commit
46389754d6
1
Gemfile
1
Gemfile
|
@ -45,6 +45,7 @@ gem 'omniauth-facebook'
|
||||||
gem 'omniauth-twitter'
|
gem 'omniauth-twitter'
|
||||||
gem 'omniauth-github'
|
gem 'omniauth-github'
|
||||||
gem 'omniauth-browserid', git: 'https://github.com/callahad/omniauth-browserid.git', branch: 'observer_api'
|
gem 'omniauth-browserid', git: 'https://github.com/callahad/omniauth-browserid.git', branch: 'observer_api'
|
||||||
|
gem 'omniauth-cas'
|
||||||
gem 'oj'
|
gem 'oj'
|
||||||
gem 'pg'
|
gem 'pg'
|
||||||
# we had pain with the 3.2.13 upgrade so monkey patch the security fix
|
# we had pain with the 3.2.13 upgrade so monkey patch the security fix
|
||||||
|
|
|
@ -7,6 +7,9 @@
|
||||||
{{#if Discourse.SiteSettings.enable_facebook_logins}}
|
{{#if Discourse.SiteSettings.enable_facebook_logins}}
|
||||||
<button class="btn btn-social facebook" title="{{i18n login.facebook.title}}" {{action "facebookLogin" target="view"}}>{{i18n login.facebook.title}}</button>
|
<button class="btn btn-social facebook" title="{{i18n login.facebook.title}}" {{action "facebookLogin" target="view"}}>{{i18n login.facebook.title}}</button>
|
||||||
{{/if}}
|
{{/if}}
|
||||||
|
{{#if Discourse.SiteSettings.enable_cas_logins}}
|
||||||
|
<button class="btn btn-social cas" title="{{i18n login.cas.title}}" {{action "casLogin" target="view"}}>{{i18n login.cas.title}}</button>
|
||||||
|
{{/if}}
|
||||||
{{#if Discourse.SiteSettings.enable_twitter_logins}}
|
{{#if Discourse.SiteSettings.enable_twitter_logins}}
|
||||||
<button class="btn btn-social twitter" title="{{i18n login.twitter.title}}" {{action "twitterLogin" target="view"}}>{{i18n login.twitter.title}}</button>
|
<button class="btn btn-social twitter" title="{{i18n login.twitter.title}}" {{action "twitterLogin" target="view"}}>{{i18n login.twitter.title}}</button>
|
||||||
{{/if}}
|
{{/if}}
|
||||||
|
@ -20,6 +23,9 @@
|
||||||
<button class="btn btn-social persona" title="{{i18n login.persona.title}}" {{action "personaLogin" target="view"}}>{{i18n login.persona.title}}</button>
|
<button class="btn btn-social persona" title="{{i18n login.persona.title}}" {{action "personaLogin" target="view"}}>{{i18n login.persona.title}}</button>
|
||||||
{{/if}}
|
{{/if}}
|
||||||
</div>
|
</div>
|
||||||
|
{{/if}}
|
||||||
|
{{#if Discourse.SiteSettings.enable_local_logins}}
|
||||||
|
{{#if view.hasAtLeastOneLoginButton}}
|
||||||
<h3 style="text-align:center; margin-bottom:10px;">{{i18n login.or}}</h3>
|
<h3 style="text-align:center; margin-bottom:10px;">{{i18n login.or}}</h3>
|
||||||
{{/if}}
|
{{/if}}
|
||||||
<form id='login-form'>
|
<form id='login-form'>
|
||||||
|
@ -44,6 +50,7 @@
|
||||||
</table>
|
</table>
|
||||||
</div>
|
</div>
|
||||||
</form>
|
</form>
|
||||||
|
{{/if}}
|
||||||
{{view.authMessage}}
|
{{view.authMessage}}
|
||||||
<div id='login-alert' {{bindAttr class="view.alertClass"}}>{{view.alert}}</div>
|
<div id='login-alert' {{bindAttr class="view.alertClass"}}>{{view.alert}}</div>
|
||||||
</div>
|
</div>
|
||||||
|
@ -51,7 +58,9 @@
|
||||||
{{#if view.authenticate}}
|
{{#if view.authenticate}}
|
||||||
{{i18n login.authenticating}}
|
{{i18n login.authenticating}}
|
||||||
{{/if}}
|
{{/if}}
|
||||||
|
{{#if Discourse.SiteSettings.enable_local_logins}}
|
||||||
<button class='btn btn-large btn-primary' {{bindAttr disabled="view.loginDisabled"}} {{action login target="view"}}><i class="icon-unlock"></i> {{view.loginButtonText}}</button>
|
<button class='btn btn-large btn-primary' {{bindAttr disabled="view.loginDisabled"}} {{action login target="view"}}><i class="icon-unlock"></i> {{view.loginButtonText}}</button>
|
||||||
|
|
||||||
{{i18n create_account.invite}} <a id="new-account-link" {{action newAccount target="view"}}>{{i18n create_account.action}}</a>
|
{{i18n create_account.invite}} <a id="new-account-link" {{action newAccount target="view"}}>{{i18n create_account.action}}</a>
|
||||||
|
{{/if}}
|
||||||
</div>
|
</div>
|
||||||
|
|
|
@ -35,6 +35,7 @@ Discourse.LoginView = Discourse.ModalBodyView.extend({
|
||||||
hasAtLeastOneLoginButton: function() {
|
hasAtLeastOneLoginButton: function() {
|
||||||
return Discourse.SiteSettings.enable_google_logins ||
|
return Discourse.SiteSettings.enable_google_logins ||
|
||||||
Discourse.SiteSettings.enable_facebook_logins ||
|
Discourse.SiteSettings.enable_facebook_logins ||
|
||||||
|
Discourse.SiteSettings.enable_cas_logins ||
|
||||||
Discourse.SiteSettings.enable_twitter_logins ||
|
Discourse.SiteSettings.enable_twitter_logins ||
|
||||||
Discourse.SiteSettings.enable_yahoo_logins ||
|
Discourse.SiteSettings.enable_yahoo_logins ||
|
||||||
Discourse.SiteSettings.enable_github_logins ||
|
Discourse.SiteSettings.enable_github_logins ||
|
||||||
|
@ -106,6 +107,14 @@ Discourse.LoginView = Discourse.ModalBodyView.extend({
|
||||||
return window.open(Discourse.getURL("/auth/facebook"), "_blank", "menubar=no,status=no,height=400,width=800,left=" + left + ",top=" + top);
|
return window.open(Discourse.getURL("/auth/facebook"), "_blank", "menubar=no,status=no,height=400,width=800,left=" + left + ",top=" + top);
|
||||||
},
|
},
|
||||||
|
|
||||||
|
casLogin: function() {
|
||||||
|
var left, top;
|
||||||
|
this.set('authenticate', 'cas');
|
||||||
|
left = this.get('lastX') - 400;
|
||||||
|
top = this.get('lastY') - 200;
|
||||||
|
return window.open("/auth/cas", "_blank", "menubar=no,status=no,height=400,width=800,left=" + left + ",top=" + top);
|
||||||
|
},
|
||||||
|
|
||||||
openidLogin: function(provider) {
|
openidLogin: function(provider) {
|
||||||
var left = this.get('lastX') - 400;
|
var left = this.get('lastX') - 400;
|
||||||
var top = this.get('lastY') - 200;
|
var top = this.get('lastY') - 200;
|
||||||
|
|
|
@ -156,6 +156,9 @@
|
||||||
content: "f";
|
content: "f";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
&.cas {
|
||||||
|
background: $cas;
|
||||||
|
}
|
||||||
&.twitter {
|
&.twitter {
|
||||||
background: $twitter;
|
background: $twitter;
|
||||||
&:before {
|
&:before {
|
||||||
|
|
|
@ -121,6 +121,7 @@ $black: #000 !default;
|
||||||
$white: #fff !default;
|
$white: #fff !default;
|
||||||
$google: #5b76f7 !default;
|
$google: #5b76f7 !default;
|
||||||
$facebook: #3b5998 !default;
|
$facebook: #3b5998 !default;
|
||||||
|
$cas: #70BA61 !default;
|
||||||
$twitter: #00bced !default;
|
$twitter: #00bced !default;
|
||||||
$yahoo: #810293 !default;
|
$yahoo: #810293 !default;
|
||||||
$github: #6d6d6d !default;
|
$github: #6d6d6d !default;
|
||||||
|
|
|
@ -7,7 +7,7 @@ class Users::OmniauthCallbacksController < ApplicationController
|
||||||
layout false
|
layout false
|
||||||
|
|
||||||
def self.types
|
def self.types
|
||||||
@types ||= Enum.new(:facebook, :twitter, :google, :yahoo, :github, :persona)
|
@types ||= Enum.new(:facebook, :twitter, :google, :yahoo, :github, :persona, :cas)
|
||||||
end
|
end
|
||||||
|
|
||||||
# need to be able to call this
|
# need to be able to call this
|
||||||
|
@ -142,6 +142,58 @@ class Users::OmniauthCallbacksController < ApplicationController
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def create_or_sign_on_user_using_cas(auth_token)
|
||||||
|
logger.error "authtoken #{auth_token}"
|
||||||
|
email = "#{auth_token[:extra][:user]}@evergreen.edu"
|
||||||
|
username = auth_token[:extra][:user]
|
||||||
|
name = auth_token["uid"]
|
||||||
|
cas_user_id = auth_token["uid"]
|
||||||
|
|
||||||
|
session[:authentication] = {
|
||||||
|
cas: {
|
||||||
|
cas_user_id: cas_user_id ,
|
||||||
|
username: username
|
||||||
|
},
|
||||||
|
email: email,
|
||||||
|
email_valid: true
|
||||||
|
}
|
||||||
|
|
||||||
|
user_info = CasUserInfo.where(:cas_user_id => cas_user_id ).first
|
||||||
|
|
||||||
|
@data = {
|
||||||
|
username: username,
|
||||||
|
name: name,
|
||||||
|
email: email,
|
||||||
|
auth_provider: "CAS",
|
||||||
|
email_valid: true
|
||||||
|
}
|
||||||
|
|
||||||
|
if user_info
|
||||||
|
user = user_info.user
|
||||||
|
if user
|
||||||
|
unless user.active
|
||||||
|
user.active = true
|
||||||
|
user.save
|
||||||
|
end
|
||||||
|
log_on_user(user)
|
||||||
|
@data[:authenticated] = true
|
||||||
|
end
|
||||||
|
else
|
||||||
|
user = User.where(email: email).first
|
||||||
|
if user
|
||||||
|
CasUserInfo.create!(session[:authentication][:cas].merge(user_id: user.id))
|
||||||
|
unless user.active
|
||||||
|
user.active = true
|
||||||
|
user.save
|
||||||
|
end
|
||||||
|
log_on_user(user)
|
||||||
|
@data[:authenticated] = true
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
end
|
||||||
|
|
||||||
|
|
||||||
def create_or_sign_on_user_using_openid(auth_token)
|
def create_or_sign_on_user_using_openid(auth_token)
|
||||||
|
|
||||||
data = auth_token[:info]
|
data = auth_token[:info]
|
||||||
|
|
|
@ -0,0 +1,5 @@
|
||||||
|
class CasUserInfo < ActiveRecord::Base
|
||||||
|
attr_accessible :email, :cas_user_id, :first_name, :gender, :last_name, :name, :user_id, :username, :link
|
||||||
|
belongs_to :user
|
||||||
|
|
||||||
|
end
|
|
@ -132,6 +132,9 @@ class SiteSetting < ActiveRecord::Base
|
||||||
|
|
||||||
setting(:send_welcome_message, true)
|
setting(:send_welcome_message, true)
|
||||||
|
|
||||||
|
client_setting(:enable_local_logins, true)
|
||||||
|
client_setting(:enable_local_account_create, true)
|
||||||
|
|
||||||
client_setting(:enable_google_logins, true)
|
client_setting(:enable_google_logins, true)
|
||||||
client_setting(:enable_yahoo_logins, true)
|
client_setting(:enable_yahoo_logins, true)
|
||||||
|
|
||||||
|
@ -143,6 +146,10 @@ class SiteSetting < ActiveRecord::Base
|
||||||
setting(:facebook_app_id, '')
|
setting(:facebook_app_id, '')
|
||||||
setting(:facebook_app_secret, '')
|
setting(:facebook_app_secret, '')
|
||||||
|
|
||||||
|
client_setting(:enable_cas_logins, false)
|
||||||
|
setting(:cas_hostname, '')
|
||||||
|
setting(:cas_domainname, '')
|
||||||
|
|
||||||
client_setting(:enable_github_logins, false)
|
client_setting(:enable_github_logins, false)
|
||||||
setting(:github_client_id, '')
|
setting(:github_client_id, '')
|
||||||
setting(:github_client_secret, '')
|
setting(:github_client_secret, '')
|
||||||
|
|
|
@ -27,6 +27,7 @@ class User < ActiveRecord::Base
|
||||||
|
|
||||||
has_one :twitter_user_info, dependent: :destroy
|
has_one :twitter_user_info, dependent: :destroy
|
||||||
has_one :github_user_info, dependent: :destroy
|
has_one :github_user_info, dependent: :destroy
|
||||||
|
has_one :cas_user_info, dependent: :destroy
|
||||||
belongs_to :approved_by, class_name: 'User'
|
belongs_to :approved_by, class_name: 'User'
|
||||||
|
|
||||||
has_many :group_users
|
has_many :group_users
|
||||||
|
|
|
@ -45,4 +45,7 @@ Rails.application.config.middleware.use OmniAuth::Builder do
|
||||||
provider :browser_id,
|
provider :browser_id,
|
||||||
:name => 'persona'
|
:name => 'persona'
|
||||||
|
|
||||||
|
provider :cas,
|
||||||
|
:host => SiteSetting.cas_hostname
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
|
@ -316,6 +316,9 @@ en:
|
||||||
facebook:
|
facebook:
|
||||||
title: "with Facebook"
|
title: "with Facebook"
|
||||||
message: "Authenticating with Facebook (make sure pop up blockers are not enabled)"
|
message: "Authenticating with Facebook (make sure pop up blockers are not enabled)"
|
||||||
|
cas:
|
||||||
|
title: "Log In with CAS"
|
||||||
|
message: "Authenticating with CAS (make sure pop up blockers are not enabled)"
|
||||||
yahoo:
|
yahoo:
|
||||||
title: "with Yahoo"
|
title: "with Yahoo"
|
||||||
message: "Authenticating with Yahoo (make sure pop up blockers are not enabled)"
|
message: "Authenticating with Yahoo (make sure pop up blockers are not enabled)"
|
||||||
|
|
|
@ -379,6 +379,7 @@ en:
|
||||||
queue_size_warning: 'The number of queued jobs is %{queue_size}, which is high. This could indicate a problem with the Sidekiq process(es), or you may need to add more Sidekiq workers.'
|
queue_size_warning: 'The number of queued jobs is %{queue_size}, which is high. This could indicate a problem with the Sidekiq process(es), or you may need to add more Sidekiq workers.'
|
||||||
memory_warning: 'Your server is running with less than 1 GB of total memory. At least 1 GB of memory is recommended.'
|
memory_warning: 'Your server is running with less than 1 GB of total memory. At least 1 GB of memory is recommended.'
|
||||||
facebook_config_warning: 'The server is configured to allow signup and log in with Facebook (enable_facebook_logins), but the app id and app secret values are not set. Go to <a href="/admin/site_settings">the Site Settings</a> and update the settings. <a href="https://github.com/discourse/discourse/wiki/The-Discourse-Admin-Quick-Start-Guide#enable-facebook-logins" target="_blank">See this guide to learn more</a>.'
|
facebook_config_warning: 'The server is configured to allow signup and log in with Facebook (enable_facebook_logins), but the app id and app secret values are not set. Go to <a href="/admin/site_settings">the Site Settings</a> and update the settings. <a href="https://github.com/discourse/discourse/wiki/The-Discourse-Admin-Quick-Start-Guide#enable-facebook-logins" target="_blank">See this guide to learn more</a>.'
|
||||||
|
cas_config_warning: 'The server is configured to allow signup and log in with CAS (enable_cas_logins), but the hostname and domain name values are not set.'
|
||||||
twitter_config_warning: 'The server is configured to allow signup and log in with Twitter (enable_twitter_logins), but the key and secret values are not set. Go to <a href="/admin/site_settings">the Site Settings</a> and update the settings. <a href="https://github.com/discourse/discourse/wiki/The-Discourse-Admin-Quick-Start-Guide#enable-twitter-logins" target="_blank">See this guide to learn more</a>.'
|
twitter_config_warning: 'The server is configured to allow signup and log in with Twitter (enable_twitter_logins), but the key and secret values are not set. Go to <a href="/admin/site_settings">the Site Settings</a> and update the settings. <a href="https://github.com/discourse/discourse/wiki/The-Discourse-Admin-Quick-Start-Guide#enable-twitter-logins" target="_blank">See this guide to learn more</a>.'
|
||||||
github_config_warning: 'The server is configured to allow signup and log in with GitHub (enable_github_logins), but the client id and secret values are not set. Go to <a href="/admin/site_settings">the Site Settings</a> and update the settings. <a href="https://github.com/discourse/discourse/wiki/The-Discourse-Admin-Quick-Start-Guide" target="_blank">See this guide to learn more</a>.'
|
github_config_warning: 'The server is configured to allow signup and log in with GitHub (enable_github_logins), but the client id and secret values are not set. Go to <a href="/admin/site_settings">the Site Settings</a> and update the settings. <a href="https://github.com/discourse/discourse/wiki/The-Discourse-Admin-Quick-Start-Guide" target="_blank">See this guide to learn more</a>.'
|
||||||
failing_emails_warning: 'There are %{num_failed_jobs} email jobs that failed. Check your config/environments/production.rb file and ensure that the config.action_mailer settings are correct. <a href="/sidekiq/retries" target="_blank">See the failed jobs in Sidekiq</a>.'
|
failing_emails_warning: 'There are %{num_failed_jobs} email jobs that failed. Check your config/environments/production.rb file and ensure that the config.action_mailer settings are correct. <a href="/sidekiq/retries" target="_blank">See the failed jobs in Sidekiq</a>.'
|
||||||
|
@ -496,6 +497,8 @@ en:
|
||||||
|
|
||||||
# TODO: perhaps we need a way of protecting these settings for hosted solution, global settings ...
|
# TODO: perhaps we need a way of protecting these settings for hosted solution, global settings ...
|
||||||
|
|
||||||
|
enable_local_logins: "Enable local authentication"
|
||||||
|
enable_local_account_create: "Enable local account creation"
|
||||||
enable_google_logins: "Enable Google authentication"
|
enable_google_logins: "Enable Google authentication"
|
||||||
enable_yahoo_logins: "Enable Yahoo authentication"
|
enable_yahoo_logins: "Enable Yahoo authentication"
|
||||||
|
|
||||||
|
@ -507,6 +510,10 @@ en:
|
||||||
facebook_app_id: "App id for Facebook authentication, registered at https://developers.facebook.com/apps"
|
facebook_app_id: "App id for Facebook authentication, registered at https://developers.facebook.com/apps"
|
||||||
facebook_app_secret: "App secret for Facebook authentication, registered at https://developers.facebook.com/apps"
|
facebook_app_secret: "App secret for Facebook authentication, registered at https://developers.facebook.com/apps"
|
||||||
|
|
||||||
|
enable_cas_logins: "Enable CAS authentication"
|
||||||
|
cas_hostname: "Hostname for cas server"
|
||||||
|
cas_domainname: "Domain name generated email addresses for cas server"
|
||||||
|
|
||||||
enable_github_logins: "Enable Github authentication, requires github_client_id and github_client_secret"
|
enable_github_logins: "Enable Github authentication, requires github_client_id and github_client_secret"
|
||||||
github_client_id: "Client id for Github authentication, registered at https://github.com/settings/applications"
|
github_client_id: "Client id for Github authentication, registered at https://github.com/settings/applications"
|
||||||
github_client_secret: "Client secret for Github authentication, registered at https://github.com/settings/applications"
|
github_client_secret: "Client secret for Github authentication, registered at https://github.com/settings/applications"
|
||||||
|
|
|
@ -0,0 +1,19 @@
|
||||||
|
class CreateCasUserInfos < ActiveRecord::Migration
|
||||||
|
def change
|
||||||
|
create_table :cas_user_infos do |t|
|
||||||
|
t.integer :user_id, null: false
|
||||||
|
t.string :cas_user_id, null: false
|
||||||
|
t.string :username, null: false
|
||||||
|
t.string :first_name
|
||||||
|
t.string :last_name
|
||||||
|
t.string :email
|
||||||
|
t.string :gender
|
||||||
|
t.string :name
|
||||||
|
t.string :link
|
||||||
|
|
||||||
|
t.timestamps
|
||||||
|
end
|
||||||
|
add_index :cas_user_infos, :user_id, unique: true
|
||||||
|
add_index :cas_user_infos, :cas_user_id, unique: true
|
||||||
|
end
|
||||||
|
end
|
|
@ -3,7 +3,7 @@ require 'spec_helper'
|
||||||
describe Users::OmniauthCallbacksController do
|
describe Users::OmniauthCallbacksController do
|
||||||
|
|
||||||
let(:auth) { {info: {email: 'eviltrout@made.up.email', name: 'Robin Ward', uid: 123456789}, "extra" => {"raw_info" => {} } } }
|
let(:auth) { {info: {email: 'eviltrout@made.up.email', name: 'Robin Ward', uid: 123456789}, "extra" => {"raw_info" => {} } } }
|
||||||
|
let(:cas_auth) {{ uid: "caluser2", extra: {user: "caluser2"} } }
|
||||||
describe 'invalid provider' do
|
describe 'invalid provider' do
|
||||||
|
|
||||||
it "fails" do
|
it "fails" do
|
||||||
|
@ -54,6 +54,26 @@ describe Users::OmniauthCallbacksController do
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe 'cas' do
|
||||||
|
|
||||||
|
before do
|
||||||
|
request.env["omniauth.auth"] = cas_auth
|
||||||
|
end
|
||||||
|
|
||||||
|
it "fails when cas logins are disabled" do
|
||||||
|
SiteSetting.stubs(:enable_cas_logins?).returns(false)
|
||||||
|
get :complete, provider: 'cas'
|
||||||
|
response.should_not be_success
|
||||||
|
end
|
||||||
|
|
||||||
|
it "succeeds when cas logins are enabled" do
|
||||||
|
SiteSetting.stubs(:enable_cas_logins?).returns(true)
|
||||||
|
get :complete, provider: 'cas'
|
||||||
|
response.should be_success
|
||||||
|
end
|
||||||
|
|
||||||
|
end
|
||||||
|
|
||||||
|
|
||||||
describe 'open id handler' do
|
describe 'open id handler' do
|
||||||
|
|
||||||
|
|
|
@ -13,6 +13,18 @@ describe "users/omniauth_callbacks/complete.html.erb" do
|
||||||
rendered_data["awaiting_activation"].should eq(true)
|
rendered_data["awaiting_activation"].should eq(true)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it "renders cas data " do
|
||||||
|
assign(:data, {username: "username", :auth_provider=> "CAS", :awaiting_activation=>true})
|
||||||
|
|
||||||
|
render
|
||||||
|
|
||||||
|
rendered_data = JSON.parse(rendered.match(/window.opener.Discourse.authenticationComplete\((.*)\)/)[1])
|
||||||
|
|
||||||
|
rendered_data["username"].should eq("username")
|
||||||
|
rendered_data["auth_provider"].should eq("CAS")
|
||||||
|
rendered_data["awaiting_activation"].should eq(true)
|
||||||
|
end
|
||||||
|
|
||||||
it "renders twitter data " do
|
it "renders twitter data " do
|
||||||
assign(:data, {username: "username", :auth_provider=>"Twitter", :awaiting_activation=>true})
|
assign(:data, {username: "username", :auth_provider=>"Twitter", :awaiting_activation=>true})
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue