diff --git a/CHANGELOG.md b/CHANGELOG.md
index ef5e1ccb2..759b9d2e0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,7 @@
# Changelog Fab-manager
- Support for Google Analytics V4
+- OAuth2 scopes are now configurable from the interface
- Updated environment documentation
- Updated react-i18next to 11.15.6
- Updated i18next to 21.6.13
@@ -30,6 +31,7 @@
- [TODO DEPLOY] `\curl -sSL https://raw.githubusercontent.com/sleede/fab-manager/master/scripts/cve-2021-44228.sh | bash`
- [TODO DEPLOY] migrate your Google Analytics property to GA4, see [this guide](https://support.google.com/analytics/answer/9744165)
- [TODO DEPLOY] update your tracking ID in Customization > Privacy > Statistics > Google Analytics
+- [TODO DEPLOY] update your oAuth2 provider configuration with the scopes previously defined in the OAUTH2_SCOPE environment variable
## v5.3.5 2022 March 02
diff --git a/app/controllers/api/auth_providers_controller.rb b/app/controllers/api/auth_providers_controller.rb
index 071b6a927..f83915e9f 100644
--- a/app/controllers/api/auth_providers_controller.rb
+++ b/app/controllers/api/auth_providers_controller.rb
@@ -83,7 +83,7 @@ class API::AuthProvidersController < API::ApiController
params.require(:auth_provider)
.permit(:name, :providable_type,
providable_attributes: [:id, :base_url, :token_endpoint, :authorization_endpoint, :logout_endpoint,
- :profile_url, :client_id, :client_secret,
+ :profile_url, :client_id, :client_secret, :scopes,
o_auth2_mappings_attributes: [:id, :local_model, :local_field, :api_field,
:api_endpoint, :api_data_type, :_destroy,
transformation: [:type, :format, :true_value,
diff --git a/app/frontend/templates/admin/authentications/_oauth2.html b/app/frontend/templates/admin/authentications/_oauth2.html
index b86470397..4f1fc8c82 100644
--- a/app/frontend/templates/admin/authentications/_oauth2.html
+++ b/app/frontend/templates/admin/authentications/_oauth2.html
@@ -90,4 +90,15 @@
+
diff --git a/app/views/api/auth_providers/show.json.jbuilder b/app/views/api/auth_providers/show.json.jbuilder
index 7bb61df29..78e7397b1 100644
--- a/app/views/api/auth_providers/show.json.jbuilder
+++ b/app/views/api/auth_providers/show.json.jbuilder
@@ -4,9 +4,9 @@ json.partial! 'api/auth_providers/auth_provider', auth_provider: @provider
if @provider.providable_type == OAuth2Provider.name
json.providable_attributes do
- json.extract! @provider.providable, :id, :base_url, :token_endpoint, :authorization_endpoint, :profile_url, :client_id, :client_secret
+ json.extract! @provider.providable, :id, :base_url, :token_endpoint, :authorization_endpoint, :profile_url, :client_id, :client_secret, :scopes
json.o_auth2_mappings_attributes @provider.providable.o_auth2_mappings do |m|
json.extract! m, :id, :local_model, :local_field, :api_field, :api_endpoint, :api_data_type, :transformation
end
end
-end
\ No newline at end of file
+end
diff --git a/config/locales/app.shared.en.yml b/config/locales/app.shared.en.yml
index 8d3837da8..6f647d6fc 100644
--- a/config/locales/app.shared.en.yml
+++ b/config/locales/app.shared.en.yml
@@ -267,6 +267,7 @@ en:
obtain_it_when_registering_with_your_provider: "Obtain it when registering with your provider."
client_secret: "Client secret"
oauth2_client_secret_is_required: "OAuth 2.0 client secret is required."
+ scopes: "Scopes"
define_the_fields_mapping: "Define the fields mapping"
add_a_match: "Add a match"
model: "Model"
diff --git a/db/migrate/20220322135836_add_scopes_to_o_auth2_provider.rb b/db/migrate/20220322135836_add_scopes_to_o_auth2_provider.rb
new file mode 100644
index 000000000..59c6c88dd
--- /dev/null
+++ b/db/migrate/20220322135836_add_scopes_to_o_auth2_provider.rb
@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+# This migration saves the scopes of the OAuth2 provider to the database.
+# Previously, the scopes were defined in the OAUTH2_SCOPE environment variable.
+class AddScopesToOAuth2Provider < ActiveRecord::Migration[5.2]
+ def change
+ add_column :o_auth2_providers, :scopes, :string
+ end
+end
diff --git a/db/schema.rb b/db/schema.rb
index eebcc5570..8da79429e 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
#
# It's strongly recommended that you check this file into your version control system.
-ActiveRecord::Schema.define(version: 2022_03_16_133304) do
+ActiveRecord::Schema.define(version: 2022_03_22_135836) do
# These are extensions that must be enabled in order to support this database
enable_extension "fuzzystrmatch"
@@ -391,6 +391,7 @@ ActiveRecord::Schema.define(version: 2022_03_16_133304) do
t.datetime "created_at", null: false
t.datetime "updated_at", null: false
t.string "profile_url"
+ t.string "scopes"
end
create_table "offer_days", id: :serial, force: :cascade do |t|
diff --git a/doc/environment.md b/doc/environment.md
index d1dc87088..8f73d88ca 100644
--- a/doc/environment.md
+++ b/doc/environment.md
@@ -138,11 +138,6 @@ Please, ensure you know what you're doing, as this can lead to serious security
A comma separated list of settings that cannot be changed from the UI.
Please refer to https://github.com/sleede/fab-manager/blob/master/app/models/setting.rb for a list of possible values.
Only the system administrator can change them, with the command: `ENV=value rails fablab:setup:env_to_db`
-
-
- OAUTH2_SCOPE
-
-A comma separated list of scopes that will be requested when authenticating with OAuth2.
SSO_DEBUG
diff --git a/lib/omni_auth/strategies/sso_oauth2_provider.rb b/lib/omni_auth/strategies/sso_oauth2_provider.rb
index 7c6d60f31..af59688ad 100644
--- a/lib/omni_auth/strategies/sso_oauth2_provider.rb
+++ b/lib/omni_auth/strategies/sso_oauth2_provider.rb
@@ -28,7 +28,7 @@ module OmniAuth::Strategies
def authorize_params
super.tap do |params|
- params[:scope] = ENV['OAUTH2_SCOPE']
+ params[:scope] = active_provider.providable.scopes
end
end