Fixes #2951 - Generic oAuth2 login provider is unusable.

Gemfile

@@ -79,7 +79,6 @@ gem 'omniauth-gitlab'
 gem 'omniauth-google-oauth2'
 gem 'omniauth-linkedin-oauth2'
 gem 'omniauth-microsoft-office365'
-gem 'omniauth-oauth2'
 gem 'omniauth-saml'
 gem 'omniauth-twitter'
 gem 'omniauth-weibo-oauth2'

Gemfile.lock

@@ -639,7 +639,6 @@ DEPENDENCIES
   omniauth-google-oauth2
   omniauth-linkedin-oauth2
   omniauth-microsoft-office365
-  omniauth-oauth2
   omniauth-rails_csrf_protection
   omniauth-saml
   omniauth-twitter

app/assets/javascripts/app/controllers/_profile/linked_accounts.coffee

@@ -96,11 +96,6 @@ App.Config.set('auth_provider_all', {
     name:   'Google'
     config: 'auth_google_oauth2'
     class:  'google'
-  oauth2:
-    url:    '/auth/oauth2'
-    name:   'OAuth2'
-    config: 'auth_oauth2'
-    class:  'oauth2'
   weibo:
     url:    '/auth/weibo'
     name:   'Weibo'

app/assets/stylesheets/svg-dimensions.css

@@ -85,7 +85,6 @@
 .icon-mute { width: 16px; height: 16px; }
 .icon-not-signed { width: 14px; height: 14px; }
 .icon-note { width: 16px; height: 16px; }
-.icon-oauth2-button { width: 29px; height: 24px; }
 .icon-office365-button { width: 29px; height: 24px; }
 .icon-one-ticket { width: 48px; height: 10px; }
 .icon-organization { width: 16px; height: 16px; }

app/assets/stylesheets/zammad.scss

@@ -3369,10 +3369,6 @@ ol.tabs li {
     background: hsl(10,78%,53%);
   }
 
-  &.auth-provider--oauth2 {
-    background: hsl(0,0%,15%);
-  }
-
   &.auth-provider--office365 {
     background: hsl(15,100%,47%);
   }

config/initializers/omniauth.rb

@@ -43,15 +43,6 @@ Rails.application.config.middleware.use OmniAuth::Builder do
   # microsoft_office365 database connect
   provider :microsoft_office365_database, 'not_change_will_be_set_by_database', 'not_change_will_be_set_by_database'
 
-  # oauth2 database connect
-  provider :oauth2_database, 'not_change_will_be_set_by_database', 'not_change_will_be_set_by_database', {
-    client_options: {
-      site:          'https://not_change_will_be_set_by_database',
-      authorize_url: '/oauth/authorize',
-      token_url:     '/oauth/token',
-    },
-  }
-
   # weibo database connect
   provider :weibo_database, 'not_change_will_be_set_by_database', 'not_change_will_be_set_by_database'
 

db/migrate/20170123000002_fixed_translation.rb

@@ -40,16 +40,6 @@ class FixedTranslation < ActiveRecord::Migration[4.2]
         'title'       => nil,
         'description' => 'Use client storage to cache data to enhance performance of application.',
       },
-      {
-        'name'        => 'auth_oauth2',
-        'title'       => nil,
-        'description' => 'Enables user authentication via generic OAuth2. Register your app first.',
-      },
-      {
-        'name'        => 'auth_oauth2_credentials',
-        'title'       => nil,
-        'description' => 'Enables user authentication via generic OAuth2.',
-      },
       {
         'name'        => 'password_min_size',
         'title'       => 'Minimum length',

db/migrate/20210311130946_remove_unfixable_generic_oauth2_login.rb

@@ -0,0 +1,8 @@
+class RemoveUnfixableGenericOauth2Login < ActiveRecord::Migration[5.2]
+  def change
+
+    return if !Setting.exists?(name: 'system_init_done')
+
+    Setting.where(name: %w[auth_oauth2 auth_oauth2_credentials]).destroy_all
+  end
+end

db/seeds/settings.rb

@@ -1525,91 +1525,6 @@ Setting.create_if_not_exists(
   },
   frontend:    false
 )
-
-Setting.create_if_not_exists(
-  title:       'Authentication via %s',
-  name:        'auth_oauth2',
-  area:        'Security::ThirdPartyAuthentication',
-  description: 'Enables user authentication via generic OAuth2. Register your app first.',
-  options:     {
-    form: [
-      {
-        display: '',
-        null:    true,
-        name:    'auth_oauth2',
-        tag:     'boolean',
-        options: {
-          true  => 'yes',
-          false => 'no',
-        },
-      },
-    ],
-  },
-  preferences: {
-    controller: 'SettingsAreaSwitch',
-    sub:        ['auth_oauth2_credentials'],
-    title_i18n: ['Generic OAuth2'],
-    permission: ['admin.security'],
-  },
-  state:       false,
-  frontend:    true
-)
-Setting.create_if_not_exists(
-  title:       'Generic OAuth2 App Credentials',
-  name:        'auth_oauth2_credentials',
-  area:        'Security::ThirdPartyAuthentication::GenericOAuth',
-  description: 'Enables user authentication via generic OAuth2.',
-  options:     {
-    form: [
-      {
-        display:     'Name',
-        null:        true,
-        name:        'name',
-        tag:         'input',
-        placeholder: 'Some Provider Name',
-      },
-      {
-        display: 'App ID',
-        null:    true,
-        name:    'app_id',
-        tag:     'input',
-      },
-      {
-        display: 'App Secret',
-        null:    true,
-        name:    'app_secret',
-        tag:     'input',
-      },
-      {
-        display:     'Site',
-        null:        true,
-        name:        'site',
-        tag:         'input',
-        placeholder: 'https://oauth.YOURDOMAIN.com',
-      },
-      {
-        display:     'authorize_url',
-        null:        true,
-        name:        'authorize_url',
-        tag:         'input',
-        placeholder: '/oauth/authorize',
-      },
-      {
-        display:     'token_url',
-        null:        true,
-        name:        'token_url',
-        tag:         'input',
-        placeholder: '/oauth/token',
-      },
-    ],
-  },
-  state:       {},
-  preferences: {
-    permission: ['admin.security'],
-  },
-  frontend:    false
-)
-
 Setting.create_if_not_exists(
   title:       'Authentication via %s',
   name:        'auth_weibo',

lib/omniauth/oauth2_database.rb

@@ -1,14 +0,0 @@
-class Oauth2Database < OmniAuth::Strategies::OAuth2
-  option :name, 'oauth2'
-
-  def initialize(app, *args, &block)
-
-    # database lookup
-    config  = Setting.get('auth_oauth2_credentials') || {}
-    args[0] = config['app_id']
-    args[1] = config['app_secret']
-    args[2][:client_options] = args[2][:client_options].merge(config.symbolize_keys)
-    super
-  end
-
-end