redmine_oauth_controller.rb 3.03 KB
Newer Older
1 2 3 4
require 'account_controller'
require 'json'

class RedmineOauthController < AccountController
5
  include Helpers::MailHelper
6
  include Helpers::Checker
7
  def oauth_google
8
    if Setting.plugin_redmine_omniauth_google[:oauth_authentification]
Dmitriy Brodnitskiy's avatar
Dmitriy Brodnitskiy committed
9
      session[:back_url] = params[:back_url]
Vasily Gotovko's avatar
Vasily Gotovko committed
10
      redirect_to oauth_client.auth_code.authorize_url(:redirect_uri => oauth_google_callback_url, :scope => scopes)
Дмитрий Коваленок's avatar
testing  
Дмитрий Коваленок committed
11 12 13
    else
      password_authentication
    end
14 15 16
  end

  def oauth_google_callback
17 18 19 20 21 22 23 24 25 26 27 28 29 30
    if params[:error]
      flash[:error] = l(:notice_access_denied)
      redirect_to signin_path
    else
      token = oauth_client.auth_code.get_token(params[:code], :redirect_uri => oauth_google_callback_url)
      result = token.get('https://www.googleapis.com/oauth2/v1/userinfo')
      info = JSON.parse(result.body)
      if info && info["verified_email"]
        if allowed_domain_for?(info["email"])
          try_to_login info
        else
          flash[:error] = l(:notice_domain_not_allowed, :domain => parse_email(info["email"])[:domain])
          redirect_to signin_path
        end
31
      else
32
        flash[:error] = l(:notice_unable_to_obtain_google_credentials)
33 34 35 36
        redirect_to signin_path
      end
    end
  end
37

38
  def try_to_login info
Dmitriy Brodnitskiy's avatar
Dmitriy Brodnitskiy committed
39 40
   params[:back_url] = session[:back_url]
   session.delete(:back_url)
41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62
   user = User.find_or_initialize_by_mail(info["email"])
    if user.new_record?
      # Self-registration off
      redirect_to(home_url) && return unless Setting.self_registration?
      # Create on the fly
      user.firstname, user.lastname = info["name"].split(' ') unless info['name'].nil?
      user.firstname ||= info[:given_name]
      user.lastname ||= info[:family_name]
      user.mail = info["email"]
      user.login = parse_email(info["email"])[:login]
      user.login ||= [user.firstname, user.lastname]*"."
      user.random_password
      user.register

      case Setting.self_registration
      when '1'
        register_by_email_activation(user) do
          onthefly_creation_failed(user)
        end
      when '3'
        register_automatically(user) do
          onthefly_creation_failed(user)
63 64
        end
      else
65 66
        register_manually_by_administrator(user) do
          onthefly_creation_failed(user)
67 68 69
        end
      end
    else
70 71 72 73
      # Existing record
      if user.active?
        successful_authentication(user)
      else
74 75 76 77 78 79 80
        # Redmine 2.4 adds an argument to account_pending
        if Redmine::VERSION::MAJOR > 2 or
          (Redmine::VERSION::MAJOR == 2 and Redmine::VERSION::MINOR >= 4)
          account_pending(user)
        else
          account_pending
        end
81
      end
82 83 84 85 86
    end
  end

  def oauth_client
    @client ||= OAuth2::Client.new(settings[:client_id], settings[:client_secret],
Vasily Gotovko's avatar
Vasily Gotovko committed
87 88 89
      :site => 'https://accounts.google.com',
      :authorize_url => '/o/oauth2/auth',
      :token_url => '/o/oauth2/token')
90 91 92 93 94 95 96 97 98
  end

  def settings
    @settings ||= Setting.plugin_redmine_omniauth_google
  end

  def scopes
    'https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile'
  end
Vasily Gotovko's avatar
Vasily Gotovko committed
99
end