chandrn7
a6ed6845c9
Allow login through OpenID Connect ( #16221 )
* added OpenID Connect as an SSO option
* minor fixes
* added comments, removed an option that shouldn't be set
* fixed Gemfile.lock
* added newline to end of Gemfile.lock
* removed tab from Gemfile.lock
* remove chomp
* codeclimate changes and small name change to make function's purpose clearer
* codeclimate fix
* added SSO buttons to /about page
* minor refactor
* minor style change
* removed spurious change
* removed unecessary conditional from ensure_valid_username and added support for auth.info.name in user_params_from_auth
* minor changes
2 years ago
Josh Soref
b5329e0035
Spelling ( #17705 )
* spelling: account
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: affiliated
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: appearance
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: autosuggest
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: cacheable
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: component
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: conversations
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: domain.example
Clarify what's distinct and use RFC friendly domain space.
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: environment
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: exceeds
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: functional
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: inefficiency
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: not
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: notifications
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: occurring
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: position
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: progress
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: promotable
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: reblogging
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: repetitive
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: resolve
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: saturated
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: similar
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: strategies
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: success
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: targeting
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: thumbnails
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: unauthorized
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: unsensitizes
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: validations
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: various
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
2 years ago
Claire
cfa583fa71
Remove support for OAUTH_REDIRECT_AT_SIGN_IN ( #17287 )
Fixes #15959
Introduced in #6540 , OAUTH_REDIRECT_AT_SIGN_IN allowed skipping the log-in form
to instead redirect to the external OmniAuth login provider.
However, it did not prevent the log-in form on /about introduced by #10232 from
appearing, and completely broke with the introduction of #15228 .
As I restoring that previous log-in flow without introducing a security
vulnerability may require extensive care and knowledge of how OmniAuth works,
this commit removes support for OAUTH_REDIRECT_AT_SIGN_IN instead for the time
being.
2 years ago
Daniel
2ed1c92c63
New env variable: CAS_SECURITY_ASSUME_EMAIL_IS_VERIFIED ( #16655 )
When using a CAS server, the users only have a temporary email
`change@me-foo-cas.com` which can't be changed but by an
administrator.
We need a new environment variable like for SAML to assume the email
from CAS is verified.
* config/initializers/omniauth.rb: define CAS option for assuming
email are always verified.
* .env.nanobox: add new variable as an example.
3 years ago
kaiyou
f47c177eb7
Support clock drift in Omniauth SAML provider ( #15511 )
The setting is not well documented by the provider, but allows for
clock skew between SP and IDP, see:
https://github.com/omniauth/omniauth-saml/blob/master/spec/omniauth/strategies/saml_spec.rb
Co-authored-by: kaiyou <dev@kaiyou.fr>
3 years ago
Eric
7169928f96
cas_options :validate_url should be :service_validate_url ( #10328 )
Otherwise, no matter what is given for CAS_VALIDATE_URL the default /serviceValidate path would be used.
5 years ago
aus-social
0a4739c732
lint pass 2 ( #8878 )
* Code quality pass
* Typofix
* Update applications_controller_spec.rb
* Update applications_controller_spec.rb
6 years ago
aus-social
1f98eae1cf
Lint pass ( #8876 )
6 years ago
Effy Elden
dd9d00d293
Add additional first_name and last_name SAML attribute statement options, and modify Omniauthable concern to use full_name or first_name + last_name if not available ( #6669 )
6 years ago
Ghislain Loaec
e668180044
New variable OAUTH_REDIRECT_AT_SIGN_IN + Ref #6538 (not only SAML strategies) ( #6540 )
6 years ago
Ghislain Loaec
3084fe4959
New env variable: SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED + fixes #6533 ( #6538 )
6 years ago
Eugen Rochko
26f21fd5a0
CAS + SAML authentication feature ( #6425 )
* Cas authentication feature
* Config
* Remove class_eval + Omniauth initializer
* Codeclimate review
* Codeclimate review 2
* Codeclimate review 3
* Remove uid/email reconciliation
* SAML authentication
* Clean up code
* Improve login form
* Fix code style issues
* Add locales
6 years ago