redmine_oauth_controller.rb 3.04 KB
Newer Older
1 2 3 4
require 'account_controller'
require 'json'

class RedmineOauthController < AccountController
5
  include Helpers::MailHelper
6
  include Helpers::Checker
root's avatar
finish  
root committed
7 8
  def oauth_myecp
    if Setting.plugin_redmine_omniauth_myecp[:oauth_authentification]
Dmitriy Brodnitskiy's avatar
Dmitriy Brodnitskiy committed
9
      session[:back_url] = params[:back_url]
root's avatar
finish  
root committed
10
      redirect_to oauth_client.auth_code.authorize_url(:redirect_uri => oauth_myecp_callback_url, :scope => scopes, :state => 'okok')
Дмитрий Коваленок's avatar
testing  
Дмитрий Коваленок committed
11 12 13
    else
      password_authentication
    end
14 15
  end

root's avatar
finish  
root committed
16
  def oauth_myecp_callback
17 18 19 20
    if params[:error]
      flash[:error] = l(:notice_access_denied)
      redirect_to signin_path
    else
root's avatar
finish  
root committed
21 22
      token = oauth_client.auth_code.get_token(params[:code], :redirect_uri => oauth_myecp_callback_url, :state => 'okok')
      result = token.get('https://my.ecp.fr/m')
23
      info = JSON.parse(result.body)
Paul des Garets's avatar
Paul des Garets committed
24
      if info
root's avatar
finish  
root committed
25 26 27 28 29
        allowed_domain = allowed_domain_for?(info["mail"])
        for mail in info["other_mails"]
          allowed_domain ||= allowed_domain_for?(mail)
        end
        if allowed_domain
30 31 32 33 34
          try_to_login info
        else
          flash[:error] = l(:notice_domain_not_allowed, :domain => parse_email(info["email"])[:domain])
          redirect_to signin_path
        end
35
      else
root's avatar
finish  
root committed
36
        flash[:error] = l(:notice_unable_to_obtain_myecp_credentials)
37 38 39 40
        redirect_to signin_path
      end
    end
  end
41

42
  def try_to_login info
root's avatar
finish  
root committed
43 44 45 46 47 48 49
    params[:back_url] = session[:back_url]
    session.delete(:back_url)
    for mail in info["other_mails"]+[info["mail"]]
      user = User.find_by_mail mail
      break if user.is_a? User
    end
    user = User.initialize unless user.is_a? User
50 51 52 53
    if user.new_record?
      # Self-registration off
      redirect_to(home_url) && return unless Setting.self_registration?
      # Create on the fly
root's avatar
finish  
root committed
54 55 56 57
      user.firstname = info['first_name']
      user.lastname = info['last_name']
      user.mail = info['mail']
      user.login = info['login']
58 59 60
      user.random_password
      user.register
      case Setting.self_registration
root's avatar
finish  
root committed
61 62 63 64 65 66 67 68 69 70 71 72
        when '1'
          register_by_email_activation(user) do
            onthefly_creation_failed(user)
          end
        when '3'
          register_automatically(user) do
            onthefly_creation_failed(user)
          end
        else
          register_manually_by_administrator(user) do
            onthefly_creation_failed(user)
          end
73 74
      end
    else
75 76 77 78
      # Existing record
      if user.active?
        successful_authentication(user)
      else
79 80 81 82 83 84 85
        # Redmine 2.4 adds an argument to account_pending
        if Redmine::VERSION::MAJOR > 2 or
          (Redmine::VERSION::MAJOR == 2 and Redmine::VERSION::MINOR >= 4)
          account_pending(user)
        else
          account_pending
        end
86
      end
87 88 89 90 91
    end
  end

  def oauth_client
    @client ||= OAuth2::Client.new(settings[:client_id], settings[:client_secret],
root's avatar
finish  
root committed
92
      :site => 'https://my.ecp.fr',
Paul des Garets's avatar
Paul des Garets committed
93 94
      :authorize_url => '/oauth/v2/auth',
      :token_url => '/oauth/v2/token')
95 96 97
  end

  def settings
root's avatar
finish  
root committed
98
    @settings ||= Setting.plugin_redmine_omniauth_myecp
99 100 101
  end

  def scopes
Paul des Garets's avatar
Paul des Garets committed
102
    'default_scope'
103
  end
Vasily Gotovko's avatar
Vasily Gotovko committed
104
end