nekobus
/
mastodon_neko
forked from closed-social/mastodon
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
闭社主体 forked from https://github.com/tootsuite/mastodon
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6064 Commits
2 Branches
112 MiB
Tree: b95d944625
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'b95d944625'
${ noResults }
mastodon_neko/app/models/concerns/omniauthable.rb

85 lines
2.7 KiB
Raw Normal View History

CAS + SAML authentication feature (#6425) * Cas authentication feature * Config * Remove class_eval + Omniauth initializer * Codeclimate review * Codeclimate review 2 * Codeclimate review 3 * Remove uid/email reconciliation * SAML authentication * Clean up code * Improve login form * Fix code style issues * Add locales
6 years ago
New variable OAUTH_REDIRECT_AT_SIGN_IN + Ref #6538 (not only SAML strategies) (#6540)
6 years ago
New env variable: SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED + fixes #6533 (#6538)
6 years ago
Add additional first_name and last_name SAML attribute statement options, and modify Omniauthable concern to use full_name or first_name + last_name if not available (#6669)
6 years ago
CAS + SAML authentication feature (#6425) * Cas authentication feature * Config * Remove class_eval + Omniauth initializer * Codeclimate review * Codeclimate review 2 * Codeclimate review 3 * Remove uid/email reconciliation * SAML authentication * Clean up code * Improve login form * Fix code style issues * Add locales
6 years ago
Add additional first_name and last_name SAML attribute statement options, and modify Omniauthable concern to use full_name or first_name + last_name if not available (#6669)
6 years ago
CAS + SAML authentication feature (#6425) * Cas authentication feature * Config * Remove class_eval + Omniauth initializer * Codeclimate review * Codeclimate review 2 * Codeclimate review 3 * Remove uid/email reconciliation * SAML authentication * Clean up code * Improve login form * Fix code style issues * Add locales
6 years ago
 
  1. # frozen_string_literal: true
  2. 

  3. module Omniauthable
  4.   extend ActiveSupport::Concern
  5. 

  6.   TEMP_EMAIL_PREFIX = 'change@me'
  7.   TEMP_EMAIL_REGEX = /\Achange@me/
  8. 

  9.   included do
  10.     def omniauth_providers
  11.       Devise.omniauth_configs.keys
  12.     end
  13. 

  14.     def email_verified?
  15.       email && email !~ TEMP_EMAIL_REGEX
  16.     end
  17.   end
  18. 

  19.   class_methods do
  20.     def find_for_oauth(auth, signed_in_resource = nil)
  21.       # EOLE-SSO Patch
  22.       auth.uid = (auth.uid[0][:uid] || auth.uid[0][:user]) if auth.uid.is_a? Hashie::Array
  23.       identity = Identity.find_for_oauth(auth)
  24. 

  25.       # If a signed_in_resource is provided it always overrides the existing user
  26.       # to prevent the identity being locked with accidentally created accounts.
  27.       # Note that this may leave zombie accounts (with no associated identity) which
  28.       # can be cleaned up at a later date.
  29.       user = signed_in_resource ? signed_in_resource : identity.user
  30.       user = create_for_oauth(auth) if user.nil?
  31. 

  32.       if identity.user.nil?
  33.         identity.user = user
  34.         identity.save!
  35.       end
  36. 

  37.       user
  38.     end
  39. 

  40.     def create_for_oauth(auth)
  41.       # Check if the user exists with provided email if the provider gives us a
  42.       # verified email.  If no verified email was provided or the user already
  43.       # exists, we assign a temporary email and ask the user to verify it on
  44.       # the next step via Auth::ConfirmationsController.finish_signup
  45. 

  46.       user = User.new(user_params_from_auth(auth))
  47.       user.account.avatar_remote_url = auth.info.image if auth.info.image =~ /\A#{URI.regexp(%w(http https))}\z/
  48.       user.skip_confirmation!
  49.       user.save!
  50.       user
  51.     end
  52. 

  53.     private
  54. 

  55.     def user_params_from_auth(auth)
  56.       strategy          = Devise.omniauth_configs[auth.provider.to_sym].strategy
  57.       assume_verified   = strategy.try(:security).try(:assume_email_is_verified)
  58.       email_is_verified = auth.info.verified || auth.info.verified_email || assume_verified
  59.       email             = auth.info.verified_email || auth.info.email
  60.       email             = email_is_verified && !User.exists?(email: auth.info.email) && email
  61.       display_name      = auth.info.full_name || [auth.info.first_name, auth.info.last_name].join(' ')
  62. 

  63.       {
  64.         email: email ? email : "#{TEMP_EMAIL_PREFIX}-#{auth.uid}-#{auth.provider}.com",
  65.         password: Devise.friendly_token[0, 20],
  66.         account_attributes: {
  67.           username: ensure_unique_username(auth.uid),
  68.           display_name: display_name,
  69.         },
  70.       }
  71.     end
  72. 

  73.     def ensure_unique_username(starting_username)
  74.       username = starting_username
  75.       i        = 0

  76. 

  77.       while Account.exists?(username: username)
  78.         i       += 1

  79.         username = "#{starting_username}_#{i}"
  80.       end
  81. 

  82.       username
  83.     end
  84.   end
  85. end