Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

DEV: Add verbose logging for google oauth (#29459)

This commit is contained in:
Natalie Tay 2024-11-08 11:03:17 +08:00 committed by GitHub
parent 1d9f064d83
commit 6c36af9f62
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 18 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
config/locales/server.en.yml
View File

@ -2006,6 +2006,7 @@ en:
google_oauth2_hd_groups: "Retrieve users' Google groups on the hosted domain on authentication. Retrieved Google groups can be used to grant automatic Discourse group membership (see group settings). For more information see https://meta.discourse.org/t/226850"
google_oauth2_hd_groups_service_account_admin_email: "An email address belonging to a Google Workspace administrator account. Will be used with the service account credentials to fetch group information."
google_oauth2_hd_groups_service_account_json: "JSON formatted key information for the Service Account. Will be used to fetch group information."
google_oauth2_verbose_logging: "Log verbose Google OAuth2 related diagnostics to <a href='%{base_path}/logs' target='_blank'>/logs</a>"
enable_twitter_logins: "Enable Twitter authentication, requires twitter_consumer_key and twitter_consumer_secret. See <a href='https://meta.discourse.org/t/13395' target='_blank'>Configuring Twitter login (and rich embeds) for Discourse</a>."
twitter_consumer_key: "Consumer key for Twitter authentication, registered at <a href='https://developer.twitter.com/apps' target='_blank'>https://developer.twitter.com/apps</a>"

2
config/site_settings.yml
View File

@ -494,6 +494,8 @@ login:
google_oauth2_hd_groups_service_account_json:
default: ""
textarea: true
google_oauth2_verbose_logging:
default: false
enable_twitter_logins:
default: false
twitter_consumer_key:

22
lib/auth/google_oauth2_authenticator.rb
View File

@ -24,23 +24,31 @@ class Auth::GoogleOAuth2Authenticator < Auth::ManagedAuthenticator
options = {
setup:
lambda do |env|
strategy = env["omniauth.strategy"]
strategy.options[:client_id] = SiteSetting.google_oauth2_client_id
strategy.options[:client_secret] = SiteSetting.google_oauth2_client_secret
opts = env["omniauth.strategy"].options
opts[:client_id] = SiteSetting.google_oauth2_client_id
opts[:client_secret] = SiteSetting.google_oauth2_client_secret
if (google_oauth2_hd = SiteSetting.google_oauth2_hd).present?
strategy.options[:hd] = google_oauth2_hd
opts[:hd] = google_oauth2_hd
end
if (google_oauth2_prompt = SiteSetting.google_oauth2_prompt).present?
strategy.options[:prompt] = google_oauth2_prompt.gsub("|", " ")
opts[:prompt] = google_oauth2_prompt.gsub("|", " ")
end
opts[:client_options][:connection_build] = lambda do |builder|
if SiteSetting.google_oauth2_verbose_logging
builder.response :logger,
Rails.logger,
{ bodies: true, formatter: Auth::OauthFaradayFormatter }
end
builder.request :url_encoded
builder.adapter FinalDestination::FaradayAdapter
end
# All the data we need for the `info` and `credentials` auth hash
# are obtained via the user info API, not the JWT. Using and verifying
# the JWT can fail due to clock skew, so let's skip it completely.
# https://github.com/zquestz/omniauth-google-oauth2/pull/392
strategy.options[:skip_jwt] = true
opts[:skip_jwt] = true
end,
}
omniauth.provider :google_oauth2, options