENV['CAS_LOGIN_URL'] if ENV['CAS_LOGIN_URL']
|
cas_options[:login_url] = ENV['CAS_LOGIN_URL'] if ENV['CAS_LOGIN_URL']
|
||||||
cas_options[:uid_field] = ENV['CAS_UID_FIELD'] || 'user' if ENV['CAS_UID_FIELD']
|
cas_options[:uid_field] = ENV['CAS_UID_FIELD'] || 'user' if ENV['CAS_UID_FIELD']
|
||||||
cas_options[:ca_path] = ENV['CAS_CA_PATH'] if ENV['CAS_CA_PATH']
|
cas_options[:ca_path] = ENV['CAS_CA_PATH'] if ENV['CAS_CA_PATH']
|
||||||
cas_options[:disable_ssl_verification] = ENV['CAS_DISABLE_SSL_VERIFICATION'] == 'true' if ENV['CAS_DISABLE_SSL_VERIFICATION']
|
cas_options[:disable_ssl_verification] = ENV['CAS_DISABLE_SSL_VERIFICATION'] == 'true'
|
||||||
cas_options[:uid_key] = ENV['CAS_UID_KEY'] || 'user'
|
cas_options[:uid_key] = ENV['CAS_UID_KEY'] || 'user'
|
||||||
cas_options[:name_key] = ENV['CAS_NAME_KEY'] || 'name'
|
cas_options[:name_key] = ENV['CAS_NAME_KEY'] || 'name'
|
||||||
cas_options[:email_key] = ENV['CAS_EMAIL_KEY'] || 'email'
|
cas_options[:email_key] = ENV['CAS_EMAIL_KEY'] || 'email'
|
||||||
|
@ -33,7 +35,7 @@ Devise.setup do |config|
|
||||||
|
|
||||||
# SAML strategy
|
# SAML strategy
|
||||||
if ENV['SAML_ENABLED'] == 'true'
|
if ENV['SAML_ENABLED'] == 'true'
|
||||||
saml_options = {}
|
saml_options = options
|
||||||
saml_options[:assertion_consumer_service_url] = ENV['SAML_ACS_URL'] if ENV['SAML_ACS_URL']
|
saml_options[:assertion_consumer_service_url] = ENV['SAML_ACS_URL'] if ENV['SAML_ACS_URL']
|
||||||
saml_options[:issuer] = ENV['SAML_ISSUER'] if ENV['SAML_ISSUER']
|
saml_options[:issuer] = ENV['SAML_ISSUER'] if ENV['SAML_ISSUER']
|
||||||
saml_options[:idp_sso_target_url] = ENV['SAML_IDP_SSO_TARGET_URL'] if ENV['SAML_IDP_SSO_TARGET_URL']
|
saml_options[:idp_sso_target_url] = ENV['SAML_IDP_SSO_TARGET_URL'] if ENV['SAML_IDP_SSO_TARGET_URL']
|
||||||
|
|
Reference in New Issue