Skip to content
Snippets Groups Projects
Commit 507dda03 authored by Dmitry Kovalenok's avatar Dmitry Kovalenok
Browse files

domain checking implementation

parent 9102fe84
No related branches found
No related tags found
No related merge requests found
......@@ -3,6 +3,7 @@ require 'json'
class RedmineOauthController < AccountController
include Helpers::MailHelper
include Helpers::Checker
def oauth_google
if Setting.plugin_redmine_omniauth_google[:oauth_authentification]
redirect_to oauth_client.auth_code.authorize_url(redirect_uri: oauth_google_callback_url, scope: scopes)
......@@ -16,6 +17,19 @@ class RedmineOauthController < AccountController
result = token.get('https://www.googleapis.com/oauth2/v1/userinfo')
info = JSON.parse(result.body)
if info && info["verified_email"]
if allowed_domain_for?(info["email"])
try_to_login info
else
flash[:error] = l(:notice_domain_not_allowed, domain: parse_email(info["email"])[:domain])
redirect_to signin_path
end
else
flash[:error] = l(:notice_unable_to_obtain_google_credentials)
redirect_to signin_path
end
end
def try_to_login info
user = User.find_or_initialize_by_mail(info["email"])
if user.new_record?
# Self-registration off
......@@ -25,7 +39,7 @@ class RedmineOauthController < AccountController
user.firstname ||= info[:given_name]
user.lastname ||= info[:family_name]
user.mail = info["email"]
user.login = email_prefix(info["email"])
user.login = parse_email(info["email"])[:login]
user.login ||= [user.firstname, user.lastname]*"."
user.random_password
user.register
......@@ -52,10 +66,6 @@ class RedmineOauthController < AccountController
account_pending
end
end
else
flash[:error] = l(:notice_unable_to_obtain_google_credentials)
redirect_to signin_path
end
end
def oauth_client
......
<%= stylesheet_link_tag 'buttons', plugin: 'redmine_omniauth_google' %>
<% if Setting.plugin_redmine_omniauth_google[:oauth_authentification] %>
<%= link_to image_tag('/plugin_assets/redmine_omniauth_google/images/google_login_icon.jpg'), oauth_google_path %>
<%= link_to oauth_google_path do %>
<%= button_tag class: 'button-login' do %>
<%= image_tag('/plugin_assets/redmine_omniauth_google/images/google_login_icon.jpg', class: 'button-login-icon', alt: l(:login_via_google)) %>
<%= content_tag :div, 'Login_via_google', class: 'button-login-text' %>
<% end %>
<% end %>
<% end %>
\ No newline at end of file
......@@ -6,6 +6,10 @@
<label>Client Secret:</label>
<%= text_field_tag 'settings[client_secret]', @settings[:client_secret] %>
</p>
<p>
<label>Available domains</label>
<%= text_area_tag "settings[allowed_domains]", @settings[:allowed_domains], rows: 5 %>
</p>
<p>
<label>Oauth authentification:</label>
<%= check_box_tag "settings[oauth_authentification]", true, @settings[:oauth_authentification] %>
......
assets/images/google_login_icon.jpg

2.21 KiB | W: | H:

assets/images/google_login_icon.jpg

3.15 KiB | W: | H:

assets/images/google_login_icon.jpg
assets/images/google_login_icon.jpg
assets/images/google_login_icon.jpg
assets/images/google_login_icon.jpg
  • 2-up
  • Swipe
  • Onion skin
.button-login {
position: absolute;
left: 40%;
display: inline-block;
border: 1px solid #999;
border-radius: 2px;
margin-top: 5px;
width: 135px;
height: 25px;
padding: 0;
}
.button-login-icon {
float: left;
height: 25px;
}
.button-login-text {
line-height: 21px;
background-image: -webkit-linear-gradient(bottom, #ddd, white);
font-size: 12px;
}
\ No newline at end of file
# English strings go here for Rails i18n
en:
notice_unable_to_obtain_google_credentials: "Unable to obtain credentials from Google. You have not yet registered."
\ No newline at end of file
notice_unable_to_obtain_google_credentials: "Unable to obtain credentials from Google."
notice_domain_not_allowed: "You can not login using %{domain} domain."
login_via_google: "Login via Google"
\ No newline at end of file
ru:
notice_unable_to_obtain_google_credentials: "Не удалось получить данные от Google."
notice_domain_not_allowed: "Вы не можете войти в систему при помощи домена %{domain}."
login_via_google: "Войти с Google"
\ No newline at end of file
......@@ -10,5 +10,8 @@ Redmine::Plugin.register :redmine_omniauth_google do
author_url 'https://tsdv.net/redmine/users/105'
settings default: {
client_id: '214698823792.apps.googleusercontent.com',
client_secret: 'M0HJPMypEgrDAKKHGiP6Y2R-', oauth_autentification: false}, partial: 'settings/google_settings'
client_secret: 'M0HJPMypEgrDAKKHGiP6Y2R-',
oauth_autentification: false,
allowed_domains: ""
}, partial: 'settings/google_settings'
end
\ No newline at end of file
module Helpers
module Checker
def allowed_domain_for? email
allowed_domains = Setting.plugin_redmine_omniauth_google[:allowed_domains]
return unless allowed_domains
allowed_domains = allowed_domains.split
return true if allowed_domains.empty?
allowed_domains.index(parse_email(email)[:domain])
end
end
end
\ No newline at end of file
module Helpers
module MailHelper
def email_prefix email
prefix = email.match(/(.+?)@/) if email
prefix[1] if prefix
def parse_email email
email_data = email && email.is_a?(String) ? email.match(/(.*?)@(.*)/) : nil
{login: email_data[1], domain: email_data[2]} if email_data
end
end
end
\ No newline at end of file
......@@ -61,7 +61,7 @@ class RedmineOauthControllerTest < ActionController::TestCase
assert_redirected_to controller: 'my', action: 'account'
user = User.find_by_mail(@default_response_body[:email])
assert_equal user.mail, @default_response_body[:email]
assert_equal user.login, email_prefix(@default_response_body[:email])
assert_equal user.login, parse_email(@default_response_body[:email])[:login]
end
def test_oauth_google_callback_for_new_user_with_valid_credentials_and_sefregistration_disabled
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment