From 9a1d573adc9b18876b5bb885c5162ad9d28a7934 Mon Sep 17 00:00:00 2001 From: opanmustopah Date: Wed, 20 Jun 2018 07:03:33 +0700 Subject: [PATCH 1/5] [opan] Tidy up --- app/controllers/application_controller.rb | 3 ++- app/controllers/home_controller.rb | 4 +--- app/controllers/profile_controller.rb | 9 ++------- app/controllers/users/omniauth_callbacks_controller.rb | 6 +++--- app/models/user.rb | 2 +- config/routes.rb | 0 6 files changed, 9 insertions(+), 15 deletions(-) mode change 100755 => 100644 config/routes.rb diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 585c6334..5deb4648 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -2,8 +2,9 @@ class ApplicationController < ActionController::Base # Prevent CSRF attacks by raising an exception. # For APIs, you may want to use :null_session instead. protect_from_forgery with: :exception + def setup_user - current_user = User.where(email: "dev@a.c").first + current_user = User.where(email: 'dev@a.c').first sign_in(current_user) end diff --git a/app/controllers/home_controller.rb b/app/controllers/home_controller.rb index 890d5573..6902a072 100644 --- a/app/controllers/home_controller.rb +++ b/app/controllers/home_controller.rb @@ -7,7 +7,5 @@ def check_signed_in redirect_to profile_path if signed_in? end - def index - - end + def index; end end diff --git a/app/controllers/profile_controller.rb b/app/controllers/profile_controller.rb index 76c032ee..c0cbcd2e 100755 --- a/app/controllers/profile_controller.rb +++ b/app/controllers/profile_controller.rb @@ -15,9 +15,7 @@ def regen_auth redirect_to profile_path end - def show - - end + def show; end def user_admin @users = [] @@ -186,10 +184,7 @@ def update redirect_to user_path end - def user_edit - - - end + def user_edit; end def public_key_update @user = User.where(id: params[:id]).first diff --git a/app/controllers/users/omniauth_callbacks_controller.rb b/app/controllers/users/omniauth_callbacks_controller.rb index b5fbf8dc..f05ccfef 100644 --- a/app/controllers/users/omniauth_callbacks_controller.rb +++ b/app/controllers/users/omniauth_callbacks_controller.rb @@ -3,10 +3,10 @@ class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController def google_oauth2 # You need to implement the method below in your model (e.g. app/models/user.rb) # - data = request.env["omniauth.auth"] - domain = data["info"]["email"].split("@").last + data = request.env['omniauth.auth'] + domain = data['info']['email'].split('@').last - return render :text => "Your domain is unauthorized", :status => :unauthorized if !User.valid_domain? domain + return render :text => 'Your domain is unauthorized', :status => :unauthorized if !User.valid_domain? domain @user = User.from_omniauth(data) diff --git a/app/models/user.rb b/app/models/user.rb index e3d7ed6c..e1ea76bf 100755 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -358,7 +358,7 @@ def group_admin? GroupAdmin.find_by_user_id(self.id).present? end - private + private def stamp_deactivation_time if self.active diff --git a/config/routes.rb b/config/routes.rb old mode 100755 new mode 100644 From 204686df349cee6a1a55bbffff447395101a12f9 Mon Sep 17 00:00:00 2001 From: opanmustopah Date: Wed, 20 Jun 2018 07:03:33 +0700 Subject: [PATCH 2/5] [opan] Tidy up --- app/controllers/home_controller.rb | 4 +--- app/controllers/profile_controller.rb | 9 ++------- app/controllers/users/omniauth_callbacks_controller.rb | 2 ++ config/routes.rb | 0 4 files changed, 5 insertions(+), 10 deletions(-) mode change 100755 => 100644 config/routes.rb diff --git a/app/controllers/home_controller.rb b/app/controllers/home_controller.rb index 890d5573..6902a072 100644 --- a/app/controllers/home_controller.rb +++ b/app/controllers/home_controller.rb @@ -7,7 +7,5 @@ def check_signed_in redirect_to profile_path if signed_in? end - def index - - end + def index; end end diff --git a/app/controllers/profile_controller.rb b/app/controllers/profile_controller.rb index 5839fda5..1b155291 100755 --- a/app/controllers/profile_controller.rb +++ b/app/controllers/profile_controller.rb @@ -11,9 +11,7 @@ def regen_auth redirect_to profile_path end - def show - - end + def show; end def user_admin @users = [] @@ -182,10 +180,7 @@ def update redirect_to user_path end - def user_edit - - - end + def user_edit; end def public_key_update @user = User.where(id: params[:id]).first diff --git a/app/controllers/users/omniauth_callbacks_controller.rb b/app/controllers/users/omniauth_callbacks_controller.rb index eb63c8a5..7e3cac98 100644 --- a/app/controllers/users/omniauth_callbacks_controller.rb +++ b/app/controllers/users/omniauth_callbacks_controller.rb @@ -5,10 +5,12 @@ def google_oauth2 # data = request.env['omniauth.auth'] domain = data['info']['email'].split('@').last + unless User.valid_domain? domain return render text: 'Your domain is unauthorized', status: :unauthorized end @user = User.create_user(data.info['name'], data.info['email']) + if @user.persisted? @user.generate_two_factor_auth sign_in_and_redirect @user, event: :authentication diff --git a/config/routes.rb b/config/routes.rb old mode 100755 new mode 100644 From 915f27ccd51c187ac04f0b2474a7d4e1768f9e89 Mon Sep 17 00:00:00 2001 From: opanmustopah Date: Mon, 16 Jul 2018 13:53:04 +0700 Subject: [PATCH 3/5] [opan] Update authenticate_cas API to return email and auth_key --- app/controllers/profile_controller.rb | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/app/controllers/profile_controller.rb b/app/controllers/profile_controller.rb index 1b155291..5e62931e 100755 --- a/app/controllers/profile_controller.rb +++ b/app/controllers/profile_controller.rb @@ -103,19 +103,20 @@ def authenticate_ms_chap def authenticate_cas - username = User.authenticate_cas request.env["HTTP_AUTHORIZATION"] + user = User.find_by(user_login_id: username) - ## cas-5.1.x expects {"@c":".SimplePrincipal","id":"casuser","attributes":{}} + ## cas-5.2.x expects {"@c":".SimplePrincipal","id":"casuser","attributes":{}} response_map = { - "@class":"org.apereo.cas.authentication.principal.SimplePrincipal", - "id" => username, - "attributes": {"backend": "gate-sso"} + '@class':'org.apereo.cas.authentication.principal.SimplePrincipal', + 'id' => username, + 'attributes': {'backend': 'gate-sso', 'email': user.email, 'authToken': user.auth_key}, } if username.present? render json: response_map, status: :ok else + response_map['attributes'] = nil render json: response_map, status: 401 end end From 7b05e9fc69535ace94220f3e2ff87fb17248589b Mon Sep 17 00:00:00 2001 From: opanmustopah Date: Mon, 16 Jul 2018 16:56:18 +0700 Subject: [PATCH 4/5] [opan] Add admin to extra attributes cas authentication --- app/controllers/profile_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/profile_controller.rb b/app/controllers/profile_controller.rb index 5e62931e..8376e89c 100755 --- a/app/controllers/profile_controller.rb +++ b/app/controllers/profile_controller.rb @@ -110,7 +110,7 @@ def authenticate_cas response_map = { '@class':'org.apereo.cas.authentication.principal.SimplePrincipal', 'id' => username, - 'attributes': {'backend': 'gate-sso', 'email': user.email, 'authToken': user.auth_key}, + 'attributes': {'backend': 'gate-sso', 'email': user.email, 'auth_token': user.auth_key, 'admin': user.admin}, } if username.present? From 7cf1073d3dbe57b6462659f6352c1d2b88860375 Mon Sep 17 00:00:00 2001 From: opanmustopah Date: Mon, 16 Jul 2018 17:18:23 +0700 Subject: [PATCH 5/5] [opan] Using try when cas authenticate not success --- app/controllers/profile_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/profile_controller.rb b/app/controllers/profile_controller.rb index 8376e89c..0a95718d 100755 --- a/app/controllers/profile_controller.rb +++ b/app/controllers/profile_controller.rb @@ -110,7 +110,7 @@ def authenticate_cas response_map = { '@class':'org.apereo.cas.authentication.principal.SimplePrincipal', 'id' => username, - 'attributes': {'backend': 'gate-sso', 'email': user.email, 'auth_token': user.auth_key, 'admin': user.admin}, + 'attributes': {'backend': 'gate-sso', 'email': user.try(:email), 'auth_token': user.try(:auth_key), 'admin': user.try(:admin)}, } if username.present?