2019-01-16 13:07:19 +01:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
# API Controller for resources of type AuthProvider
|
|
|
|
# AuthProvider are used to connect users through single-sign on systems
|
2023-02-24 17:26:55 +01:00
|
|
|
class API::AuthProvidersController < API::APIController
|
2023-09-29 14:40:59 +02:00
|
|
|
before_action :authenticate_user!
|
2019-01-16 13:07:19 +01:00
|
|
|
before_action :set_provider, only: %i[show update destroy]
|
2023-09-29 14:40:59 +02:00
|
|
|
|
2016-03-23 18:39:41 +01:00
|
|
|
def index
|
|
|
|
@providers = policy_scope(AuthProvider)
|
|
|
|
end
|
|
|
|
|
|
|
|
def create
|
|
|
|
authorize AuthProvider
|
|
|
|
@provider = AuthProvider.new(provider_params)
|
2022-04-27 11:35:53 +02:00
|
|
|
AuthProviderService.auto_configure(@provider)
|
2016-03-23 18:39:41 +01:00
|
|
|
if @provider.save
|
|
|
|
render :show, status: :created, location: @provider
|
|
|
|
else
|
|
|
|
render json: @provider.errors, status: :unprocessable_entity
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def update
|
|
|
|
authorize AuthProvider
|
|
|
|
if @provider.update(provider_params)
|
|
|
|
render :show, status: :ok, location: @provider
|
|
|
|
else
|
|
|
|
render json: @provider.errors, status: :unprocessable_entity
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2022-04-12 15:20:10 +02:00
|
|
|
def strategy_name
|
|
|
|
authorize AuthProvider
|
|
|
|
@provider = AuthProvider.new(providable_type: params[:providable_type], name: params[:name])
|
|
|
|
render json: @provider.strategy_name
|
|
|
|
end
|
|
|
|
|
2016-03-23 18:39:41 +01:00
|
|
|
def show
|
|
|
|
authorize AuthProvider
|
|
|
|
end
|
|
|
|
|
|
|
|
def destroy
|
|
|
|
authorize AuthProvider
|
2016-09-26 12:41:59 +02:00
|
|
|
if @provider.safe_destroy
|
|
|
|
head :no_content
|
|
|
|
else
|
|
|
|
render json: @provider.errors, status: :unprocessable_entity
|
|
|
|
end
|
2016-03-23 18:39:41 +01:00
|
|
|
end
|
|
|
|
|
|
|
|
def mapping_fields
|
|
|
|
authorize AuthProvider
|
|
|
|
render :mapping_fields, status: :ok
|
|
|
|
end
|
|
|
|
|
|
|
|
def active
|
|
|
|
authorize AuthProvider
|
|
|
|
@provider = AuthProvider.active
|
2021-03-23 11:49:05 +01:00
|
|
|
@previous = AuthProvider.previous
|
2016-03-23 18:39:41 +01:00
|
|
|
end
|
|
|
|
|
2016-12-15 14:16:24 +01:00
|
|
|
def send_code
|
|
|
|
authorize AuthProvider
|
2022-01-18 12:00:23 +01:00
|
|
|
user = User.find_by('lower(email) = ?', params[:email]&.downcase)
|
2016-12-15 14:16:24 +01:00
|
|
|
|
|
|
|
if user&.auth_token
|
2023-01-10 13:09:04 +01:00
|
|
|
if AuthProvider.active.providable_type == DatabaseProvider.name
|
|
|
|
render json: { status: 'error', error: I18n.t('members.current_authentication_method_no_code') }, status: :bad_request
|
|
|
|
else
|
2016-12-15 14:16:24 +01:00
|
|
|
NotificationCenter.call type: 'notify_user_auth_migration',
|
|
|
|
receiver: user,
|
|
|
|
attached_object: user
|
2019-01-16 13:07:19 +01:00
|
|
|
render json: { status: 'processing' }, status: :ok
|
2016-12-15 14:16:24 +01:00
|
|
|
end
|
|
|
|
else
|
2019-01-16 13:07:19 +01:00
|
|
|
render json: { status: 'error', error: I18n.t('members.requested_account_does_not_exists') }, status: :bad_request
|
2016-12-15 14:16:24 +01:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2016-03-23 18:39:41 +01:00
|
|
|
private
|
|
|
|
|
2019-01-16 13:07:19 +01:00
|
|
|
def set_provider
|
|
|
|
@provider = AuthProvider.find(params[:id])
|
|
|
|
end
|
2016-03-23 18:39:41 +01:00
|
|
|
|
2019-01-16 13:07:19 +01:00
|
|
|
def provider_params
|
|
|
|
if params['auth_provider']['providable_type'] == DatabaseProvider.name
|
2022-07-06 13:16:09 +02:00
|
|
|
params.require(:auth_provider).permit(:id, :name, :providable_type, providable_attributes: [:id])
|
2019-01-16 13:07:19 +01:00
|
|
|
elsif params['auth_provider']['providable_type'] == OAuth2Provider.name
|
2022-03-28 19:50:36 +02:00
|
|
|
params.require(:auth_provider)
|
2022-07-06 13:16:09 +02:00
|
|
|
.permit(:id, :name, :providable_type,
|
2022-03-30 11:31:05 +02:00
|
|
|
providable_attributes: %i[id base_url token_endpoint authorization_endpoint
|
2022-03-28 19:50:36 +02:00
|
|
|
profile_url client_id client_secret scopes],
|
|
|
|
auth_provider_mappings_attributes: [:id, :local_model, :local_field, :api_field, :api_endpoint, :api_data_type,
|
2023-01-10 13:09:04 +01:00
|
|
|
:_destroy, { transformation: [:type, :format, :true_value, :false_value,
|
|
|
|
{ mapping: %i[from to] }] }])
|
2022-03-30 11:31:05 +02:00
|
|
|
elsif params['auth_provider']['providable_type'] == OpenIdConnectProvider.name
|
|
|
|
params.require(:auth_provider)
|
2022-07-06 13:16:09 +02:00
|
|
|
.permit(:id, :name, :providable_type,
|
|
|
|
providable_attributes: [:id, :issuer, :discovery, :client_auth_method, :prompt, :send_scope_to_token_endpoint,
|
|
|
|
:client__identifier, :client__secret, :client__authorization_endpoint, :client__token_endpoint,
|
|
|
|
:client__userinfo_endpoint, :client__jwks_uri, :client__end_session_endpoint, :profile_url,
|
2023-09-07 16:22:57 +02:00
|
|
|
:extra_authorize_params, { scope: [] }],
|
2022-03-30 11:31:05 +02:00
|
|
|
auth_provider_mappings_attributes: [:id, :local_model, :local_field, :api_field, :api_endpoint, :api_data_type,
|
2023-01-10 13:09:04 +01:00
|
|
|
:_destroy, { transformation: [:type, :format, :true_value, :false_value,
|
|
|
|
{ mapping: %i[from to] }] }])
|
2024-01-19 13:55:32 +01:00
|
|
|
elsif params['auth_provider']['providable_type'] == SamlProvider.name
|
|
|
|
params.require(:auth_provider)
|
|
|
|
.permit(:id, :name, :providable_type,
|
2024-02-20 15:58:52 +01:00
|
|
|
providable_attributes: [:id, :sp_entity_id, :idp_sso_service_url, :profile_url, :idp_cert_fingerprint, :idp_cert, :idp_slo_service_url],
|
2024-01-19 13:55:32 +01:00
|
|
|
auth_provider_mappings_attributes: [:id, :local_model, :local_field, :api_field, :api_endpoint, :api_data_type,
|
|
|
|
:_destroy, { transformation: [:type, :format, :true_value, :false_value,
|
|
|
|
{ mapping: %i[from to] }] }])
|
2016-03-23 18:39:41 +01:00
|
|
|
end
|
2019-01-16 13:07:19 +01:00
|
|
|
end
|
|
|
|
end
|