Commit 507dda03 authored by Dmitry Kovalenok's avatar Dmitry Kovalenok

domain checking implementation

parent 9102fe84
......@@ -3,6 +3,7 @@ require 'json'
class RedmineOauthController < AccountController
include Helpers::MailHelper
include Helpers::Checker
def oauth_google
if Setting.plugin_redmine_omniauth_google[:oauth_authentification]
redirect_to oauth_client.auth_code.authorize_url(redirect_uri: oauth_google_callback_url, scope: scopes)
......@@ -16,45 +17,54 @@ class RedmineOauthController < AccountController
result = token.get('https://www.googleapis.com/oauth2/v1/userinfo')
info = JSON.parse(result.body)
if info && info["verified_email"]
user = User.find_or_initialize_by_mail(info["email"])
if user.new_record?
# Self-registration off
redirect_to(home_url) && return unless Setting.self_registration?
# Create on the fly
user.firstname, user.lastname = info["name"].split(' ') unless info['name'].nil?
user.firstname ||= info[:given_name]
user.lastname ||= info[:family_name]
user.mail = info["email"]
user.login = email_prefix(info["email"])
user.login ||= [user.firstname, user.lastname]*"."
user.random_password
user.register
if allowed_domain_for?(info["email"])
try_to_login info
else
flash[:error] = l(:notice_domain_not_allowed, domain: parse_email(info["email"])[:domain])
redirect_to signin_path
end
else
flash[:error] = l(:notice_unable_to_obtain_google_credentials)
redirect_to signin_path
end
end
case Setting.self_registration
when '1'
register_by_email_activation(user) do
onthefly_creation_failed(user)
end
when '3'
register_automatically(user) do
onthefly_creation_failed(user)
end
else
register_manually_by_administrator(user) do
onthefly_creation_failed(user)
end
def try_to_login info
user = User.find_or_initialize_by_mail(info["email"])
if user.new_record?
# Self-registration off
redirect_to(home_url) && return unless Setting.self_registration?
# Create on the fly
user.firstname, user.lastname = info["name"].split(' ') unless info['name'].nil?
user.firstname ||= info[:given_name]
user.lastname ||= info[:family_name]
user.mail = info["email"]
user.login = parse_email(info["email"])[:login]
user.login ||= [user.firstname, user.lastname]*"."
user.random_password
user.register
case Setting.self_registration
when '1'
register_by_email_activation(user) do
onthefly_creation_failed(user)
end
when '3'
register_automatically(user) do
onthefly_creation_failed(user)
end
else
# Existing record
if user.active?
successful_authentication(user)
else
account_pending
register_manually_by_administrator(user) do
onthefly_creation_failed(user)
end
end
else
flash[:error] = l(:notice_unable_to_obtain_google_credentials)
redirect_to signin_path
# Existing record
if user.active?
successful_authentication(user)
else
account_pending
end
end
end
......
<%= stylesheet_link_tag 'buttons', plugin: 'redmine_omniauth_google' %>
<% if Setting.plugin_redmine_omniauth_google[:oauth_authentification] %>
<%= link_to image_tag('/plugin_assets/redmine_omniauth_google/images/google_login_icon.jpg'), oauth_google_path %>
<%= link_to oauth_google_path do %>
<%= button_tag class: 'button-login' do %>
<%= image_tag('/plugin_assets/redmine_omniauth_google/images/google_login_icon.jpg', class: 'button-login-icon', alt: l(:login_via_google)) %>
<%= content_tag :div, 'Login_via_google', class: 'button-login-text' %>
<% end %>
<% end %>
<% end %>
\ No newline at end of file
......@@ -6,6 +6,10 @@
<label>Client Secret:</label>
<%= text_field_tag 'settings[client_secret]', @settings[:client_secret] %>
</p>
<p>
<label>Available domains</label>
<%= text_area_tag "settings[allowed_domains]", @settings[:allowed_domains], rows: 5 %>
</p>
<p>
<label>Oauth authentification:</label>
<%= check_box_tag "settings[oauth_authentification]", true, @settings[:oauth_authentification] %>
......
assets/images/google_login_icon.jpg

2.21 KB | W: | H:

assets/images/google_login_icon.jpg

3.15 KB | W: | H:

assets/images/google_login_icon.jpg
assets/images/google_login_icon.jpg
assets/images/google_login_icon.jpg
assets/images/google_login_icon.jpg
  • 2-up
  • Swipe
  • Onion skin
.button-login {
position: absolute;
left: 40%;
display: inline-block;
border: 1px solid #999;
border-radius: 2px;
margin-top: 5px;
width: 135px;
height: 25px;
padding: 0;
}
.button-login-icon {
float: left;
height: 25px;
}
.button-login-text {
line-height: 21px;
background-image: -webkit-linear-gradient(bottom, #ddd, white);
font-size: 12px;
}
\ No newline at end of file
# English strings go here for Rails i18n
en:
notice_unable_to_obtain_google_credentials: "Unable to obtain credentials from Google. You have not yet registered."
\ No newline at end of file
notice_unable_to_obtain_google_credentials: "Unable to obtain credentials from Google."
notice_domain_not_allowed: "You can not login using %{domain} domain."
login_via_google: "Login via Google"
\ No newline at end of file
ru:
notice_unable_to_obtain_google_credentials: "Не удалось получить данные от Google."
notice_domain_not_allowed: "Вы не можете войти в систему при помощи домена %{domain}."
login_via_google: "Войти с Google"
\ No newline at end of file
......@@ -10,5 +10,8 @@ Redmine::Plugin.register :redmine_omniauth_google do
author_url 'https://tsdv.net/redmine/users/105'
settings default: {
client_id: '214698823792.apps.googleusercontent.com',
client_secret: 'M0HJPMypEgrDAKKHGiP6Y2R-', oauth_autentification: false}, partial: 'settings/google_settings'
client_secret: 'M0HJPMypEgrDAKKHGiP6Y2R-',
oauth_autentification: false,
allowed_domains: ""
}, partial: 'settings/google_settings'
end
\ No newline at end of file
module Helpers
module Checker
def allowed_domain_for? email
allowed_domains = Setting.plugin_redmine_omniauth_google[:allowed_domains]
return unless allowed_domains
allowed_domains = allowed_domains.split
return true if allowed_domains.empty?
allowed_domains.index(parse_email(email)[:domain])
end
end
end
\ No newline at end of file
module Helpers
module MailHelper
def email_prefix email
prefix = email.match(/(.+?)@/) if email
prefix[1] if prefix
def parse_email email
email_data = email && email.is_a?(String) ? email.match(/(.*?)@(.*)/) : nil
{login: email_data[1], domain: email_data[2]} if email_data
end
end
end
\ No newline at end of file
......@@ -61,7 +61,7 @@ class RedmineOauthControllerTest < ActionController::TestCase
assert_redirected_to controller: 'my', action: 'account'
user = User.find_by_mail(@default_response_body[:email])
assert_equal user.mail, @default_response_body[:email]
assert_equal user.login, email_prefix(@default_response_body[:email])
assert_equal user.login, parse_email(@default_response_body[:email])[:login]
end
def test_oauth_google_callback_for_new_user_with_valid_credentials_and_sefregistration_disabled
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment