closed-social
/
mastodon
3
0
Fork 2
Code Issues 5 Pull Requests 0 Projects 0 Releases 3 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
12960 Commits
4 Branches
567 MiB
Tree: 6b16b77ab0
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '6b16b77ab0'
${ noResults }
mastodon/app/models/concerns/omniauthable.rb

101 lines
3.0 KiB
Raw Normal View History

CAS + SAML authentication feature (#6425) * Cas authentication feature * Config * Remove class_eval + Omniauth initializer * Codeclimate review * Codeclimate review 2 * Codeclimate review 3 * Remove uid/email reconciliation * SAML authentication * Clean up code * Improve login form * Fix code style issues * Add locales
6 years ago
Fix SSO login not using existing account when e-mail is verified (#11862) Fix #11472
4 years ago
CAS + SAML authentication feature (#6425) * Cas authentication feature * Config * Remove class_eval + Omniauth initializer * Codeclimate review * Codeclimate review 2 * Codeclimate review 3 * Remove uid/email reconciliation * SAML authentication * Clean up code * Improve login form * Fix code style issues * Add locales
6 years ago
Refactor User model, extract PamAuthenticable, LdapAuthenticable (#10217)
5 years ago
CAS + SAML authentication feature (#6425) * Cas authentication feature * Config * Remove class_eval + Omniauth initializer * Codeclimate review * Codeclimate review 2 * Codeclimate review 3 * Remove uid/email reconciliation * SAML authentication * Clean up code * Improve login form * Fix code style issues * Add locales
6 years ago
Allow login through OpenID Connect (#16221) * added OpenID Connect as an SSO option * minor fixes * added comments, removed an option that shouldn't be set * fixed Gemfile.lock * added newline to end of Gemfile.lock * removed tab from Gemfile.lock * remove chomp * codeclimate changes and small name change to make function's purpose clearer * codeclimate fix * added SSO buttons to /about page * minor refactor * minor style change * removed spurious change * removed unecessary conditional from ensure_valid_username and added support for auth.info.name in user_params_from_auth * minor changes
2 years ago
CAS + SAML authentication feature (#6425) * Cas authentication feature * Config * Remove class_eval + Omniauth initializer * Codeclimate review * Codeclimate review 2 * Codeclimate review 3 * Remove uid/email reconciliation * SAML authentication * Clean up code * Improve login form * Fix code style issues * Add locales
6 years ago
Fix SSO login not using existing account when e-mail is verified (#11862) Fix #11472
4 years ago
CAS + SAML authentication feature (#6425) * Cas authentication feature * Config * Remove class_eval + Omniauth initializer * Codeclimate review * Codeclimate review 2 * Codeclimate review 3 * Remove uid/email reconciliation * SAML authentication * Clean up code * Improve login form * Fix code style issues * Add locales
6 years ago
Allow login through OpenID Connect (#16221) * added OpenID Connect as an SSO option * minor fixes * added comments, removed an option that shouldn't be set * fixed Gemfile.lock * added newline to end of Gemfile.lock * removed tab from Gemfile.lock * remove chomp * codeclimate changes and small name change to make function's purpose clearer * codeclimate fix * added SSO buttons to /about page * minor refactor * minor style change * removed spurious change * removed unecessary conditional from ensure_valid_username and added support for auth.info.name in user_params_from_auth * minor changes
2 years ago
Change unconfirmed user login behaviour (#11375) Allow access to account settings, 2FA, authorized applications, and account deletions to unconfirmed and pending users, as well as users who had their accounts disabled. Suspended users cannot update their e-mail or password or delete their account. Display account status on account settings page, for example, when an account is frozen, limited, unconfirmed or pending review. After sign up, login users straight away and show a simple page that tells them the status of their account with links to account settings and logout, to reduce onboarding friction and allow users to correct wrongly typed e-mail addresses. Move the final sign-up step of SSO integrations to be the same as above to reduce code duplication.
4 years ago
CAS + SAML authentication feature (#6425) * Cas authentication feature * Config * Remove class_eval + Omniauth initializer * Codeclimate review * Codeclimate review 2 * Codeclimate review 3 * Remove uid/email reconciliation * SAML authentication * Clean up code * Improve login form * Fix code style issues * Add locales
6 years ago
Fix SSO login not using existing account when e-mail is verified (#11862) Fix #11472
4 years ago
Allow login through OpenID Connect (#16221) * added OpenID Connect as an SSO option * minor fixes * added comments, removed an option that shouldn't be set * fixed Gemfile.lock * added newline to end of Gemfile.lock * removed tab from Gemfile.lock * remove chomp * codeclimate changes and small name change to make function's purpose clearer * codeclimate fix * added SSO buttons to /about page * minor refactor * minor style change * removed spurious change * removed unecessary conditional from ensure_valid_username and added support for auth.info.name in user_params_from_auth * minor changes
2 years ago
Fix SSO login not using existing account when e-mail is verified (#11862) Fix #11472
4 years ago
Don't crash on unobtainable avatars (#22462)
1 year ago
Autofix Rubocop Style/IfUnlessModifier (#23697)
1 year ago
Don't crash on unobtainable avatars (#22462)
1 year ago
Fix external authentication not running onboarding code for new users (#23458)
1 year ago
CAS + SAML authentication feature (#6425) * Cas authentication feature * Config * Remove class_eval + Omniauth initializer * Codeclimate review * Codeclimate review 2 * Codeclimate review 3 * Remove uid/email reconciliation * SAML authentication * Clean up code * Improve login form * Fix code style issues * Add locales
6 years ago
Fix SSO login not using existing account when e-mail is verified (#11862) Fix #11472
4 years ago
CAS + SAML authentication feature (#6425) * Cas authentication feature * Config * Remove class_eval + Omniauth initializer * Codeclimate review * Codeclimate review 2 * Codeclimate review 3 * Remove uid/email reconciliation * SAML authentication * Clean up code * Improve login form * Fix code style issues * Add locales
6 years ago
rubocop issues - Cleaning up (#8912) * cleanup pass * undo mistakes * fixed. * revert
5 years ago
Fix SSO authentication not working due to missing agreement boolean (#9915) Fix #9906
5 years ago
Fix LDAP/PAM/SAML/CAS users not being approved instantly (#10621)
5 years ago
CAS + SAML authentication feature (#6425) * Cas authentication feature * Config * Remove class_eval + Omniauth initializer * Codeclimate review * Codeclimate review 2 * Codeclimate review 3 * Remove uid/email reconciliation * SAML authentication * Clean up code * Improve login form * Fix code style issues * Add locales
6 years ago
Allow login through OpenID Connect (#16221) * added OpenID Connect as an SSO option * minor fixes * added comments, removed an option that shouldn't be set * fixed Gemfile.lock * added newline to end of Gemfile.lock * removed tab from Gemfile.lock * remove chomp * codeclimate changes and small name change to make function's purpose clearer * codeclimate fix * added SSO buttons to /about page * minor refactor * minor style change * removed spurious change * removed unecessary conditional from ensure_valid_username and added support for auth.info.name in user_params_from_auth * minor changes
2 years ago
CAS + SAML authentication feature (#6425) * Cas authentication feature * Config * Remove class_eval + Omniauth initializer * Codeclimate review * Codeclimate review 2 * Codeclimate review 3 * Remove uid/email reconciliation * SAML authentication * Clean up code * Improve login form * Fix code style issues * Add locales
6 years ago
Only check locally when deduplicating usernames (#13581) When deduplicating account usernames for OAuthable users, the routine did check if any account was known with that username, including remote accounts. This caused some unnecessary deduplication, and usernames ending with unexpected trailing _1. This fixes #13580
4 years ago
CAS + SAML authentication feature (#6425) * Cas authentication feature * Config * Remove class_eval + Omniauth initializer * Codeclimate review * Codeclimate review 2 * Codeclimate review 3 * Remove uid/email reconciliation * SAML authentication * Clean up code * Improve login form * Fix code style issues * Add locales
6 years ago
Allow login through OpenID Connect (#16221) * added OpenID Connect as an SSO option * minor fixes * added comments, removed an option that shouldn't be set * fixed Gemfile.lock * added newline to end of Gemfile.lock * removed tab from Gemfile.lock * remove chomp * codeclimate changes and small name change to make function's purpose clearer * codeclimate fix * added SSO buttons to /about page * minor refactor * minor style change * removed spurious change * removed unecessary conditional from ensure_valid_username and added support for auth.info.name in user_params_from_auth * minor changes
2 years ago
Apply Rubocop Style/RedundantAssignment (#23452)
1 year ago
Allow login through OpenID Connect (#16221) * added OpenID Connect as an SSO option * minor fixes * added comments, removed an option that shouldn't be set * fixed Gemfile.lock * added newline to end of Gemfile.lock * removed tab from Gemfile.lock * remove chomp * codeclimate changes and small name change to make function's purpose clearer * codeclimate fix * added SSO buttons to /about page * minor refactor * minor style change * removed spurious change * removed unecessary conditional from ensure_valid_username and added support for auth.info.name in user_params_from_auth * minor changes
2 years ago
CAS + SAML authentication feature (#6425) * Cas authentication feature * Config * Remove class_eval + Omniauth initializer * Codeclimate review * Codeclimate review 2 * Codeclimate review 3 * Remove uid/email reconciliation * SAML authentication * Clean up code * Improve login form * Fix code style issues * Add locales
6 years ago
 
  1. # frozen_string_literal: true
  2. 

  3. module Omniauthable
  4.   extend ActiveSupport::Concern
  5. 

  6.   TEMP_EMAIL_PREFIX = 'change@me'
  7.   TEMP_EMAIL_REGEX  = /\A#{TEMP_EMAIL_PREFIX}/.freeze
  8. 

  9.   included do
  10.     devise :omniauthable
  11. 

  12.     def omniauth_providers
  13.       Devise.omniauth_configs.keys
  14.     end
  15. 

  16.     def email_present?
  17.       email && email !~ TEMP_EMAIL_REGEX
  18.     end
  19.   end
  20. 

  21.   class_methods do
  22.     def find_for_oauth(auth, signed_in_resource = nil)
  23.       # EOLE-SSO Patch
  24.       auth.uid = (auth.uid[0][:uid] || auth.uid[0][:user]) if auth.uid.is_a? Hashie::Array
  25.       identity = Identity.find_for_oauth(auth)
  26. 

  27.       # If a signed_in_resource is provided it always overrides the existing user
  28.       # to prevent the identity being locked with accidentally created accounts.
  29.       # Note that this may leave zombie accounts (with no associated identity) which
  30.       # can be cleaned up at a later date.
  31.       user   = signed_in_resource || identity.user
  32.       user ||= create_for_oauth(auth)
  33. 

  34.       if identity.user.nil?
  35.         identity.user = user
  36.         identity.save!
  37.       end
  38. 

  39.       user
  40.     end
  41. 

  42.     def create_for_oauth(auth)
  43.       # Check if the user exists with provided email. If no email was provided,
  44.       # we assign a temporary email and ask the user to verify it on
  45.       # the next step via Auth::SetupController.show
  46. 

  47.       strategy          = Devise.omniauth_configs[auth.provider.to_sym].strategy
  48.       assume_verified   = strategy&.security&.assume_email_is_verified
  49.       email_is_verified = auth.info.verified || auth.info.verified_email || auth.info.email_verified || assume_verified
  50.       email             = auth.info.verified_email || auth.info.email
  51. 

  52.       user = User.find_by(email: email) if email_is_verified
  53. 

  54.       return user unless user.nil?
  55. 

  56.       user = User.new(user_params_from_auth(email, auth))
  57. 

  58.       begin
  59.         user.account.avatar_remote_url = auth.info.image if /\A#{URI::DEFAULT_PARSER.make_regexp(%w(http https))}\z/.match?(auth.info.image)
  60.       rescue Mastodon::UnexpectedResponseError
  61.         user.account.avatar_remote_url = nil
  62.       end
  63. 

  64.       user.confirm! if email_is_verified
  65.       user.save!
  66.       user
  67.     end
  68. 

  69.     private
  70. 

  71.     def user_params_from_auth(email, auth)
  72.       {
  73.         email: email || "#{TEMP_EMAIL_PREFIX}-#{auth.uid}-#{auth.provider}.com",
  74.         agreement: true,
  75.         external: true,
  76.         account_attributes: {
  77.           username: ensure_unique_username(ensure_valid_username(auth.uid)),
  78.           display_name: auth.info.full_name || auth.info.name || [auth.info.first_name, auth.info.last_name].join(' '),
  79.         },
  80.       }
  81.     end
  82. 

  83.     def ensure_unique_username(starting_username)
  84.       username = starting_username
  85.       i        = 0

  86. 

  87.       while Account.exists?(username: username, domain: nil)
  88.         i       += 1

  89.         username = "#{starting_username}_#{i}"
  90.       end
  91. 

  92.       username
  93.     end
  94. 

  95.     def ensure_valid_username(starting_username)
  96.       starting_username = starting_username.split('@')[0]
  97.       temp_username = starting_username.gsub(/[^a-z0-9_]+/i, '')
  98.       temp_username.truncate(30, omission: '')
  99.     end
  100.   end
  101. end