domain checking implementation

app/controllers/redmine_oauth_controller.rb

@@ -3,6 +3,7 @@ require 'json'
 
 class RedmineOauthController < AccountController
   include Helpers::MailHelper
+  include Helpers::Checker
   def oauth_google
     if Setting.plugin_redmine_omniauth_google[:oauth_authentification]
       redirect_to oauth_client.auth_code.authorize_url(redirect_uri: oauth_google_callback_url, scope: scopes)
@@ -16,6 +17,19 @@ class RedmineOauthController < AccountController
     result = token.get('https://www.googleapis.com/oauth2/v1/userinfo')
     info = JSON.parse(result.body)
     if info && info["verified_email"]
+      if allowed_domain_for?(info["email"])
+        try_to_login info
+      else
+        flash[:error] = l(:notice_domain_not_allowed, domain: parse_email(info["email"])[:domain])
+        redirect_to signin_path
+      end
+    else
+      flash[:error] = l(:notice_unable_to_obtain_google_credentials)
+      redirect_to signin_path
+    end
+  end
+
+  def try_to_login info
    user = User.find_or_initialize_by_mail(info["email"])
     if user.new_record?
       # Self-registration off
@@ -25,7 +39,7 @@ class RedmineOauthController < AccountController
       user.firstname ||= info[:given_name]
       user.lastname ||= info[:family_name]
       user.mail = info["email"]
-        user.login = email_prefix(info["email"])
+      user.login = parse_email(info["email"])[:login]
       user.login ||= [user.firstname, user.lastname]*"."
       user.random_password
       user.register
@@ -52,10 +66,6 @@ class RedmineOauthController < AccountController
         account_pending
       end
     end
-    else
-      flash[:error] = l(:notice_unable_to_obtain_google_credentials)
-      redirect_to signin_path
-    end
   end
 
   def oauth_client

app/views/hooks/_view_account_login_bottom.html.erb

+<%= stylesheet_link_tag 'buttons', plugin: 'redmine_omniauth_google' %>
+
 <% if Setting.plugin_redmine_omniauth_google[:oauth_authentification] %>
-  <%= link_to image_tag('/plugin_assets/redmine_omniauth_google/images/google_login_icon.jpg'), oauth_google_path %>
+  <%= link_to oauth_google_path do %>
+    <%= button_tag class: 'button-login' do %>
+      <%= image_tag('/plugin_assets/redmine_omniauth_google/images/google_login_icon.jpg', class: 'button-login-icon', alt: l(:login_via_google)) %>
+      <%= content_tag :div, 'Login_via_google', class: 'button-login-text' %>
+    <% end %>
+  <% end %>
 <% end %>
\ No newline at end of file

app/views/settings/_google_settings.html.erb

@@ -6,6 +6,10 @@
   <label>Client Secret:</label>
   <%= text_field_tag 'settings[client_secret]', @settings[:client_secret] %>
 </p>
+<p>
+  <label>Available domains</label>
+  <%= text_area_tag "settings[allowed_domains]", @settings[:allowed_domains], rows: 5 %>
+</p>
 <p>
   <label>Oauth authentification:</label>
   <%= check_box_tag "settings[oauth_authentification]", true, @settings[:oauth_authentification] %>

assets/stylesheets/buttons.css

+.button-login {
+  position: absolute;
+  left: 40%;
+  display: inline-block;
+  border: 1px solid #999;
+  border-radius: 2px;
+  margin-top: 5px;
+  width: 135px;
+  height: 25px;
+  padding: 0;
+}
+
+.button-login-icon {
+  float: left;
+  height: 25px;
+}
+
+.button-login-text {
+  line-height: 21px;
+  background-image: -webkit-linear-gradient(bottom, #ddd, white);
+  font-size: 12px;
+}
\ No newline at end of file

config/locales/en.yml

 # English strings go here for Rails i18n
 en:
-  notice_unable_to_obtain_google_credentials: "Unable to obtain credentials from Google. You have not yet registered."
\ No newline at end of file
+  notice_unable_to_obtain_google_credentials: "Unable to obtain credentials from Google."
+  notice_domain_not_allowed: "You can not login using %{domain} domain."
+  login_via_google: "Login via Google"
\ No newline at end of file

config/locales/ru.yml

+ru:
+  notice_unable_to_obtain_google_credentials: "Не удалось получить данные от Google."
+  notice_domain_not_allowed: "Вы не можете войти в систему при помощи домена %{domain}."
+  login_via_google: "Войти с Google"
\ No newline at end of file

init.rb

@@ -10,5 +10,8 @@ Redmine::Plugin.register :redmine_omniauth_google do
   author_url 'https://tsdv.net/redmine/users/105'
   settings default: {
     client_id: '214698823792.apps.googleusercontent.com',
-    client_secret: 'M0HJPMypEgrDAKKHGiP6Y2R-', oauth_autentification: false}, partial: 'settings/google_settings'
+    client_secret: 'M0HJPMypEgrDAKKHGiP6Y2R-',
+    oauth_autentification: false,
+    allowed_domains: ""
+  }, partial: 'settings/google_settings'
 end
\ No newline at end of file

lib/helpers/checker.rb

+module Helpers
+  module Checker
+    def allowed_domain_for? email
+      allowed_domains = Setting.plugin_redmine_omniauth_google[:allowed_domains]
+      return unless allowed_domains
+      allowed_domains = allowed_domains.split
+      return true if allowed_domains.empty?
+      allowed_domains.index(parse_email(email)[:domain])
+    end
+  end
+end
\ No newline at end of file

lib/helpers/mail_helper.rb

 module Helpers
   module MailHelper
-    def email_prefix email
-      prefix = email.match(/(.+?)@/) if email
-      prefix[1] if prefix
+    def parse_email email
+      email_data = email && email.is_a?(String) ? email.match(/(.*?)@(.*)/) : nil
+      {login: email_data[1], domain: email_data[2]} if email_data
     end
   end
 end
\ No newline at end of file

test/functional/redmine_oauth_controller_test.rb

@@ -61,7 +61,7 @@ class RedmineOauthControllerTest < ActionController::TestCase
     assert_redirected_to controller: 'my', action: 'account'
     user = User.find_by_mail(@default_response_body[:email])
     assert_equal user.mail, @default_response_body[:email]
-    assert_equal user.login, email_prefix(@default_response_body[:email])
+    assert_equal user.login, parse_email(@default_response_body[:email])[:login]
   end
 
   def test_oauth_google_callback_for_new_user_with_valid_credentials_and_sefregistration_disabled