(wip) add saml provider

2025-01-18 07:52:23 +01:00 · 2024-01-08 09:20:52 +01:00 · 2024-01-08 09:20:52 +01:00 · 73566d4cd9
commit 73566d4cd9
parent ba926721bb
5 changed files with 19 additions and 17 deletions
--- a/3
+++ b/3
@ -72,6 +72,7 @@ gem 'devise', '>= 4.9'
 gem 'omniauth', '~> 2.1'
 gem 'omniauth-oauth2'
 gem 'omniauth_openid_connect'
+gem 'omniauth-saml'
 gem 'omniauth-rails_csrf_protection', '~> 1.0'

 gem 'rolify'
@ -153,4 +154,4 @@ gem 'sentry-ruby'
 gem "reverse_markdown"

 gem "ancestry"
-gem 'silencer', require: false
+gem 'silencer', require: false
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -292,6 +292,9 @@ GEM
    omniauth-rails_csrf_protection (1.0.1)
      actionpack (>= 4.2)
      omniauth (~> 2.0)
+    omniauth-saml (2.1.0)
+      omniauth (~> 2.0)
+      ruby-saml (~> 1.12)
    omniauth_openid_connect (0.6.1)
      omniauth (>= 1.9, < 3)
      openid_connect (~> 1.1)
@ -422,6 +425,9 @@ GEM
      rubocop (>= 1.7.0, < 2.0)
    ruby-progressbar (1.10.1)
    ruby-rc4 (0.1.5)
+    ruby-saml (1.16.0)
+      nokogiri (>= 1.13.10)
+      rexml
    ruby-vips (2.1.4)
      ffi (~> 1.12)
    rubyXL (3.4.25)
@ -579,6 +585,7 @@ DEPENDENCIES
  omniauth (~> 2.1)
  omniauth-oauth2
  omniauth-rails_csrf_protection (~> 1.0)
+  omniauth-saml
  omniauth_openid_connect
  openlab_ruby
  overcommit
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@ -7,6 +7,7 @@ class SessionsController < Devise::SessionsController
    if active_provider.providable_type == 'DatabaseProvider'
      super
    else
+      p active_provider
      redirect_post "/users/auth/#{active_provider.strategy_name}"
    end
  end
--- a/lib/omni_auth/strategies/sso_saml_provider.rb
+++ b/lib/omni_auth/strategies/sso_saml_provider.rb
@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+require 'omniauth-saml'
+
+# Authentication strategy provided trough SAML
+class OmniAuth::Strategies::SsoSamlProvider < OmniAuth::Strategies::SAML
+  include OmniAuth::DataMapping::Mapper
+end
--- a/lib/tasks/fablab/auth.rake
+++ b/lib/tasks/fablab/auth.rake
@ -5,21 +5,6 @@ namespace :fablab do
  namespace :auth do
    desc 'switch the active authentication provider'
    task :switch_provider, [:provider] => :environment do |_task, args|
-      providers = AuthProvider.all.inject('') { |str, item| "#{str}#{item[:name]}, " }
-      unless args.provider
-        puts "\e[0;31mERROR\e[0m: You must pass a provider name to activate. Available providers are: #{providers[0..-3]}"
-        next
-      end
-
-      if AuthProvider.find_by(name: args.provider).nil?
-        puts "\e[0;31mERROR\e[0m: the provider '#{args.provider}' does not exists. Available providers are: #{providers[0..-3]}"
-        next
-      end
-
-      if AuthProvider.active.name == args.provider
-        puts "\e[0;31mERROR\e[0m: the provider '#{args.provider}' is already enabled"
-        next
-      end

      # disable previous provider
      prev_prev = AuthProvider.previous
@ -28,7 +13,7 @@ namespace :fablab do
      AuthProvider.active.update(status: 'previous') unless AuthProvider.active.name == 'DatabaseProvider::SimpleAuthProvider'

      # enable given provider
-      AuthProvider.find_by(name: args.provider).update(status: 'active')
+      AuthProvider.find_by(name: 'FabManager').update(status: 'active')

      # migrate the current users.
      if AuthProvider.active.providable_type == DatabaseProvider.name