From 08ff2b12e88aa8a5ff550fe3761ddc1f45ee87f5 Mon Sep 17 00:00:00 2001 From: Thorsten Eckel Date: Thu, 11 Mar 2021 14:13:24 +0100 Subject: [PATCH] Fixes #2951 - Generic oAuth2 login provider is unusable. --- Gemfile | 1 - Gemfile.lock | 1 - .../_profile/linked_accounts.coffee | 5 -- app/assets/stylesheets/svg-dimensions.css | 1 - app/assets/stylesheets/zammad.scss | 4 - config/initializers/omniauth.rb | 9 -- .../20170123000002_fixed_translation.rb | 10 --- ...6_remove_unfixable_generic_oauth2_login.rb | 8 ++ db/seeds/settings.rb | 85 ------------------- lib/omniauth/oauth2_database.rb | 14 --- 10 files changed, 8 insertions(+), 130 deletions(-) create mode 100644 db/migrate/20210311130946_remove_unfixable_generic_oauth2_login.rb delete mode 100644 lib/omniauth/oauth2_database.rb diff --git a/Gemfile b/Gemfile index 679f3843a..fd6364427 100644 --- a/Gemfile +++ b/Gemfile @@ -79,7 +79,6 @@ gem 'omniauth-gitlab' gem 'omniauth-google-oauth2' gem 'omniauth-linkedin-oauth2' gem 'omniauth-microsoft-office365' -gem 'omniauth-oauth2' gem 'omniauth-saml' gem 'omniauth-twitter' gem 'omniauth-weibo-oauth2' diff --git a/Gemfile.lock b/Gemfile.lock index c213f58de..03bdd0727 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -639,7 +639,6 @@ DEPENDENCIES omniauth-google-oauth2 omniauth-linkedin-oauth2 omniauth-microsoft-office365 - omniauth-oauth2 omniauth-rails_csrf_protection omniauth-saml omniauth-twitter diff --git a/app/assets/javascripts/app/controllers/_profile/linked_accounts.coffee b/app/assets/javascripts/app/controllers/_profile/linked_accounts.coffee index 11d48a27d..4cbdf3694 100644 --- a/app/assets/javascripts/app/controllers/_profile/linked_accounts.coffee +++ b/app/assets/javascripts/app/controllers/_profile/linked_accounts.coffee @@ -96,11 +96,6 @@ App.Config.set('auth_provider_all', { name: 'Google' config: 'auth_google_oauth2' class: 'google' - oauth2: - url: '/auth/oauth2' - name: 'OAuth2' - config: 'auth_oauth2' - class: 'oauth2' weibo: url: '/auth/weibo' name: 'Weibo' diff --git a/app/assets/stylesheets/svg-dimensions.css b/app/assets/stylesheets/svg-dimensions.css index a2b6a1dc2..9ade588f5 100644 --- a/app/assets/stylesheets/svg-dimensions.css +++ b/app/assets/stylesheets/svg-dimensions.css @@ -85,7 +85,6 @@ .icon-mute { width: 16px; height: 16px; } .icon-not-signed { width: 14px; height: 14px; } .icon-note { width: 16px; height: 16px; } -.icon-oauth2-button { width: 29px; height: 24px; } .icon-office365-button { width: 29px; height: 24px; } .icon-one-ticket { width: 48px; height: 10px; } .icon-organization { width: 16px; height: 16px; } diff --git a/app/assets/stylesheets/zammad.scss b/app/assets/stylesheets/zammad.scss index d8c8bcedb..a17d12874 100644 --- a/app/assets/stylesheets/zammad.scss +++ b/app/assets/stylesheets/zammad.scss @@ -3369,10 +3369,6 @@ ol.tabs li { background: hsl(10,78%,53%); } - &.auth-provider--oauth2 { - background: hsl(0,0%,15%); - } - &.auth-provider--office365 { background: hsl(15,100%,47%); } diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb index b8903d95f..3b3e0bd28 100644 --- a/config/initializers/omniauth.rb +++ b/config/initializers/omniauth.rb @@ -43,15 +43,6 @@ Rails.application.config.middleware.use OmniAuth::Builder do # microsoft_office365 database connect provider :microsoft_office365_database, 'not_change_will_be_set_by_database', 'not_change_will_be_set_by_database' - # oauth2 database connect - provider :oauth2_database, 'not_change_will_be_set_by_database', 'not_change_will_be_set_by_database', { - client_options: { - site: 'https://not_change_will_be_set_by_database', - authorize_url: '/oauth/authorize', - token_url: '/oauth/token', - }, - } - # weibo database connect provider :weibo_database, 'not_change_will_be_set_by_database', 'not_change_will_be_set_by_database' diff --git a/db/migrate/20170123000002_fixed_translation.rb b/db/migrate/20170123000002_fixed_translation.rb index 014731d16..15bd0613d 100644 --- a/db/migrate/20170123000002_fixed_translation.rb +++ b/db/migrate/20170123000002_fixed_translation.rb @@ -40,16 +40,6 @@ class FixedTranslation < ActiveRecord::Migration[4.2] 'title' => nil, 'description' => 'Use client storage to cache data to enhance performance of application.', }, - { - 'name' => 'auth_oauth2', - 'title' => nil, - 'description' => 'Enables user authentication via generic OAuth2. Register your app first.', - }, - { - 'name' => 'auth_oauth2_credentials', - 'title' => nil, - 'description' => 'Enables user authentication via generic OAuth2.', - }, { 'name' => 'password_min_size', 'title' => 'Minimum length', diff --git a/db/migrate/20210311130946_remove_unfixable_generic_oauth2_login.rb b/db/migrate/20210311130946_remove_unfixable_generic_oauth2_login.rb new file mode 100644 index 000000000..39442f42b --- /dev/null +++ b/db/migrate/20210311130946_remove_unfixable_generic_oauth2_login.rb @@ -0,0 +1,8 @@ +class RemoveUnfixableGenericOauth2Login < ActiveRecord::Migration[5.2] + def change + + return if !Setting.exists?(name: 'system_init_done') + + Setting.where(name: %w[auth_oauth2 auth_oauth2_credentials]).destroy_all + end +end diff --git a/db/seeds/settings.rb b/db/seeds/settings.rb index 32de72086..2095b3d45 100644 --- a/db/seeds/settings.rb +++ b/db/seeds/settings.rb @@ -1525,91 +1525,6 @@ Setting.create_if_not_exists( }, frontend: false ) - -Setting.create_if_not_exists( - title: 'Authentication via %s', - name: 'auth_oauth2', - area: 'Security::ThirdPartyAuthentication', - description: 'Enables user authentication via generic OAuth2. Register your app first.', - options: { - form: [ - { - display: '', - null: true, - name: 'auth_oauth2', - tag: 'boolean', - options: { - true => 'yes', - false => 'no', - }, - }, - ], - }, - preferences: { - controller: 'SettingsAreaSwitch', - sub: ['auth_oauth2_credentials'], - title_i18n: ['Generic OAuth2'], - permission: ['admin.security'], - }, - state: false, - frontend: true -) -Setting.create_if_not_exists( - title: 'Generic OAuth2 App Credentials', - name: 'auth_oauth2_credentials', - area: 'Security::ThirdPartyAuthentication::GenericOAuth', - description: 'Enables user authentication via generic OAuth2.', - options: { - form: [ - { - display: 'Name', - null: true, - name: 'name', - tag: 'input', - placeholder: 'Some Provider Name', - }, - { - display: 'App ID', - null: true, - name: 'app_id', - tag: 'input', - }, - { - display: 'App Secret', - null: true, - name: 'app_secret', - tag: 'input', - }, - { - display: 'Site', - null: true, - name: 'site', - tag: 'input', - placeholder: 'https://oauth.YOURDOMAIN.com', - }, - { - display: 'authorize_url', - null: true, - name: 'authorize_url', - tag: 'input', - placeholder: '/oauth/authorize', - }, - { - display: 'token_url', - null: true, - name: 'token_url', - tag: 'input', - placeholder: '/oauth/token', - }, - ], - }, - state: {}, - preferences: { - permission: ['admin.security'], - }, - frontend: false -) - Setting.create_if_not_exists( title: 'Authentication via %s', name: 'auth_weibo', diff --git a/lib/omniauth/oauth2_database.rb b/lib/omniauth/oauth2_database.rb deleted file mode 100644 index 09d656c90..000000000 --- a/lib/omniauth/oauth2_database.rb +++ /dev/null @@ -1,14 +0,0 @@ -class Oauth2Database < OmniAuth::Strategies::OAuth2 - option :name, 'oauth2' - - def initialize(app, *args, &block) - - # database lookup - config = Setting.get('auth_oauth2_credentials') || {} - args[0] = config['app_id'] - args[1] = config['app_secret'] - args[2][:client_options] = args[2][:client_options].merge(config.symbolize_keys) - super - end - -end