diff --git a/CHANGELOG.md b/CHANGELOG.md index 8ad4b82f8e..5f82f18c24 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,9 @@ # Changelog +## 0.1.0 + +* `#5558` use openproject-auth_plugins as basis + +## 0.0.1 + * `#5555` Multi-Provider login screens diff --git a/README.md b/README.md index 20610bcb5b..37c29bd8b0 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,8 @@ Adds support for OmniAuth OpenID Connect strategy providers, most importantly Go You will have to add the following lines to your OpenProject's _Gemfile.plugins_ for the time being: + gem "openproject-plugins", :git => "git@github.com:opf/openproject-plugins.git", :branch => "dev" + gem "openproject-auth_plugins", :git => 'git@github.com:finnlabs/openproject-auth_plugins, :branch => 'dev' gem 'omniauth-openid-connect', :git => 'git@github.com:finnlabs/omniauth-openid-connect.git', :branch => 'master' gem 'openproject-openid_connect', :git => 'git@github.com:finnlabs/openproject-openid_connect.git', :branch => 'dev' @@ -30,6 +32,15 @@ Example configuration: google: identifier: "9295222hfbiu2btgu3b4i.apps.googleusercontent.com" secret: "4z389thugh334t8h" + icon: "openid_connect/auth_provider-google.png" + display_name: "Google" + +The last two attributes are commonly available for all providers. +They are used to change a provider's look. + +Note that `openid_connect/auth_provider-google.png` is the one custom provider icon this plugin has out of the box. Other icons you will have to add yourself. + +`display_name` changes a provider's label shown to the user. ### Settings diff --git a/app/assets/stylesheets/openid_connect/openid_connect.css.sass b/app/assets/stylesheets/openid_connect/openid_connect.css.sass deleted file mode 100644 index ff43dacd1a..0000000000 --- a/app/assets/stylesheets/openid_connect/openid_connect.css.sass +++ /dev/null @@ -1,31 +0,0 @@ -/*-- copyright - * OpenProject is a project management system. - * Copyright (C) 2012-2014 the OpenProject Foundation (OPF) - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License version 3. - * - * OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows: - * Copyright (C) 2006-2013 Jean-Philippe Lang - * Copyright (C) 2010-2013 the ChiliProject Team - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; either version 2 - * of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - * - * See doc/COPYRIGHT.rdoc for more details. ++ - */ - -#content, #top-menu #nav-login-content - .login-auth-providers a.auth-provider.auth-provider-google - background-image: url(image-path('openid_connect/auth_provider-google.png')) diff --git a/app/views/hooks/login/_providers.html.erb b/app/views/hooks/login/_providers.html.erb deleted file mode 100644 index 92a166e5e9..0000000000 --- a/app/views/hooks/login/_providers.html.erb +++ /dev/null @@ -1,14 +0,0 @@ -<% OmniAuth::OpenIDConnect::Provider.available.each do |pro| %> - <% - opts = { - :controller => '/auth', - :action => pro.provider_name - } - if params["back_url"] - opts[:origin] = params["back_url"] - end - %> - - <%= pro.provider_name.camelize %> - -<% end %> diff --git a/lib/omniauth/openid_connect/provider.rb b/lib/omniauth/openid_connect/provider.rb index 891a02d4d3..c62740de04 100644 --- a/lib/omniauth/openid_connect/provider.rb +++ b/lib/omniauth/openid_connect/provider.rb @@ -93,7 +93,7 @@ module OmniAuth {} end # Settings override configuration.yml - Hash(OpenProject::Configuration["openid_connect"]).merge(from_settings) + Hash(OpenProject::Configuration["openid_connect"]).deep_merge(from_settings) end def to_hash @@ -108,10 +108,12 @@ module OmniAuth { :name => name, :scope => [:openid, :email, :profile], - :client_options => client_options.merge( # override with settings from configuration.yml + :icon => self.class.config["icon"], + :display_name => self.class.config["display_name"], + :client_options => client_options.merge( # override with configuration Hash[ self.class.config.reject do |key, value| - ["identifier", "secret"].include? key + ["identifier", "secret", "icon", "display_name"].include? key end.map do |key, value| [key.to_sym, value] end diff --git a/lib/open_project/openid_connect/engine.rb b/lib/open_project/openid_connect/engine.rb index fc5398f106..9920aa2217 100644 --- a/lib/open_project/openid_connect/engine.rb +++ b/lib/open_project/openid_connect/engine.rb @@ -7,19 +7,18 @@ module OpenProject::OpenIDConnect engine_name :openproject_openid_connect include OpenProject::Plugins::ActsAsOpEngine + extend OpenProject::Plugins::AuthPlugin register 'openproject-openid_connect', :author_url => 'http://finn.de', :requires_openproject => '>= 3.1.0pre1', - :global_assets => { css: 'openid_connect/openid_connect.css' }, :settings => { 'default' => { 'providers' => {} } } assets %w( - openid_connect/openid_connect.css openid_connect/auth_provider-google.png ) - initializer "openid_connect.middleware" do |app| + register_auth_providers do # Loading OpenID providers manually since rails doesn't do it automatically, # possibly due to non trivially module-name-convertible paths. require 'omniauth/openid_connect/provider' @@ -35,31 +34,10 @@ module OpenProject::OpenIDConnect config.ssl_config.set_default_paths end - OmniAuth::OpenIDConnect::Provider.load_generic_providers - - app.config.middleware.use OmniAuth::Builder do - OmniAuth::OpenIDConnect::Provider.all.each do |pro| - p = pro.new - settings_available = if pro.available? - "settings available" - else - "settings missing" - end - - Rails.logger.info "[OpenID Connect] Registering provider for #{p.name} (#{settings_available})" - provider :openid_connect, :name => p.name, :setup => lambda { |env| - Rails.logger.info "[OpenID Connect] Trying dynamic provider #{p.name}" - opt = env['omniauth.strategy'].options - p.to_hash.each do |key, value| - opt[key] = value - end - } - end + strategy :openid_connect do + OmniAuth::OpenIDConnect::Provider.load_generic_providers + OmniAuth::OpenIDConnect::Provider.available.map { |p| p.new.to_hash } end end - - initializer 'openid_connect.register_hooks' do - require 'open_project/openid_connect/hooks' - end end end diff --git a/lib/open_project/openid_connect/version.rb b/lib/open_project/openid_connect/version.rb index b1e686206e..a95cea2b52 100644 --- a/lib/open_project/openid_connect/version.rb +++ b/lib/open_project/openid_connect/version.rb @@ -1,5 +1,5 @@ module OpenProject module OpenIDConnect - VERSION = "0.0.1" + VERSION = "0.1.0" end end diff --git a/openproject-openid_connect.gemspec b/openproject-openid_connect.gemspec index ed71cddccb..d10340a650 100644 --- a/openproject-openid_connect.gemspec +++ b/openproject-openid_connect.gemspec @@ -17,7 +17,8 @@ Gem::Specification.new do |s| s.add_dependency "rails", "~> 3.2.14" s.add_dependency "openproject-plugins", "~> 1.0" - s.add_dependency "omniauth" + s.add_dependency "openproject-auth_plugins", "~> 0.1" + s.add_dependency "omniauth", "~> 1.0" s.add_development_dependency "rspec", "~> 2.14" s.add_development_dependency "rspec-steps", "~> 0.4.0" diff --git a/spec/requests/openid_connect_spec.rb b/spec/requests/openid_connect_spec.rb index f4b0947156..c058c03a63 100644 --- a/spec/requests/openid_connect_spec.rb +++ b/spec/requests/openid_connect_spec.rb @@ -142,7 +142,7 @@ describe "OpenID Connect" do get "/login" expect(response.body).not_to include "Google" - expect{click_on_signin("google")}.to raise_error(ArgumentError) + expect{click_on_signin("google")}.to raise_error(ActionController::RoutingError) end it "should make providers that have been configured through settings available without requiring a restart" do