From b60b139e952c055d1e15ed420042e35312384000 Mon Sep 17 00:00:00 2001 From: Martin Edenhofer Date: Thu, 13 Jul 2017 17:08:53 +0200 Subject: [PATCH] Implemented issue #1177 - OAuth2: Office365. --- Gemfile | 1 + Gemfile.lock | 4 + .../_profile/linked_accounts.coffee | 80 ++++++++++--------- .../javascripts/app/controllers/login.coffee | 45 +---------- .../javascripts/app/views/login.jst.eco | 2 +- ...170713000001_omniauth_office365_setting.rb | 63 +++++++++++++++ db/seeds/settings.rb | 57 +++++++++++++ vendor/lib/microsoft_office365_database.rb | 13 +++ 8 files changed, 183 insertions(+), 82 deletions(-) create mode 100644 db/migrate/20170713000001_omniauth_office365_setting.rb create mode 100644 vendor/lib/microsoft_office365_database.rb diff --git a/Gemfile b/Gemfile index 2695e13bb..9f5658fcf 100644 --- a/Gemfile +++ b/Gemfile @@ -40,6 +40,7 @@ gem 'omniauth-gitlab' gem 'omniauth-google-oauth2' gem 'omniauth-linkedin-oauth2' gem 'omniauth-twitter' +gem 'omniauth-microsoft-office365' gem 'twitter' gem 'telegramAPI' diff --git a/Gemfile.lock b/Gemfile.lock index bac5b7af6..c8671468b 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -236,6 +236,9 @@ GEM omniauth-linkedin-oauth2 (0.1.5) omniauth (~> 1.0) omniauth-oauth2 + omniauth-microsoft-office365 (0.0.7) + omniauth + omniauth-oauth2 omniauth-oauth (1.1.0) oauth omniauth (~> 1.0) @@ -464,6 +467,7 @@ DEPENDENCIES omniauth-gitlab omniauth-google-oauth2 omniauth-linkedin-oauth2 + omniauth-microsoft-office365 omniauth-oauth2 omniauth-twitter pg diff --git a/app/assets/javascripts/app/controllers/_profile/linked_accounts.coffee b/app/assets/javascripts/app/controllers/_profile/linked_accounts.coffee index 671da7abc..828223057 100644 --- a/app/assets/javascripts/app/controllers/_profile/linked_accounts.coffee +++ b/app/assets/javascripts/app/controllers/_profile/linked_accounts.coffee @@ -9,43 +9,7 @@ class Index extends App.ControllerSubContent @render() render: => - auth_provider_all = { - facebook: { - url: '/auth/facebook' - name: 'Facebook' - config: 'auth_facebook' - }, - twitter: { - url: '/auth/twitter' - name: 'Twitter' - config: 'auth_twitter' - }, - linkedin: { - url: '/auth/linkedin' - name: 'LinkedIn' - config: 'auth_linkedin' - }, - github: { - url: '/auth/github' - name: 'GitHub' - config: 'auth_github' - }, - gitlab: { - url: '/auth/gitlab' - name: 'GitLab' - config: 'auth_gitlab' - }, - google_oauth2: { - url: '/auth/google_oauth2' - name: 'Google' - config: 'auth_google_oauth2' - }, - oauth2: { - url: '/auth/oauth2' - name: 'OAuth2' - config: 'auth_oauth2' - }, - } + auth_provider_all = App.Config.get('auth_provider_all') auth_providers = {} for key, provider of auth_provider_all if @Config.get(provider.config) is true || @Config.get(provider.config) is 'true' @@ -90,3 +54,45 @@ class Index extends App.ControllerSubContent ) App.Config.set('LinkedAccounts', { prio: 4000, name: 'Linked Accounts', parent: '#profile', target: '#profile/linked', controller: Index, permission: ['user_preferences.linked_accounts'] }, 'NavBarProfile') +App.Config.set('auth_provider_all', { + facebook: + url: '/auth/facebook' + name: 'Facebook' + config: 'auth_facebook' + class: 'facebook' + twitter: + url: '/auth/twitter' + name: 'Twitter' + config: 'auth_twitter' + class: 'twitter' + linkedin: + url: '/auth/linkedin' + name: 'LinkedIn' + config: 'auth_linkedin' + class: 'linkedin' + github: + url: '/auth/github' + name: 'GitHub' + config: 'auth_github' + class: 'github' + gitlab: + url: '/auth/gitlab' + name: 'GitLab' + config: 'auth_gitlab' + class: 'gitlab' + microsoft_office365: + url: '/auth/microsoft_office365' + name: 'Office 365' + config: 'auth_microsoft_office365' + class: 'microsoft_office365' + google_oauth2: + url: '/auth/google_oauth2' + name: 'Google' + config: 'auth_google_oauth2' + class: 'google' + oauth2: + url: '/auth/oauth2' + name: 'OAuth2' + config: 'auth_oauth2' + class: 'oauth2' +}) diff --git a/app/assets/javascripts/app/controllers/login.coffee b/app/assets/javascripts/app/controllers/login.coffee index 322a518c7..6e7f608d3 100644 --- a/app/assets/javascripts/app/controllers/login.coffee +++ b/app/assets/javascripts/app/controllers/login.coffee @@ -38,50 +38,7 @@ class Index extends App.ControllerContent ) render: (data = {}) -> - auth_provider_all = { - facebook: { - url: '/auth/facebook', - name: 'Facebook', - config: 'auth_facebook', - class: 'facebook' - }, - twitter: { - url: '/auth/twitter' - name: 'Twitter' - config: 'auth_twitter' - class: 'twitter' - }, - linkedin: { - url: '/auth/linkedin' - name: 'LinkedIn' - config: 'auth_linkedin' - class: 'linkedin' - }, - github: { - url: '/auth/github' - name: 'GitHub' - config: 'auth_github' - class: 'github' - }, - gitlab: { - url: '/auth/gitlab' - name: 'GitLab' - config: 'auth_gitlab' - class: 'gitlab' - }, - google_oauth2: { - url: '/auth/google_oauth2' - name: 'Google' - config: 'auth_google_oauth2' - class: 'google' - }, - oauth2: { - url: '/auth/oauth2' - name: 'OAuth2' - config: 'auth_oauth2' - class: 'oauth2' - }, - } + auth_provider_all = App.Config.get('auth_provider_all') auth_providers = [] for key, provider of auth_provider_all if @Config.get(provider.config) is true || @Config.get(provider.config) is 'true' diff --git a/app/assets/javascripts/app/views/login.jst.eco b/app/assets/javascripts/app/views/login.jst.eco index 00b086f48..135c1c859 100644 --- a/app/assets/javascripts/app/views/login.jst.eco +++ b/app/assets/javascripts/app/views/login.jst.eco @@ -24,7 +24,7 @@
- +
diff --git a/db/migrate/20170713000001_omniauth_office365_setting.rb b/db/migrate/20170713000001_omniauth_office365_setting.rb new file mode 100644 index 000000000..147dbd508 --- /dev/null +++ b/db/migrate/20170713000001_omniauth_office365_setting.rb @@ -0,0 +1,63 @@ +class OmniauthOffice365Setting < ActiveRecord::Migration + def up + + # return if it's a new setup + return if !Setting.find_by(name: 'system_init_done') + Setting.create_if_not_exists( + title: 'Authentication via %s', + name: 'auth_microsoft_office365', + area: 'Security::ThirdPartyAuthentication', + description: 'Enables user authentication via %s. Register your app first at [%s](%s).', + options: { + form: [ + { + display: '', + null: true, + name: 'auth_microsoft_office365', + tag: 'boolean', + options: { + true => 'yes', + false => 'no', + }, + }, + ], + }, + preferences: { + controller: 'SettingsAreaSwitch', + sub: ['auth_microsoft_office365_credentials'], + title_i18n: ['Office 365'], + description_i18n: ['Office 365', 'Microsoft Application Registration Portal', 'https://apps.dev.microsoft.com'], + permission: ['admin.security'], + }, + state: false, + frontend: true + ) + Setting.create_if_not_exists( + title: 'Office 365 App Credentials', + name: 'auth_microsoft_office365_credentials', + area: 'Security::ThirdPartyAuthentication::Office365', + description: 'Enables user authentication via Office 365.', + options: { + form: [ + { + display: 'App ID', + null: true, + name: 'app_id', + tag: 'input', + }, + { + display: 'App Secret', + null: true, + name: 'app_secret', + tag: 'input', + }, + ], + }, + state: {}, + preferences: { + permission: ['admin.security'], + }, + frontend: false + ) + end +end diff --git a/db/seeds/settings.rb b/db/seeds/settings.rb index 73b3b7797..d0bec62b5 100644 --- a/db/seeds/settings.rb +++ b/db/seeds/settings.rb @@ -1057,6 +1057,63 @@ Setting.create_if_not_exists( frontend: false ) +Setting.create_if_not_exists( + title: 'Authentication via %s', + name: 'auth_microsoft_office365', + area: 'Security::ThirdPartyAuthentication', + description: 'Enables user authentication via %s. Register your app first at [%s](%s).', + options: { + form: [ + { + display: '', + null: true, + name: 'auth_microsoft_office365', + tag: 'boolean', + options: { + true => 'yes', + false => 'no', + }, + }, + ], + }, + preferences: { + controller: 'SettingsAreaSwitch', + sub: ['auth_microsoft_office365_credentials'], + title_i18n: ['Office 365'], + description_i18n: ['Office 365', 'Microsoft Application Registration Portal', 'https://apps.dev.microsoft.com'], + permission: ['admin.security'], + }, + state: false, + frontend: true +) +Setting.create_if_not_exists( + title: 'Office 365 App Credentials', + name: 'auth_microsoft_office365_credentials', + area: 'Security::ThirdPartyAuthentication::Office365', + description: 'Enables user authentication via Office 365.', + options: { + form: [ + { + display: 'App ID', + null: true, + name: 'app_id', + tag: 'input', + }, + { + display: 'App Secret', + null: true, + name: 'app_secret', + tag: 'input', + }, + ], + }, + state: {}, + preferences: { + permission: ['admin.security'], + }, + frontend: false +) + Setting.create_if_not_exists( title: 'Authentication via %s', name: 'auth_oauth2', diff --git a/vendor/lib/microsoft_office365_database.rb b/vendor/lib/microsoft_office365_database.rb new file mode 100644 index 000000000..5d51c084a --- /dev/null +++ b/vendor/lib/microsoft_office365_database.rb @@ -0,0 +1,13 @@ +class MicrosoftOffice365Database < OmniAuth::Strategies::MicrosoftOffice365 + option :name, 'microsoft_office365' + + def initialize(app, *args, &block) + + # database lookup + config = Setting.get('auth_microsoft_office365_credentials') || {} + args[0] = config['app_id'] + args[1] = config['app_secret'] + super + end + +end