diff --git a/app/controllers/users/omniauth_callbacks_controller.rb b/app/controllers/users/omniauth_callbacks_controller.rb index 719871eae..05bb4c6f8 100644 --- a/app/controllers/users/omniauth_callbacks_controller.rb +++ b/app/controllers/users/omniauth_callbacks_controller.rb @@ -1,11 +1,32 @@ class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController - def office365 - # Handle Office 365 callback - end + def office365 + log_omniauth_data + check_omniauth_auth + end - def failure - redirect_to root_path + def google_oauth2 + log_omniauth_data + check_omniauth_auth + end + + def keycloak_openid + log_omniauth_data + check_omniauth_auth + end + + def oauth2 + log_omniauth_data + @user = User.from_omniauth(request.env["omniauth.auth"]) + sign_in_and_redirect @user, event: :authentication + set_flash_message(:notice, :success, kind: "OAuth2") if is_navigational_format? + check_omniauth_auth + end + + def okta + Rails.logger.debug "OmniAuth auth data: #{request.env['omniauth.auth'].inspect}" + session[:oktastate] = request.env["omniauth.auth"]["uid"] + check_omniauth_auth end def passthru @@ -20,6 +41,11 @@ def failure redirect_to after_omniauth_failure_path_for(resource_name) end + def log_omniauth_data + Rails.logger.debug "OmniAuth auth data: #{request.env['omniauth.auth'].inspect}" + Rails.logger.debug "Request environment: #{request.env.inspect}" + end + private def check_omniauth_auth diff --git a/app/models/user.rb b/app/models/user.rb index d08e51bd9..487850596 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -398,23 +398,41 @@ def preference_url url end + # def self.from_omniauth(auth) + # if where(email: auth.info.email || "#{auth.uid}@#{auth.provider}.com").present? + # where(email: auth.info.email || "#{auth.uid}@#{auth.provider}.com").first do |user| + # user.provider = auth.provider + # user.uid = auth.uid + # user.first_name = auth.info.first_name rescue nil + # user.last_name = auth.info.last_name rescue nil + # user.email = auth.info.email || "#{auth.uid}@#{auth.provider}.com" + # user.login = auth.info.email || "#{auth.uid}@#{auth.provider}.com" + # user.first_name ||= user.login + # user.last_name ||= user.login + # user.password = Devise.friendly_token[0, 20] + # end + # else + # nil + # end + # end + def self.from_omniauth(auth) - if where(email: auth.info.email || "#{auth.uid}@#{auth.provider}.com").present? - where(email: auth.info.email || "#{auth.uid}@#{auth.provider}.com").first do |user| - user.provider = auth.provider - user.uid = auth.uid - user.first_name = auth.info.first_name rescue nil - user.last_name = auth.info.last_name rescue nil - user.email = auth.info.email || "#{auth.uid}@#{auth.provider}.com" - user.login = auth.info.email || "#{auth.uid}@#{auth.provider}.com" - user.first_name ||= user.login - user.last_name ||= user.login - user.password = Devise.friendly_token[0, 20] - end - else - nil + user = where(email: auth.info.email || "#{auth.uid}@#{auth.provider}.com").first_or_initialize do |user| + user.provider = auth.provider + user.uid = auth.uid + user.first_name = auth.info.first_name if auth.info.first_name.present? + user.last_name = auth.info.last_name if auth.info.last_name.present? + user.email = auth.info.email || "#{auth.uid}@#{auth.provider}.com" + user.login = auth.info.email || "#{auth.uid}@#{auth.provider}.com" + user.first_name ||= user.login + user.last_name ||= user.login + user.password = Devise.friendly_token[0, 20] if user.new_record? end + + user.save if user.changed? + user end + def password_complexity return unless self.changes.has_key?("password") diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index 3596f34b6..ced604daf 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -1,5 +1,6 @@ # require 'omniauth-oktaoauth' require Rails.root.join("lib", "omniauth", "strategies","office365.rb") +require Rails.root.join("lib", "omniauth", "strategies","keycloak_openid.rb") # frozen_string_literal: true @@ -262,25 +263,30 @@ # up on your models and hooks. # config.omniauth :github, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo' -# config.omniauth :keycloak_openid, -# ENV['KEYCLOAK_CLIENT_ID'], -# ENV['KEYCLOAK_CLIENT_SECRET'], -# client_options: { site: ENV['KEYCLOAK_SITE'] }, -# scope: 'openid email', -# redirect_uri: "https://mpath-qa.microhealthllc.com/auth/keycloak/callback" - -config.omniauth :office365, - ENV['OFFICE365_CLIENT_ID'], - ENV['OFFICE365_CLIENT_SECRET'], - { - scope: 'openid profile email offline_access https://graph.microsoft.com/email', + config.omniauth( :keycloak_openid, + ENV['KEYCLOAK_CLIENT_ID'], + ENV['KEYCLOAK_CLIENT_SECRET'], client_options: { - site: 'https://login.microsoftonline.com', - authorize_url: '/common/oauth2/v2.0/authorize', - token_url: '/common/oauth2/v2.0/token' - } - } - + site: 'https://keycloak.microhealthllc.com', + realm: 'master', + }, + scope: [:openid, :profile, :email], + :strategy_class => OmniAuth::Strategies::KeycloakOpenId + ) + + config.omniauth(:office365, + ENV['OFFICE365_KEY'], + ENV['OFFICE365_SECRET'], + :scope => 'openid profile email offline_access user.read mail.read', + :client_options => { + :site => 'https://graph.microsoft.com/v1.0', + :authorize_url => 'https://login.microsoftonline.com/common/oauth2/v2.0/authorize', + :token_url => 'https://login.microsoftonline.com/common/oauth2/v2.0/token' + }, + provider_ignores_state: true, + prompt: :select_account + ) + config.omniauth( :oauth2, ENV['KEYCLOAK_CLIENT_ID'], ENV['KEYCLOAK_CLIENT_SECRET'], @@ -292,9 +298,7 @@ authorize_url: "/realms/#{ENV['KEYCLOAK_REALM'] || 'master'}/protocol/openid-connect/auth", token_url: "/realms/#{ENV['KEYCLOAK_REALM'] || 'master'}/protocol/openid-connect/token" }, - strategy_class: OmniAuth::Strategies::OAuth2 - # redirect_uri: " -https://mpath-qa.microhealthllc.com/users/auth/oauth2/callback" + strategy_class: OmniAuth::Strategies::OAuth2 ) config.omniauth :google_oauth2, ENV['GOOGLE_OAUTH_KEY'], ENV['GOOGLE_OAUTH_SECRET'], provider_ignores_state: true