Skip to content

Commit

Permalink
Setting module
Browse files Browse the repository at this point in the history
  • Loading branch information
@picman
picman committed Nov 27, 2024
1 parent d8edee9 commit c8b8a0c
Show file tree
Hide file tree
Showing 9 changed files with 290 additions and 76 deletions.
11 changes: 7 additions & 4 deletions .rubocop.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,9 @@ require:
- rubocop-rails

# Rules for OAuth
Metrics/AbcSize:
Enabled: false

Metrics/BlockLength:
Enabled: false

Expand All @@ -42,16 +45,16 @@ Metrics/BlockNesting:
Metrics/ClassLength:
Enabled: false

Metrics/MethodLength:
Metrics/CyclomaticComplexity:
Enabled: false

Metrics/AbcSize:
Metrics/ModuleLength:
Enabled: false

Metrics/PerceivedComplexity:
Metrics/MethodLength:
Enabled: false

Metrics/CyclomaticComplexity:
Metrics/PerceivedComplexity:
Enabled: false

Style/ExpandPathArguments:
Expand Down
84 changes: 39 additions & 45 deletions app/controllers/redmine_oauth_controller.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ def oauth
session[:oauth_autologin] = params[:oauth_autologin]
oauth_csrf_token = generate_csrf_token
session[:oauth_csrf_token] = oauth_csrf_token
case Setting.plugin_redmine_oauth[:oauth_name]
case RedmineOauth.oauth_name
when 'Azure AD'
redirect_to oauth_client.auth_code.authorize_url(
redirect_uri: oauth_callback_url,
Expand Down Expand Up @@ -66,7 +66,7 @@ def oauth
redirect_to oauth_client.auth_code.authorize_url(
redirect_uri: oauth_callback_url,
state: oauth_csrf_token,
scope: Setting.plugin_redmine_oauth[:custom_scope]
scope: RedmineOauth.custom_scope
)
else
flash['error'] = l(:oauth_invalid_provider)
Expand All @@ -84,7 +84,7 @@ def oauth_callback
raise StandardError, l(:notice_account_invalid_credentials)
end

case Setting.plugin_redmine_oauth[:oauth_name]
case RedmineOauth.oauth_name
when 'Azure AD'
token = oauth_client.auth_code.get_token(params['code'], redirect_uri: oauth_callback_url)
user_info = JWT.decode(token.token, nil, false).first
Expand All @@ -110,32 +110,32 @@ def oauth_callback
when 'Okta'
token = oauth_client.auth_code.get_token(params['code'], redirect_uri: oauth_callback_url)
userinfo_response = token.get(
"/oauth2/#{Setting.plugin_redmine_oauth[:tenant_id]}/v1/userinfo",
"/oauth2/#{RedmineOauth.tenant_id}/v1/userinfo",
headers: { 'Accept' => 'application/json' }
)
user_info = JSON.parse(userinfo_response.body)
user_info['login'] = user_info['preferred_username']
email = user_info['email']
when 'Custom'
token = oauth_client.auth_code.get_token(params['code'], redirect_uri: oauth_callback_url)
if Setting.plugin_redmine_oauth[:custom_profile_endpoint].strip.empty?
if RedmineOauth.custom_profile_endpoint.empty?
user_info = JWT.decode(token.token, nil, false).first
else
userinfo_response = token.get(
Setting.plugin_redmine_oauth[:custom_profile_endpoint],
RedmineOauth.custom_profile_endpoint,
headers: { 'Accept' => 'application/json' }
)
user_info = JSON.parse(userinfo_response.body)
end
user_info['login'] = user_info[Setting.plugin_redmine_oauth[:custom_uid_field]]
email = user_info[Setting.plugin_redmine_oauth[:custom_email_field]]
user_info['login'] = user_info[RedmineOauth.custom_uid_field]
email = user_info[RedmineOauth.custom_email_field]
else
raise StandardError, l(:oauth_invalid_provider)
end
raise StandardError, l(:oauth_no_verified_email) unless email

# Roles
keys = Setting.plugin_redmine_oauth[:validate_user_roles]&.split('.')
keys = RedmineOauth.validate_user_roles.split('.')
if keys&.size&.positive?
roles = user_info
while keys.size.positive?
Expand Down Expand Up @@ -198,7 +198,7 @@ def try_to_login(email, info)
elsif user.active? # Active
handle_active_user user
user.update_last_login_on!
if Setting.plugin_redmine_oauth[:update_login] && (info['login'] || info['unique_name'])
if RedmineOauth.update_login && (info['login'] || info['unique_name'])
user.login = info['login'] || info['unique_name']
Rails.logger.error(user.errors.full_messages.to_sentence) unless user.save
end
Expand All @@ -209,17 +209,15 @@ def try_to_login(email, info)
else # Locked
handle_inactive_user user
end
elsif Setting.plugin_redmine_oauth[:self_registration] && Setting.plugin_redmine_oauth[:self_registration] != '0'
elsif RedmineOauth.self_registration.positive?
# Create on the fly
user = User.new
user.mail = email
firstname, lastname = info['name'].split if info['name'].present?
key = Setting.plugin_redmine_oauth[:custom_firstname_field]
key ||= 'given_name'
key = RedmineOauth.custom_firstname_field
firstname ||= info[key]
user.firstname = firstname
key = Setting.plugin_redmine_oauth[:custom_lastname_field]
key ||= 'family_name'
key = RedmineOauth.custom_lastname_field
lastname ||= info[key]
user.lastname = lastname
user.mail = email
Expand All @@ -228,12 +226,12 @@ def try_to_login(email, info)
user.login = login
user.random_password
user.register
case Setting.plugin_redmine_oauth[:self_registration]
when '1'
case RedmineOauth.self_registration
when 1
register_by_email_activation(user) do
onthefly_creation_failed user
end
when '3'
when 3
register_automatically(user) do
onthefly_creation_failed user
end
Expand All @@ -256,63 +254,59 @@ def try_to_login(email, info)
def oauth_client
return @client if @client

site = Setting.plugin_redmine_oauth[:site]&.chomp('/')
site = RedmineOauth.site
raise StandardError, l(:oauth_invalid_provider) unless site

@client =
case Setting.plugin_redmine_oauth[:oauth_name]
case RedmineOauth.oauth_name
when 'Azure AD'
url = if Setting.plugin_redmine_oauth[:oauth_version].present?
"#{Setting.plugin_redmine_oauth[:oauth_version]}/"
else
''
end
url = RedmineOauth.oauth_version.present? ? "#{RedmineOauth.oauth_version}/" : ''
OAuth2::Client.new(
Setting.plugin_redmine_oauth[:client_id],
Redmine::Ciphering.decrypt_text(Setting.plugin_redmine_oauth[:client_secret]),
RedmineOauth.client_id,
Redmine::Ciphering.decrypt_text(RedmineOauth.client_secret),
site: site,
authorize_url: "/#{Setting.plugin_redmine_oauth[:tenant_id]}/oauth2/#{url}authorize",
token_url: "/#{Setting.plugin_redmine_oauth[:tenant_id]}/oauth2/#{url}token"
authorize_url: "/#{RedmineOauth.tenant_id}/oauth2/#{url}authorize",
token_url: "/#{RedmineOauth.tenant_id}/oauth2/#{url}token"
)
when 'GitLab'
OAuth2::Client.new(
Setting.plugin_redmine_oauth[:client_id],
Redmine::Ciphering.decrypt_text(Setting.plugin_redmine_oauth[:client_secret]),
RedmineOauth.client_id,
Redmine::Ciphering.decrypt_text(RedmineOauth.client_secret),
site: site,
authorize_url: '/oauth/authorize',
token_url: '/oauth/token'
)
when 'Google'
OAuth2::Client.new(
Setting.plugin_redmine_oauth[:client_id],
Redmine::Ciphering.decrypt_text(Setting.plugin_redmine_oauth[:client_secret]),
RedmineOauth.client_id,
Redmine::Ciphering.decrypt_text(RedmineOauth.client_secret),
site: site,
authorize_url: '/o/oauth2/v2/auth',
token_url: 'https://oauth2.googleapis.com/token'
)
when 'Keycloak'
OAuth2::Client.new(
Setting.plugin_redmine_oauth[:client_id],
Redmine::Ciphering.decrypt_text(Setting.plugin_redmine_oauth[:client_secret]),
RedmineOauth.client_id,
Redmine::Ciphering.decrypt_text(RedmineOauth.client_secret),
site: site,
authorize_url: "/realms/#{Setting.plugin_redmine_oauth[:tenant_id]}/protocol/openid-connect/auth",
token_url: "/realms/#{Setting.plugin_redmine_oauth[:tenant_id]}/protocol/openid-connect/token"
authorize_url: "/realms/#{RedmineOauth.tenant_id}/protocol/openid-connect/auth",
token_url: "/realms/#{RedmineOauth.tenant_id}/protocol/openid-connect/token"
)
when 'Okta'
OAuth2::Client.new(
Setting.plugin_redmine_oauth[:client_id],
Redmine::Ciphering.decrypt_text(Setting.plugin_redmine_oauth[:client_secret]),
RedmineOauth.client_id,
Redmine::Ciphering.decrypt_text(RedmineOauth.client_secret),
site: site,
authorize_url: "/oauth2/#{Setting.plugin_redmine_oauth[:tenant_id]}/v1/authorize",
token_url: "/oauth2/#{Setting.plugin_redmine_oauth[:tenant_id]}/v1/token"
authorize_url: "/oauth2/#{RedmineOauth.tenant_id}/v1/authorize",
token_url: "/oauth2/#{RedmineOauth.tenant_id}/v1/token"
)
when 'Custom'
OAuth2::Client.new(
Setting.plugin_redmine_oauth[:client_id],
Redmine::Ciphering.decrypt_text(Setting.plugin_redmine_oauth[:client_secret]),
RedmineOauth.client_id,
Redmine::Ciphering.decrypt_text(RedmineOauth.client_secret),
site: site,
authorize_url: Setting.plugin_redmine_oauth[:custom_auth_endpoint],
token_url: Setting.plugin_redmine_oauth[:custom_token_endpoint]
authorize_url: RedmineOauth.custom_auth_endpoint,
token_url: RedmineOauth.custom_token_endpoint
)
else
raise StandardError, l(:oauth_invalid_provider)
Expand Down
16 changes: 8 additions & 8 deletions app/views/hooks/redmine_oauth/_view_account_login_bottom.html.erb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,9 +20,9 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
%>

<% if Setting.plugin_redmine_oauth[:button_icon] != 'none' %>
<% if RedmineOauth.button_icon != 'none' %>
<%= stylesheet_link_tag 'redmine_oauth', plugin: 'redmine_oauth' %>
<% if Setting.plugin_redmine_oauth[:hide_login_form] %>
<% if RedmineOauth.hide_login_form %>
<%= javascript_include_tag('redmine_oauth.js', plugin: :redmine_oauth) %>
<fieldset id= "oauth-fieldset-login-form" class="oauth_collapsible oauth_collapsed">
<legend class="oauth_legend" onclick="oauth_toggle_fieldset(this)"><%= l(:button_login) %></legend>
Expand All @@ -32,17 +32,17 @@
<%= form_tag(oauth_path(back_url: back_url), method: :get, id: 'oauth-login') do %>
<%= back_url_hidden_field_tag %>
<%= button_tag(name: 'login-oauth', tabindex: 7, id: 'login-oauth-submit', title: l(:oauth_login_with),
style: "background: #{Setting.plugin_redmine_oauth[:button_color]}") do %>
<i id="button_icon" class="<%= Setting.plugin_redmine_oauth[:button_icon] %>"></i>
style: "background: #{RedmineOauth.button_color}") do %>
<i id="button_icon" class="<%= RedmineOauth.button_icon %>"></i>
<%= l(:oauth_login_via,
oauth: Setting.plugin_redmine_oauth[:custom_name].blank? ? Setting.plugin_redmine_oauth[:oauth_name] : Setting.plugin_redmine_oauth[:custom_name]).html_safe %>
oauth: RedmineOauth.custom_name.blank? ? RedmineOauth.oauth_name : RedmineOauth.custom_name).html_safe %>
<% end %>
<% if Setting.plugin_redmine_oauth[:oauth_login] %>
<% if RedmineOauth.oauth_login %>
<br>
<label for="oauth_autologin">
<%= check_box_tag 'oauth_autologin', 1, false, tabindex: 6 %>
<%= l(:oauth_autologin,
oauth: Setting.plugin_redmine_oauth[:custom_name].blank? ? Setting.plugin_redmine_oauth[:oauth_name] : Setting.plugin_redmine_oauth[:custom_name]) %>
oauth: RedmineOauth.custom_name.blank? ? RedmineOauth.oauth_name : RedmineOauth.custom_name) %>
</label>
<% end %>
<% end %>
Expand All @@ -69,7 +69,7 @@
}
});
<%# Hidden login form %>
<% if Setting.plugin_redmine_oauth[:hide_login_form] %>
<% if RedmineOauth.hide_login_form %>
let login_form = $('div#login-form');
login_form.appendTo('#oauth-fieldset-login-form');
login_form.toggle();
Expand Down
6 changes: 1 addition & 5 deletions init.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,11 +19,7 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

require 'redmine'
require File.expand_path('lib/redmine_oauth/hooks/controllers/account_controller_hooks', __dir__)
require File.expand_path('lib/redmine_oauth/hooks/views/base_view_hooks', __dir__)
require File.expand_path('lib/redmine_oauth/hooks/views/login_view_hooks', __dir__)
require File.expand_path('lib/redmine_oauth/patches/settings_controller_patch', __dir__)
require File.expand_path('lib/redmine_oauth/patches/account_controller_patch', __dir__)
require "#{File.dirname(__FILE__)}/lib/redmine_oauth"

Redmine::Plugin.register :redmine_oauth do
name 'Redmine OAuth plugin'
Expand Down
Loading

0 comments on commit c8b8a0c

Please sign in to comment.