From 6c2eb229607725f5839e642f64efa7d95fb09bb9 Mon Sep 17 00:00:00 2001 From: Christophe Robillard Date: Tue, 3 Nov 2020 17:36:35 +0100 Subject: [PATCH] remove github authentication for manager --- Gemfile | 2 -- Gemfile.lock | 21 ----------- .../omniauth_callbacks_controller.rb | 16 --------- app/models/administration.rb | 6 +--- config/env.example | 4 --- config/initializers/devise.rb | 7 ---- config/initializers/omniauth.rb | 4 --- config/routes.rb | 1 - config/secrets.yml | 3 -- .../omniauth_callbacks_controller_spec.rb | 36 ------------------- 10 files changed, 1 insertion(+), 99 deletions(-) delete mode 100644 app/controllers/administrations/omniauth_callbacks_controller.rb delete mode 100644 config/initializers/omniauth.rb delete mode 100644 spec/controllers/administrations/omniauth_callbacks_controller_spec.rb diff --git a/Gemfile b/Gemfile index 7e40ba5ab..aea0def7f 100644 --- a/Gemfile +++ b/Gemfile @@ -49,8 +49,6 @@ gem 'kaminari', '1.2.1' # Pagination gem 'lograge' gem 'logstash-event' gem 'mailjet' -gem 'omniauth-github' -gem 'omniauth-rails_csrf_protection', '~> 0.1' gem 'openid_connect' gem 'pg' gem 'phonelib' diff --git a/Gemfile.lock b/Gemfile.lock index 296c60c37..f840aa19b 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -407,7 +407,6 @@ GEM momentjs-rails (2.20.1) railties (>= 3.1) multi_json (1.15.0) - multi_xml (0.6.0) multipart-post (2.1.1) mustermann (1.1.1) ruby2_keywords (~> 0.0.1) @@ -419,24 +418,6 @@ GEM notiffany (0.1.3) nenv (~> 0.1) shellany (~> 0.0) - oauth2 (1.4.4) - faraday (>= 0.8, < 2.0) - jwt (>= 1.0, < 3.0) - multi_json (~> 1.3) - multi_xml (~> 0.5) - rack (>= 1.2, < 3) - omniauth (1.9.1) - hashie (>= 3.4.6) - rack (>= 1.6.2, < 3) - omniauth-github (1.4.0) - omniauth (~> 1.5) - omniauth-oauth2 (>= 1.4.0, < 2.0) - omniauth-oauth2 (1.6.0) - oauth2 (~> 1.1) - omniauth (~> 1.9) - omniauth-rails_csrf_protection (0.1.2) - actionpack (>= 4.2) - omniauth (>= 1.3.1) open4 (1.3.4) openid_connect (1.1.8) activemodel @@ -833,8 +814,6 @@ DEPENDENCIES logstash-event mailjet mina! - omniauth-github - omniauth-rails_csrf_protection (~> 0.1) openid_connect pg phonelib diff --git a/app/controllers/administrations/omniauth_callbacks_controller.rb b/app/controllers/administrations/omniauth_callbacks_controller.rb deleted file mode 100644 index f0e878bc3..000000000 --- a/app/controllers/administrations/omniauth_callbacks_controller.rb +++ /dev/null @@ -1,16 +0,0 @@ -class Administrations::OmniauthCallbacksController < Devise::OmniauthCallbacksController - def github - administration = Administration.from_omniauth(request.env["omniauth.auth"]) - if administration.present? - sign_in administration - redirect_to manager_administrateurs_path - else - flash[:alert] = "Compte GitHub non autorisé" - redirect_to root_path - end - end - - def failure - redirect_to root_path - end -end diff --git a/app/models/administration.rb b/app/models/administration.rb index 7f4d410da..7d75d59a0 100644 --- a/app/models/administration.rb +++ b/app/models/administration.rb @@ -22,11 +22,7 @@ class Administration < ApplicationRecord # Include default devise modules. Others available are: # :confirmable, :lockable, :timeoutable and :omniauthable - devise :database_authenticatable, :rememberable, :trackable, :validatable, :omniauthable, :lockable, :async, omniauth_providers: [:github] - - def self.from_omniauth(params) - find_by(email: params["info"]["email"]) - end + devise :database_authenticatable, :rememberable, :trackable, :validatable, :lockable, :async def invite_admin(email) user = User.create_or_promote_to_administrateur(email, SecureRandom.hex) diff --git a/config/env.example b/config/env.example index caefb947a..d706b84ef 100644 --- a/config/env.example +++ b/config/env.example @@ -42,10 +42,6 @@ FC_PARTICULIER_ID="" FC_PARTICULIER_SECRET="" FC_PARTICULIER_BASE_URL="" -# Service externe: Authentification pour manager (auth Github obligatoire), permet d'accéder à /manager -GITHUB_CLIENT_ID="" -GITHUB_CLIENT_SECRET="" - # Service externe: Support Utilisateur HelpScout | Spécifique démarches-simplifiées.fr HELPSCOUT_MAILBOX_ID="" HELPSCOUT_CLIENT_ID="" diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index 5320dd42d..7c4954697 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -232,13 +232,6 @@ Devise.setup do |config| # The default HTTP method used to sign out a resource. Default is :delete. config.sign_out_via = :delete - # ==> OmniAuth - # Add a new OmniAuth provider. Check the wiki for more information on setting - # up on your models and hooks. - if !Rails.env.test? - config.omniauth :github, Rails.application.secrets.github[:client_id], Rails.application.secrets.github[:client_secret], scope: 'user:email' - end - # ==> Warden configuration # If you want to use other strategies, that are not supported by Devise, or # change the failure app, you can configure them inside the config.warden block. diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb deleted file mode 100644 index 1c1946a5c..000000000 --- a/config/initializers/omniauth.rb +++ /dev/null @@ -1,4 +0,0 @@ -# OmniAuth GET requests may be vulnerable to CSRF. -# Ensure that OmniAuth only uses POST requests. -# See https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284 -OmniAuth.config.allowed_request_methods = [:post] diff --git a/config/routes.rb b/config/routes.rb index c01dbf8b6..16c766f64 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -80,7 +80,6 @@ Rails.application.routes.draw do devise_for :administrations, skip: [:password, :registrations, :sessions], controllers: { - omniauth_callbacks: 'administrations/omniauth_callbacks' } devise_for :users, controllers: { diff --git a/config/secrets.yml b/config/secrets.yml index 6b5c38f4f..7d1cee78e 100644 --- a/config/secrets.yml +++ b/config/secrets.yml @@ -23,9 +23,6 @@ defaults: &defaults token_endpoint: <%= ENV['FC_PARTICULIER_BASE_URL'] %>/api/v1/token userinfo_endpoint: <%= ENV['FC_PARTICULIER_BASE_URL'] %>/api/v1/userinfo logout_endpoint: <%= ENV['FC_PARTICULIER_BASE_URL'] %>/api/v1/logout - github: - client_id: <%= ENV['GITHUB_CLIENT_ID'] %> - client_secret: <%= ENV['GITHUB_CLIENT_SECRET'] %> mailjet: api_key: <%= ENV['MAILJET_API_KEY'] %> secret_key: <%= ENV['MAILJET_SECRET_KEY'] %> diff --git a/spec/controllers/administrations/omniauth_callbacks_controller_spec.rb b/spec/controllers/administrations/omniauth_callbacks_controller_spec.rb deleted file mode 100644 index 09e68e8c8..000000000 --- a/spec/controllers/administrations/omniauth_callbacks_controller_spec.rb +++ /dev/null @@ -1,36 +0,0 @@ -describe Administrations::OmniauthCallbacksController, type: :controller do - before(:each) do - @request.env["devise.mapping"] = Devise.mappings[:administration] - end - - describe 'POST #github' do - let(:params) { { "info" => { "email" => email } } } - before do - allow(controller).to receive(:sign_in).and_return true - @request.env["omniauth.auth"] = params - end - subject { post :github } - - context 'with an authorized email' do - let(:email) { "ivan@tps.fr" } - let(:administration) { create(:administration, email: email) } - before { administration } - - it { is_expected.to redirect_to(manager_administrateurs_path) } - it do - expect(controller).to receive(:sign_in).with(administration) - subject - end - end - - context 'with an unauthorized email' do - let(:email) { "michel@tps.fr" } - - it { is_expected.to redirect_to(root_path) } - it do - expect(controller).to_not receive(:sign_in) - subject - end - end - end -end