From 69f3e34bfd7654b106bdc705c5c548aba8c4d347 Mon Sep 17 00:00:00 2001 From: AyakorK Date: Tue, 31 Dec 2024 16:02:20 +0100 Subject: [PATCH 1/6] feat: First try of the addition of the CAS SSO --- Gemfile | 1 + Gemfile.lock | 5 ++++ app/packs/images/icon-cas.jpeg | Bin 0 -> 10478 bytes config/initializers/omniauth_cas.rb | 23 ++++++++++++++++ config/locales/en.yml | 22 +++++++++++++++ config/locales/fr.yml | 22 +++++++++++++++ config/secrets.yml | 5 ++++ lib/omniauth/strategies/ubx.rb | 41 ++++++++++++++++++++++++++++ 8 files changed, 119 insertions(+) create mode 100644 app/packs/images/icon-cas.jpeg create mode 100644 config/initializers/omniauth_cas.rb create mode 100644 lib/omniauth/strategies/ubx.rb diff --git a/Gemfile b/Gemfile index acc2c0e..5f8d5d8 100644 --- a/Gemfile +++ b/Gemfile @@ -37,6 +37,7 @@ gem "decidim-survey_multiple_answers", git: "https://github.com/OpenSourcePoliti gem "decidim-term_customizer", git: "https://github.com/OpenSourcePolitics/decidim-module-term_customizer.git", branch: "fix/email_with_precompile" # Omniauth gems +gem "omniauth-cas" gem "omniauth-france_connect", git: "https://github.com/OpenSourcePolitics/omniauth-france_connect" gem "omniauth_openid_connect" gem "omniauth-publik", git: "https://github.com/OpenSourcePolitics/omniauth-publik" diff --git a/Gemfile.lock b/Gemfile.lock index c7d6e48..c8089a9 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -796,6 +796,10 @@ GEM hashie (>= 3.4.6) rack (>= 2.2.3) rack-protection + omniauth-cas (3.0.0) + addressable (~> 2.8) + nokogiri (~> 1.12) + omniauth (~> 2.1) omniauth-facebook (5.0.0) omniauth-oauth2 (~> 1.2) omniauth-google-oauth2 (1.1.2) @@ -1187,6 +1191,7 @@ DEPENDENCIES lograge multipart-post nokogiri (= 1.13.4) + omniauth-cas omniauth-france_connect! omniauth-publik! omniauth-rails_csrf_protection (~> 1.0) diff --git a/app/packs/images/icon-cas.jpeg b/app/packs/images/icon-cas.jpeg new file mode 100644 index 0000000000000000000000000000000000000000..0e36949060a40e7c1175167e618de651f8edb349 GIT binary patch literal 10478 zcmc(FbyOV9wr?W|E&+z%PLRQaJ0yb!!r&4J?hsrygzWTaBy&Okb*~u`v@NoAD4)nh?#<#nVOuIij9qwSx7*Tf}Ky2lZ}U5jGp-Z zAt)G_n8>?8I5;2ztAJ|vQXVwgA+Gw=mslE}tpRkmX>K2<*inYxT(lQQuyGaubU z`wQ9s9=DpC{NEh9l~3pdZdVei^JXp3w0=Utl{VzRpc3#%ERx{q@w~iX2Hg?y3rQHJ`2an9F z%I{1T+pOZf8>h7L=FK=AY%RZD8uJq2OosNf??>BYHxIwO_#j$$^TN#PmH$sr1l65v z6CO+Fm1=n)F}C7!YwEjtn{33cnJ+o%ig{DIIDomP}{g5j9%h} z07i;+M^kI%_{vo&s~WSLJN!R-e$8Oud+4=Ld2$o^3<2Qa=$^d1UXi+cQgc=MjJ9k{ zLL2s{^CF~Z|8fF!rf`e^GN&S2I}MzptJ}qVe(NHDPIWK+@XRT`_#Gb*s88?W;CWN5 z*`LjDXGXUsfXXVBV#|2qfT}z3AoiJkdDC7*JDXJ{I zKu(Dqo@^K^*+0#oqp=kJuxZNVv)>$FJkKd*<*OQ>@*lSn^xu*$3W;7`SEUPU#CDl{ z{KP5fwrnyCrT$I=HDWtKfshaZOfdj@oDaZ?M%kHCFy=P1sX?9?_*`DRf-XoJLtuHR zYkoeOqbqvF)zCjmAjjYLOt{}$`wfGm>a$I%_*5NgqZWz`Ca!a$?dAQPiu73+aV-6AN>gL z!DwpyGSKg~s815k84^-xmvd6(vrQ^3*}i%%=`a8zkD8En>5MTDlNVlT{$zM0nOjoZ z?U&TQ|C7S0bOO~ie*6*+p&%;Ua)Ebt$JJ?+PrdcWYZ4c=w__^k(px8wxGt0{BfWk- zRX(f1`Kv=jw6knM_X^dH9d@!TM>sLDyha80Wgz zSMncnO0nspFc=J@5^kN&bA(PLW6kSfZkjo~A^t(ck;iUo#nLOwlgu)b{KE?(6o%%U zHXr@@9Xxl2T29$MVzYJ5{&W?eNpImYEii;;0Vl2Fj|mbz{Vx(I1o($&2~b`;h>rOd z&O;g1f34kx$E$#w=mq1N=qKHMsoCc@>Qe-a@w@EfddRyUr~IMz@AL_+W7DJJEOBv! zF#%k1nt}@RBUclm8+D!~zpCSE88oh|0hDezFY*%DX@SY4fM>(<3a@I;dept*p`FOT zMZ;!0>f#?Lrg+LLOh&z%H{J{?TOhGnvNkb^xie>pu*x*`S4vjpnR-z_o-m&sr4KvB zdHKPEm#?Pl#|z&6IGyTI~6PckmAsnnz?YoGDzk!-sWnG=Y3(@om3xns zGE`MohY(xs=WsQ!Y_LC_YKC`+f^PIT9J8zklMZ+lWhE`z))lFDC$F4eeQx|@%evP# zzOH)jR?8A}CH{|Wowt1~es#tB%8h1MiZI{32oO0i0If?(OomMUnR$)?IKQDMpiD*& zi7@`sK4Ci^WXvGenHjfVWsY5sQ>0o?3uA%v_p_E;UoK_Cs_n~2hs4I}LltS5?8`X< z70HHtqb7{n68o!>HV3sXvvt*0QoRqn&VQBR@k|$F+3!(T9|hSRKW50YOW_2mzWVm! z3Ky!->i#Y$sTpm%qiE-Gh0R&~{EMw{ia4QE^DC68Qk_p1=lV~FZbqP6?HqlYboK&3zY5Z=y$Ds>wB`5q$nQnaD?%f$Jww_Z#L{~6$CPWd-8Q{ zzXQgarvR11Gx|0rU?|g}Zy+8aLq`l4sRt;kiN*mp*7Skx=(NtT@xxo#j%Z7U_2nG6*MR&E zb3rv{TXQ~fhBrJODqnOVrE>i++LkHY;>TsgT54P=Bj1Ve7R1f1H%6WW8Wo#OhX4X1 zGtkb6KhekO6=wz{8r|+{41Dw=2ia z-iHLEka-_xk%E#fJeizG_|$I$8%0W;ZQ>v4jGTsHBL2l#dA{j0em)2}_46n}wwvB^ zf^=_3%Q&0V<|vl|pY+M;i(_58@KqDyyA{?PqVih-{MVPJ^(m)^)tB_16NiT)x*0mTxnLDyySr41@mZ$cZu;!gM7++`dAgX+Hnx3tWX*C z#ar9Gx4xJTT)4)V%`3tPz`{p|SwG`@gz64|t1DZ&B2t5T9VA;9ZV13j!$uyR_L=l> zmV*Vc3{~(&h>GqVMaG_}M8x94>n*TpGZt7dIzM;=X2Gd_@LSYx4}Np>v6VK_OXc*Z z;ez3>xR+_*-lun?gFZb`+<3K#Os|g*OR2q1eRPFqx#Z)c)7G+)vCbpiNxi7*TTw(6 zj~30>RCVpekl!nC;5(O8^(k*(r`rV)K0X-BalBjFV)srG4s>7JkH)UK*ZeP|- z&;S|P>Fo@A*lt0oU&*ESo2=-H4}6I=$h7oL@bBCdfE~KwwU?P>WuXRB;Bex5=&Yeb zzIqFBIN2%%^$$8fIc;wTleHrQZ-}9=Yv1#slG{|OX#PoeECI3I;=11BuU0rikDZ4A z0XZ0WUa7zLvUbiBnUFM?z&VF`9|X(alI7soIWc>(dywL0K2hj?DV1paj3oXi6|~UG zH3S=r>2wMEY!T1qk&V84V@Rx3I*w<99uIauF$d5lp;%@Qd2K~4WMxSjU6bC#Xv&%s zD!dXY`_&dC-3Fip2djR>jlB(xDw0_Aaq|rFF*%MFpB0u0*`237N(;u%;uSVKwa%RER~^eNn(9+F?7ibE zEay_4fPEDi2x#y3+he#k2~?j#GW9C=_Ivi4cVv(}*^SDR-(}tL@!uq*+OG6xwzIcm z$9z*U@OeA_@bIRezUhACog%R6KP+tZ=EkGWVMUidln%gzHT&XfTZK(fw)4O$z=l7ZuD*{f?_hR7mo^cb0B)fi{RA2ZYjn+6xr4X=Q|mN71$_9R=m;>-Ne zUJUSYT)YF#!9VEf=SW5qaM?nwFpj8Vt@5w?7yFxAzQ0^y;%1Kg!pbDi_|(`9w4S)V z>>nDKRpPPt0w5}3)mvx*Kf58ioLi)&PG8cB}M(uz(Bv|8lgA( zBO_`h$1hcquteR-$dPK~T(7x2#toePED7t2Y7mE78gZ+3!{8V{xedgv$D7mi0HkeQ{YN#kkm^v6h$Nlnn!a z-u;(b{M+jFX-)Czc=g| z*^cfU1m226LnV;qvFmBJ%1#qgOWB~Oud6p<6f;AW{|O>Pt!tmCSsLJ-C`%aaheAMG z=?eGdduAeiAYBk9V{6=j6#LwY{$4j%qj~U z=YvwZV>QB4%66Z1D~3O9u*Tr0W?i-_jg)6Na37S=4pygS$3zfiy`=Wx5m?wVlJIZ~ z*8Y=-%3e|w{XNy#qC(*oJX9Q#;2xD7kidqD$t5{LV7ZATxON)4wR!p@|q`%Om9309f|r374!M2zzA^zqUK zC3R9{kXg!RGlX@g6{@H%+hShHa{ifMSDI!!(;&AcHn%81Xl72qdFLopYN&=iFR96G zkj=lz%(^u}iGALSXtHX1sgxuL##+dVoHxL~3wu;)!INYYPp^K;zR1s9&P`~U#giMY zgf(ghZ}Kwfv(1+SFU$Qxq~p)jo!k3xLI zpKTh{J3~NBkH|NI9!=?)ML4HA8aHHecuEnRlnd_o$*M{Y5z1lTF5No49Q!U=Oa!}K^x0JqJ|(`T%ls7BSh){m4Xqbf*7;fE95IazLYrI0w9CfNk{hg$)uUM==< zI0Mg)r!fK`b}Z>XU;QR&>Z6EsT}{PNFMaq$CfCJ_sMy}j znws_tBYV=H&5m*K1N8p=Vw9m--GavH%+^oT-Ag&R4$l$r-nLq`vjBfhV{ z&m;q~E1RXt=IoN}#BJ5Jn4d(X?pa8-tYRFMru<=k{MgbrHZE=hIdRngW%SiM2LE1E zscTFFB(X%K6ALeU`>bz-5dl<$wB7|WdsF*Nzg$kI5xZzb4i#LojGYd@lSEdrzE_$g zTYWmRqCu=?@*@vSI0F7U{qPVC@Id<#z*F~qG}l4r{DBiigV`VXy)Hb!+*|p z)bxBm(liTaPu709hu%F4Vm|Qqi}Q-!?#^PBVrwo9A{|Lg*!KaDBPzw71rO)$#&O6c z>jP@@+4onRlDfx|`C*a8!;)I}3;ZU0!m=N2jRr=xV2|xa97~ILd}t(0u9rG=MS6*v zL<6z`qH(G~x%r_{N-f26mkNuxUAMSmCmD5}D;>!vZ(~kH4-+nTSVpO(USPAAq=dZJ z!xNW|>Ix9ZVEO1kxFq*_{*`}-7hfsn{;;K17WGUG#5K+e>aE{|YsORjF0Y~Jz`cp=w5g^kMJ1||L)Yjb3X4>!S!>9|ro{*? zG-KDOlxiHWKOy%`?CK;e;Y-*c)WF5d_EK^U$p-FcApnZuPbw43*JtAneZX&f9d~g< z>{j&APmFY-+M&;5eF}TavvSr65x_U_=BuR`8H|ON;L6W09Y})fd)9T$bUKEWxyO@9 zt+Qdr(VFZcnL*3s%n%E@;1~iUv55pVj8wY?v{{-}Wu|~0LUfK!noEqjv3i^@246(d zaX!zAXdHlpFoz}Z{P6T<(l1%W=M|Yr}n0`H7!hWR~pCEi*qX-uA;?6($s+#j(-)F(I=F+HE>1&_!hiNoIc!Zx`Bi z&zY4TOwQ5^KaP(Usq9$+2a~^4b@Ta5(b#Cea}V~V?my$&#*K}mqnoxg){HAjsxLTt z*NEHby14VncsXIjO)}sEJCxU!GdF(5){apiuw%T~IJ&yJYLh1jV=WsW!p2au&JK{s zX|Egf&C&nF=%&0DxM*+QEtTk&xYmL(1xY-rsdrsd#tkDnJ60~)K>Xor!Hj5nxmfj_*!$fuJ6RYKiYUk>k zHL_vezvOWp7>V1Y6>q`vs-tBGO3g5{I$R;%rEiC-zu-D{7G~y|GGz0&$LCdJ%_Wvr z$^`p83!j#cIiEFzhuRavtA)i9 zX9M2gC7Yf8;N2RV{YB}giC$WiZk*pXYq4OhkdA6Gg&@Jvqd(Ez4eBl)vWk5(pd#JU zGRqCtw4Q7Bmw(Dq#-(c`7zgyeVlcZ1PE~849Y#PX3eL)Qyx1fxe|wC#_w8~L2u^aF zj4|mtn)wUFC_LUjRHWvyV{U%==7x0h$P7uZPDOVLx2~9x)FXgTUhugC0jJ3Wwf>4B zY;~1Zjkvn~jg_bbudLS1fSch9&Egeb?G*zT`DpI1drOjy3F#FK&P1fNQlG5XYE6n{ag;p%ZEBqf>UlMQM=saDfeK7`wK1N?H8r zQD7qGLc)BL1QZ^UkPC*)q`eXnJjbSB1J(D<%5*8~#@XnQmM~Q$){7-mMdr`uS5JI# z4muJq45TB%)J7XgS&P)p;DlIR(4^W{?+IAiLZ#^fWO^CtU|?5d-N=eU4xK0t(2OAT zp;&&aw{+pin4vZvo3ut^Lobcp7+C!qI^;ux0G8)R``nGH&X~ zM=l7dmqlnLhGH5!$&k!$-I$qyLTlWq3~Kvo%`y%Y&@wh(t@}EE;@6P$a9)cK-$Itq zP!yxU!-Z#OrLug#yfLg1Kwwt6RN3zGh*^PQdI#z7MolQ=h5dF10sztEB8v~0ALc)) zUO2?v+%ba3?nkq-`I%461-MqI{!9OEe<%Xjg*U(-9N{SQ&FSy3PhX2Q+h@HyPa)Zq zI;5RyJgizzYf9CfeS5OsNQ2CWIwfBBSrKhDPQj2V64ppnjGuW@ZgBW1EM6m!(@~dm zfUvXabM(R<3J$Gnmp7iu8)u1;h@SEhOt zzbxD-A@M6R&IF36D}a@9kZO&B3)G|K;3i7Ax=w7QUh6r)5P%vLO!Aqr#>uX5r*CZk zt(EY?0!e+bqQ06ce$f1~NsfIa4lNfV<8omH+kEaI|(VxrYT(oxx#EA6YYNBi0(1DOQA zihE2uI&v=%n+Jnt;#3QwrH0%C#@0V87>Q)g+boxhu;CO!M({cz@q-nr*Bt8Ca;+Dq z-rs%dI+4`MiXKU-)ez(s;;rIKrsHFM=nR`gZq$IroI`v*{Ah|igU49is(nNNix33R zfm~UlEf=FWmjo|}y?EyWmt;2jB6{dJ3EfWA-|5H6^o)=?tS1LYD^)?fN|ANhf{lQs zDa6w?Z}7}_pcyX~Hz&TmBRCa5u@=)9lP-u4a~}`l{048pQbhC7ggIJhJ2`pLtlMMl zZ4M2=H90IC^FQG+!crj?4_GA)M-wzNFFheUNR}PRWE3Fj+gU8DgqYYe18P69(RzDt zspx5H7sv?=4FSYVHDFJ`-z=(695_-69~%<0u$ZP5>$&fbMRO2Y4Qj_F%HOjr*5;rs zDZJ5;q3ks$harL+ya(Q=K1jdf7~`ZE+w!~Y>Ztn}94Ln08sci2YinhRFFvX9+r1k4 z?*s%0)XC?fMO4ys4U~IQZA;Dus+sKUyq^$wK3ly2eF*eZ%0Fw_9U;!9TmhsrIz^%2$ZxE zeFe~R&982Y5kNIO9je$Y0`nTYld) zZB*mb*6_n=lPSb7pa`W|Pr)53~ zD;tIF)NZze8t#_2_-I-!qKUWj+bW@!&+0sW+e1|AY0?vs{L%=LU-~oWFpo^myV4&R z_@iPoe~LYT?yElVjSfB8s-EXsU;@aU#g;v8e#7!xYrHdpPTC7>4;5Zpe~ZH@aTq$_ zlAhj?0MFPBb!$$_(A1))N7)mI&{PL%d7+V1>!kYxA_E%A{c4!{2$ML6rFzF7YNTlN zbJe6*Br8J5G=m(dLEwpeXhBQ zXLxjslA)dsW8Nsd)D=B`kw5XfxH#Rut5%n4cI`c(u_Yo4W6i|5Qc0-0icGAQCiQ-1 ze6C43yoKjmlZxeF=YYxzrBcA8!kg~9wF^6>`9R_^x>LpWRBXUuSh{$C#@rewI2#?h)|qyK29&wQt_@$Y56_yGqEa=J$%(&R)RSsX|j*!J=CzITyLaz(sfL~ z`pA)!jp;Z*{%U@wcqUBCI(hHv*O^ zqyccErGt+Pb!Ne24$bhSU7f{Q(Zs#6P4hTQ9$zk?%X2|u(yXTDgK{8DX^tvn`E4Bb z-b!;vL&cHfDXm7;WByVlvA-8~YFKpmH|pBwA#U9hrv?_hpMqHA>wC;u$O{t^v}T~; zsR__+N&K-dDr27p(FRkV@ksp^eS&dZmh^>!Ly^jwryxty7X{|-r4gTyntYP5lm#L| z>RQp{Z&g1O3d89o1Csp6n>=Zp zw9|vRy|JIKb5;-L`m5qD*z)4{1P7v=& zcve06B}pZ6hXtOhP3E~zO_qB-g?ySDRo1;?cmEm)NZ@XsiY*@4qr0ZkxUyGxX9O_O!i%$(H)AgM7F>s*<}LE)XAxZvi?NkL%Yj^+m_eNT@^3V zTHNBT$XA6UCdnmfc6+5(S2__uBk~Od-QuZ&(kb?Akp=8{ahn@ZS>}+jWWU95zFS^? zushtLKFn{rFM1R_vsHAp)_WECw3qRarg<%zZ^GE0SOo!e?=~Fvd{`UVqZ(e5n0xs1 zNBz1oX}6xtNm&YPD38Ha+p_wwBJVP3Gim3J{D`L5-`(YptY#nGM=|BZXlFX7&?;m( ziUDtJbwB`q%J5J%ySw^?03zX) z(3iWeEIa(e)Ck}`ta<0q|005g3*xc!p`1m>h&GN z_aNA8nvKRN)oI01(Rl1?>tXQj;zBKw=FCL^t8V{&a0Y&kmbB13uY()9tAq2>)`LR- zi+R>VxyD=r_f}kjhekcO{bv-cSHFJj@DIuBk8vMVgS{}4EbBhvQvX^)=_YNSGQ=zMjit>5&7$XoacT{U^rN(e?wg=BmXXll@= zw;y%9V+(#j3kx=y0Y#-f6#pWoTRGkz%8ztTh;D&b&nSgF_iLNE9T%B z&IQAnVZUB*_4o-jt%??*ft;aiAR{Yx&$U(|#8tI=vq_9?d3*dq4O#Am)&Fy;@c;OX Hf|&UaS`luh literal 0 HcmV?d00001 diff --git a/config/initializers/omniauth_cas.rb b/config/initializers/omniauth_cas.rb new file mode 100644 index 0000000..bead0c8 --- /dev/null +++ b/config/initializers/omniauth_cas.rb @@ -0,0 +1,23 @@ +# frozen_string_literal: true + +require "omniauth/strategies/ubx" + +Rails.application.config.middleware.use OmniAuth::Builder do + OmniAuth.config.logger = Rails.logger + + omniauth_config = Rails.application.secrets.fetch(:omniauth, {}).with_indifferent_access + + if omniauth_config[:cas].present? + provider( + OmniAuth::Strategies::UBX, + setup: lambda { |env| + request = Rack::Request.new(env) + organization = env["decidim.current_organization"].presence || Decidim::Organization.find_by(host: request.host) + provider_config = organization.enabled_omniauth_providers[:cas] || {} + + env["omniauth.strategy"].options[:host] = provider_config[:host] || omniauth_config.dig(:cas, :host) + env["omniauth.strategy"].options[:ssl] = provider_config[:ssl] || omniauth_config.dig(:cas, :ssl) + } + ) + end +end diff --git a/config/locales/en.yml b/config/locales/en.yml index 05468ab..81c6ff6 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -30,6 +30,23 @@ en: is in evaluation state. anonymous_user: Anonymous user authorization_handlers: + admin: + cas: + help: + - Validate with an external CAS account + cas_student: + help: + - Validate with an external IDNUM student account + cas: + explanation: Validate with an external IDNUM account + fields: + status: status + name: IDNUM + cas_student: + explanation: Validate with an external IDNUM student account + fields: + status: status + name: IDNUM student osp_authorization_handler: explanation: Verify your identity by entering a unique number fields: @@ -153,6 +170,9 @@ en: system: organizations: omniauth_settings: + cas: + host: External service host (without http(s)://) + provider_name: External service name france_connect: client_id: Client ID client_secret: Client secret @@ -193,6 +213,8 @@ en: success: Success first_login: actions: + cas: Verify your identity with an IDNUM account + cas_student: Verify your identity with an IDNUM student account osp_authorization_handler: Verify with the identity verification form osp_authorization_workflow: Verify with the identity verification form devise: diff --git a/config/locales/fr.yml b/config/locales/fr.yml index 5e08e14..94af011 100644 --- a/config/locales/fr.yml +++ b/config/locales/fr.yml @@ -32,6 +32,23 @@ fr: est en cours d’évaluation. anonymous_user: Utilisateur anonyme authorization_handlers: + admin: + cas: + help: + - Confirmer une identité avec un compte IDNUM + cas_student: + help: + - Confirmer une identité avec un compte IDNUM étudiant + cas: + explanation: Confirmer votre identité avec un compte IDNUM + fields: + status: votre statut + name: IDNUM + cas_student: + explanation: Confirmer votre identité avec un compte IDNUM + fields: + status: votre statut + name: IDNUM étudiant osp_authorization_handler: explanation: Vérifier votre identité en saisissant un numéro unique fields: @@ -155,6 +172,9 @@ fr: system: organizations: omniauth_settings: + cas: + host: Hôte du serveur distant (sans http(s)://) + provider_name: Nom du service distant france_connect: client_id: Client ID client_secret: Client secret @@ -195,6 +215,8 @@ fr: success: Vous avez été vérifié avec succès. first_login: actions: + cas: Confirmer votre identité avec un compte IDNUM + cas_student: Confirmer votre identité avec un compte IDNUM étudiant osp_authorization_handler: Vérifier avec le formulaire de vérification de l'identité osp_authorization_workflow: Vérifier avec le formulaire de vérification de l'identité devise: diff --git a/config/secrets.yml b/config/secrets.yml index e894445..7e62890 100644 --- a/config/secrets.yml +++ b/config/secrets.yml @@ -62,6 +62,11 @@ default: &default main: <%= ENV["HELP_SCOUT_BEACON_ID_MAIN"] %> fallback: <%= ENV["HELP_SCOUT_BEACON_ID_FALLBACK"] %> omniauth: + cas: + enabled: false + icon_path: "cas-icon.svg" + provider_name: "IDNUM" + host: <%= ENV["OMNIAUTH_SAML_HOST"] %> facebook: # It must be a boolean. Remember ENV variables doesn't support booleans. enabled: false diff --git a/lib/omniauth/strategies/ubx.rb b/lib/omniauth/strategies/ubx.rb new file mode 100644 index 0000000..9d0855f --- /dev/null +++ b/lib/omniauth/strategies/ubx.rb @@ -0,0 +1,41 @@ +# frozen_string_literal: true + +require "omniauth-cas" + +module OmniAuth + module Strategies + class UBX < OmniAuth::Strategies::CAS + option :name, :cas + option :origin_param, "redirect_url" + option :service_validate_url, "/p3/serviceValidate" + + option :name_key, "givenName" + option :status_key, "eduPersonEntitlement" + + # Auth hash schema keys for consistency with OmniAuth schema + AUTH_HASH_SCHEMA_KEYS = %w(name email nickname first_name last_name location image phone status).freeze + + info do + prune!( + name: raw_info[options[:name_key].to_s], + email: raw_info[options[:email_key].to_s], + nickname: raw_info[options[:nickname_key].to_s], + first_name: raw_info[options[:first_name_key].to_s], + last_name: raw_info[options[:last_name_key].to_s], + location: raw_info[options[:location_key].to_s], + image: raw_info[options[:image_key].to_s], + phone: raw_info[options[:phone_key].to_s], + status: raw_info[options[:status_key].to_s] + ) + end + + private + + def prune!(hash) + hash.delete_if { |_key, value| value.blank? } + end + end + end +end + +OmniAuth.config.add_camelization("cas", "CAS") From bbad34a5f05b34c736faa219dc1768b35182665c Mon Sep 17 00:00:00 2001 From: AyakorK Date: Tue, 31 Dec 2024 16:21:51 +0100 Subject: [PATCH 2/6] fix: Fix locales crashing --- config/i18n-tasks.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/config/i18n-tasks.yml b/config/i18n-tasks.yml index 1425f5c..467e4d3 100644 --- a/config/i18n-tasks.yml +++ b/config/i18n-tasks.yml @@ -129,6 +129,8 @@ ignore_unused: - decidim.authorization_handlers.osp_authorization_handler.{explanation, name} - decidim.authorization_handlers.osp_authorization_handler.fields.* - decidim.authorization_handlers.osp_authorization_workflow.name + - decidim.authorization_handlers.admin.* + - decidim.authorization_handlers.{cas, cas_student}.* - decidim.events.budgets.pending_order.* - decidim.events.users.user_officialized.* - decidim.events.verifications.verify_with_managed_user.* @@ -140,6 +142,7 @@ ignore_unused: - decidim.system.organizations.omniauth_settings.{france_connect, france_connect_profile, france_connect_uid}.* - decidim.system.organizations.omniauth_settings.openid_connect.* - decidim.system.organizations.omniauth_settings.publik.* + - decidim.system.organizations.omniauth_settings.{cas, cas_student}.* - decidim.verifications.authorizations.create.* - decidim.verifications.authorizations.first_login.actions.* - rack_attack.too_many_requests.* From b9354c00d9d78a796011a49cf67853b058f29c7f Mon Sep 17 00:00:00 2001 From: moustachu Date: Thu, 16 Jan 2025 14:11:01 +0100 Subject: [PATCH 3/6] Update secrets.yml --- config/secrets.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/config/secrets.yml b/config/secrets.yml index 7e62890..a447755 100644 --- a/config/secrets.yml +++ b/config/secrets.yml @@ -67,6 +67,7 @@ default: &default icon_path: "cas-icon.svg" provider_name: "IDNUM" host: <%= ENV["OMNIAUTH_SAML_HOST"] %> + ssl: true facebook: # It must be a boolean. Remember ENV variables doesn't support booleans. enabled: false From 729d6ba197ea7de2f604f8e1bde1661baa5685c4 Mon Sep 17 00:00:00 2001 From: moustachu Date: Thu, 16 Jan 2025 14:34:43 +0100 Subject: [PATCH 4/6] Update Omniauth strategies --- lib/omniauth/strategies/ubx.rb | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/omniauth/strategies/ubx.rb b/lib/omniauth/strategies/ubx.rb index 9d0855f..61d08a0 100644 --- a/lib/omniauth/strategies/ubx.rb +++ b/lib/omniauth/strategies/ubx.rb @@ -9,7 +9,9 @@ class UBX < OmniAuth::Strategies::CAS option :origin_param, "redirect_url" option :service_validate_url, "/p3/serviceValidate" - option :name_key, "givenName" + option :first_name_key, "sn" + option :last_name_key, "givenName" + option :email_key, "mail" option :status_key, "eduPersonEntitlement" # Auth hash schema keys for consistency with OmniAuth schema @@ -17,7 +19,7 @@ class UBX < OmniAuth::Strategies::CAS info do prune!( - name: raw_info[options[:name_key].to_s], + name: "#{raw_info[options[:first_name_key].to_s]} #{raw_info[options[:last_name_key].to_s]}", email: raw_info[options[:email_key].to_s], nickname: raw_info[options[:nickname_key].to_s], first_name: raw_info[options[:first_name_key].to_s], From 62d39b49372e1561e8ac85faa0d8efa30841efc9 Mon Sep 17 00:00:00 2001 From: moustachu Date: Thu, 16 Jan 2025 14:37:31 +0100 Subject: [PATCH 5/6] Update fr.yml --- config/locales/fr.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/config/locales/fr.yml b/config/locales/fr.yml index 94af011..b781b16 100644 --- a/config/locales/fr.yml +++ b/config/locales/fr.yml @@ -175,6 +175,7 @@ fr: cas: host: Hôte du serveur distant (sans http(s)://) provider_name: Nom du service distant + ssl: Activer le SSL (true|false) france_connect: client_id: Client ID client_secret: Client secret From aca55bdd06352622745136bdfc6baec996856408 Mon Sep 17 00:00:00 2001 From: moustachu Date: Thu, 16 Jan 2025 14:37:55 +0100 Subject: [PATCH 6/6] Update en.yml --- config/locales/en.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/config/locales/en.yml b/config/locales/en.yml index 81c6ff6..6ef9b45 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -173,6 +173,7 @@ en: cas: host: External service host (without http(s)://) provider_name: External service name + ssl: Enable SSL (true|false) france_connect: client_id: Client ID client_secret: Client secret