remove github authentication for manager
This commit is contained in:
parent
29cfdfbe91
commit
6c2eb22960
10 changed files with 1 additions and 99 deletions
2
Gemfile
2
Gemfile
|
@ -49,8 +49,6 @@ gem 'kaminari', '1.2.1' # Pagination
|
||||||
gem 'lograge'
|
gem 'lograge'
|
||||||
gem 'logstash-event'
|
gem 'logstash-event'
|
||||||
gem 'mailjet'
|
gem 'mailjet'
|
||||||
gem 'omniauth-github'
|
|
||||||
gem 'omniauth-rails_csrf_protection', '~> 0.1'
|
|
||||||
gem 'openid_connect'
|
gem 'openid_connect'
|
||||||
gem 'pg'
|
gem 'pg'
|
||||||
gem 'phonelib'
|
gem 'phonelib'
|
||||||
|
|
21
Gemfile.lock
21
Gemfile.lock
|
@ -407,7 +407,6 @@ GEM
|
||||||
momentjs-rails (2.20.1)
|
momentjs-rails (2.20.1)
|
||||||
railties (>= 3.1)
|
railties (>= 3.1)
|
||||||
multi_json (1.15.0)
|
multi_json (1.15.0)
|
||||||
multi_xml (0.6.0)
|
|
||||||
multipart-post (2.1.1)
|
multipart-post (2.1.1)
|
||||||
mustermann (1.1.1)
|
mustermann (1.1.1)
|
||||||
ruby2_keywords (~> 0.0.1)
|
ruby2_keywords (~> 0.0.1)
|
||||||
|
@ -419,24 +418,6 @@ GEM
|
||||||
notiffany (0.1.3)
|
notiffany (0.1.3)
|
||||||
nenv (~> 0.1)
|
nenv (~> 0.1)
|
||||||
shellany (~> 0.0)
|
shellany (~> 0.0)
|
||||||
oauth2 (1.4.4)
|
|
||||||
faraday (>= 0.8, < 2.0)
|
|
||||||
jwt (>= 1.0, < 3.0)
|
|
||||||
multi_json (~> 1.3)
|
|
||||||
multi_xml (~> 0.5)
|
|
||||||
rack (>= 1.2, < 3)
|
|
||||||
omniauth (1.9.1)
|
|
||||||
hashie (>= 3.4.6)
|
|
||||||
rack (>= 1.6.2, < 3)
|
|
||||||
omniauth-github (1.4.0)
|
|
||||||
omniauth (~> 1.5)
|
|
||||||
omniauth-oauth2 (>= 1.4.0, < 2.0)
|
|
||||||
omniauth-oauth2 (1.6.0)
|
|
||||||
oauth2 (~> 1.1)
|
|
||||||
omniauth (~> 1.9)
|
|
||||||
omniauth-rails_csrf_protection (0.1.2)
|
|
||||||
actionpack (>= 4.2)
|
|
||||||
omniauth (>= 1.3.1)
|
|
||||||
open4 (1.3.4)
|
open4 (1.3.4)
|
||||||
openid_connect (1.1.8)
|
openid_connect (1.1.8)
|
||||||
activemodel
|
activemodel
|
||||||
|
@ -833,8 +814,6 @@ DEPENDENCIES
|
||||||
logstash-event
|
logstash-event
|
||||||
mailjet
|
mailjet
|
||||||
mina!
|
mina!
|
||||||
omniauth-github
|
|
||||||
omniauth-rails_csrf_protection (~> 0.1)
|
|
||||||
openid_connect
|
openid_connect
|
||||||
pg
|
pg
|
||||||
phonelib
|
phonelib
|
||||||
|
|
|
@ -1,16 +0,0 @@
|
||||||
class Administrations::OmniauthCallbacksController < Devise::OmniauthCallbacksController
|
|
||||||
def github
|
|
||||||
administration = Administration.from_omniauth(request.env["omniauth.auth"])
|
|
||||||
if administration.present?
|
|
||||||
sign_in administration
|
|
||||||
redirect_to manager_administrateurs_path
|
|
||||||
else
|
|
||||||
flash[:alert] = "Compte GitHub non autorisé"
|
|
||||||
redirect_to root_path
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
def failure
|
|
||||||
redirect_to root_path
|
|
||||||
end
|
|
||||||
end
|
|
|
@ -22,11 +22,7 @@
|
||||||
class Administration < ApplicationRecord
|
class Administration < ApplicationRecord
|
||||||
# Include default devise modules. Others available are:
|
# Include default devise modules. Others available are:
|
||||||
# :confirmable, :lockable, :timeoutable and :omniauthable
|
# :confirmable, :lockable, :timeoutable and :omniauthable
|
||||||
devise :database_authenticatable, :rememberable, :trackable, :validatable, :omniauthable, :lockable, :async, omniauth_providers: [:github]
|
devise :database_authenticatable, :rememberable, :trackable, :validatable, :lockable, :async
|
||||||
|
|
||||||
def self.from_omniauth(params)
|
|
||||||
find_by(email: params["info"]["email"])
|
|
||||||
end
|
|
||||||
|
|
||||||
def invite_admin(email)
|
def invite_admin(email)
|
||||||
user = User.create_or_promote_to_administrateur(email, SecureRandom.hex)
|
user = User.create_or_promote_to_administrateur(email, SecureRandom.hex)
|
||||||
|
|
|
@ -42,10 +42,6 @@ FC_PARTICULIER_ID=""
|
||||||
FC_PARTICULIER_SECRET=""
|
FC_PARTICULIER_SECRET=""
|
||||||
FC_PARTICULIER_BASE_URL=""
|
FC_PARTICULIER_BASE_URL=""
|
||||||
|
|
||||||
# Service externe: Authentification pour manager (auth Github obligatoire), permet d'accéder à /manager
|
|
||||||
GITHUB_CLIENT_ID=""
|
|
||||||
GITHUB_CLIENT_SECRET=""
|
|
||||||
|
|
||||||
# Service externe: Support Utilisateur HelpScout | Spécifique démarches-simplifiées.fr
|
# Service externe: Support Utilisateur HelpScout | Spécifique démarches-simplifiées.fr
|
||||||
HELPSCOUT_MAILBOX_ID=""
|
HELPSCOUT_MAILBOX_ID=""
|
||||||
HELPSCOUT_CLIENT_ID=""
|
HELPSCOUT_CLIENT_ID=""
|
||||||
|
|
|
@ -232,13 +232,6 @@ Devise.setup do |config|
|
||||||
# The default HTTP method used to sign out a resource. Default is :delete.
|
# The default HTTP method used to sign out a resource. Default is :delete.
|
||||||
config.sign_out_via = :delete
|
config.sign_out_via = :delete
|
||||||
|
|
||||||
# ==> OmniAuth
|
|
||||||
# Add a new OmniAuth provider. Check the wiki for more information on setting
|
|
||||||
# up on your models and hooks.
|
|
||||||
if !Rails.env.test?
|
|
||||||
config.omniauth :github, Rails.application.secrets.github[:client_id], Rails.application.secrets.github[:client_secret], scope: 'user:email'
|
|
||||||
end
|
|
||||||
|
|
||||||
# ==> Warden configuration
|
# ==> Warden configuration
|
||||||
# If you want to use other strategies, that are not supported by Devise, or
|
# If you want to use other strategies, that are not supported by Devise, or
|
||||||
# change the failure app, you can configure them inside the config.warden block.
|
# change the failure app, you can configure them inside the config.warden block.
|
||||||
|
|
|
@ -1,4 +0,0 @@
|
||||||
# OmniAuth GET requests may be vulnerable to CSRF.
|
|
||||||
# Ensure that OmniAuth only uses POST requests.
|
|
||||||
# See https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284
|
|
||||||
OmniAuth.config.allowed_request_methods = [:post]
|
|
|
@ -80,7 +80,6 @@ Rails.application.routes.draw do
|
||||||
devise_for :administrations,
|
devise_for :administrations,
|
||||||
skip: [:password, :registrations, :sessions],
|
skip: [:password, :registrations, :sessions],
|
||||||
controllers: {
|
controllers: {
|
||||||
omniauth_callbacks: 'administrations/omniauth_callbacks'
|
|
||||||
}
|
}
|
||||||
|
|
||||||
devise_for :users, controllers: {
|
devise_for :users, controllers: {
|
||||||
|
|
|
@ -23,9 +23,6 @@ defaults: &defaults
|
||||||
token_endpoint: <%= ENV['FC_PARTICULIER_BASE_URL'] %>/api/v1/token
|
token_endpoint: <%= ENV['FC_PARTICULIER_BASE_URL'] %>/api/v1/token
|
||||||
userinfo_endpoint: <%= ENV['FC_PARTICULIER_BASE_URL'] %>/api/v1/userinfo
|
userinfo_endpoint: <%= ENV['FC_PARTICULIER_BASE_URL'] %>/api/v1/userinfo
|
||||||
logout_endpoint: <%= ENV['FC_PARTICULIER_BASE_URL'] %>/api/v1/logout
|
logout_endpoint: <%= ENV['FC_PARTICULIER_BASE_URL'] %>/api/v1/logout
|
||||||
github:
|
|
||||||
client_id: <%= ENV['GITHUB_CLIENT_ID'] %>
|
|
||||||
client_secret: <%= ENV['GITHUB_CLIENT_SECRET'] %>
|
|
||||||
mailjet:
|
mailjet:
|
||||||
api_key: <%= ENV['MAILJET_API_KEY'] %>
|
api_key: <%= ENV['MAILJET_API_KEY'] %>
|
||||||
secret_key: <%= ENV['MAILJET_SECRET_KEY'] %>
|
secret_key: <%= ENV['MAILJET_SECRET_KEY'] %>
|
||||||
|
|
|
@ -1,36 +0,0 @@
|
||||||
describe Administrations::OmniauthCallbacksController, type: :controller do
|
|
||||||
before(:each) do
|
|
||||||
@request.env["devise.mapping"] = Devise.mappings[:administration]
|
|
||||||
end
|
|
||||||
|
|
||||||
describe 'POST #github' do
|
|
||||||
let(:params) { { "info" => { "email" => email } } }
|
|
||||||
before do
|
|
||||||
allow(controller).to receive(:sign_in).and_return true
|
|
||||||
@request.env["omniauth.auth"] = params
|
|
||||||
end
|
|
||||||
subject { post :github }
|
|
||||||
|
|
||||||
context 'with an authorized email' do
|
|
||||||
let(:email) { "ivan@tps.fr" }
|
|
||||||
let(:administration) { create(:administration, email: email) }
|
|
||||||
before { administration }
|
|
||||||
|
|
||||||
it { is_expected.to redirect_to(manager_administrateurs_path) }
|
|
||||||
it do
|
|
||||||
expect(controller).to receive(:sign_in).with(administration)
|
|
||||||
subject
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
context 'with an unauthorized email' do
|
|
||||||
let(:email) { "michel@tps.fr" }
|
|
||||||
|
|
||||||
it { is_expected.to redirect_to(root_path) }
|
|
||||||
it do
|
|
||||||
expect(controller).to_not receive(:sign_in)
|
|
||||||
subject
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
Loading…
Reference in a new issue