remove github authentication for manager

Gemfile

@@ -49,8 +49,6 @@ gem 'kaminari', '1.2.1' # Pagination
 gem 'lograge'
 gem 'logstash-event'
 gem 'mailjet'
-gem 'omniauth-github'
-gem 'omniauth-rails_csrf_protection', '~> 0.1'
 gem 'openid_connect'
 gem 'pg'
 gem 'phonelib'

Gemfile.lock

@@ -407,7 +407,6 @@ GEM
     momentjs-rails (2.20.1)
       railties (>= 3.1)
     multi_json (1.15.0)
-    multi_xml (0.6.0)
     multipart-post (2.1.1)
     mustermann (1.1.1)
       ruby2_keywords (~> 0.0.1)
@@ -419,24 +418,6 @@ GEM
     notiffany (0.1.3)
       nenv (~> 0.1)
       shellany (~> 0.0)
-    oauth2 (1.4.4)
-      faraday (>= 0.8, < 2.0)
-      jwt (>= 1.0, < 3.0)
-      multi_json (~> 1.3)
-      multi_xml (~> 0.5)
-      rack (>= 1.2, < 3)
-    omniauth (1.9.1)
-      hashie (>= 3.4.6)
-      rack (>= 1.6.2, < 3)
-    omniauth-github (1.4.0)
-      omniauth (~> 1.5)
-      omniauth-oauth2 (>= 1.4.0, < 2.0)
-    omniauth-oauth2 (1.6.0)
-      oauth2 (~> 1.1)
-      omniauth (~> 1.9)
-    omniauth-rails_csrf_protection (0.1.2)
-      actionpack (>= 4.2)
-      omniauth (>= 1.3.1)
     open4 (1.3.4)
     openid_connect (1.1.8)
       activemodel
@@ -833,8 +814,6 @@ DEPENDENCIES
   logstash-event
   mailjet
   mina!
-  omniauth-github
-  omniauth-rails_csrf_protection (~> 0.1)
   openid_connect
   pg
   phonelib

app/controllers/administrations/omniauth_callbacks_controller.rb

@@ -1,16 +0,0 @@
-class Administrations::OmniauthCallbacksController < Devise::OmniauthCallbacksController
-  def github
-    administration = Administration.from_omniauth(request.env["omniauth.auth"])
-    if administration.present?
-      sign_in administration
-      redirect_to manager_administrateurs_path
-    else
-      flash[:alert] = "Compte GitHub non autorisé"
-      redirect_to root_path
-    end
-  end
-
-  def failure
-    redirect_to root_path
-  end
-end

app/models/administration.rb

@@ -22,11 +22,7 @@
 class Administration < ApplicationRecord
   # Include default devise modules. Others available are:
   # :confirmable, :lockable, :timeoutable and :omniauthable
-  devise :database_authenticatable, :rememberable, :trackable, :validatable, :omniauthable, :lockable, :async, omniauth_providers: [:github]
-
-  def self.from_omniauth(params)
-    find_by(email: params["info"]["email"])
-  end
+  devise :database_authenticatable, :rememberable, :trackable, :validatable, :lockable, :async
 
   def invite_admin(email)
     user = User.create_or_promote_to_administrateur(email, SecureRandom.hex)

config/env.example

@@ -42,10 +42,6 @@ FC_PARTICULIER_ID=""
 FC_PARTICULIER_SECRET=""
 FC_PARTICULIER_BASE_URL=""
 
-# Service externe: Authentification pour manager (auth Github obligatoire), permet d'accéder à /manager
-GITHUB_CLIENT_ID=""
-GITHUB_CLIENT_SECRET=""
-
 # Service externe: Support Utilisateur HelpScout | Spécifique démarches-simplifiées.fr
 HELPSCOUT_MAILBOX_ID=""
 HELPSCOUT_CLIENT_ID=""

config/initializers/devise.rb

@@ -232,13 +232,6 @@ Devise.setup do |config|
   # The default HTTP method used to sign out a resource. Default is :delete.
   config.sign_out_via = :delete
 
-  # ==> OmniAuth
-  # Add a new OmniAuth provider. Check the wiki for more information on setting
-  # up on your models and hooks.
-  if !Rails.env.test?
-    config.omniauth :github, Rails.application.secrets.github[:client_id], Rails.application.secrets.github[:client_secret], scope: 'user:email'
-  end
-
   # ==> Warden configuration
   # If you want to use other strategies, that are not supported by Devise, or
   # change the failure app, you can configure them inside the config.warden block.

config/initializers/omniauth.rb

@@ -1,4 +0,0 @@
-# OmniAuth GET requests may be vulnerable to CSRF.
-# Ensure that OmniAuth only uses POST requests.
-# See https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284
-OmniAuth.config.allowed_request_methods = [:post]

config/routes.rb

@@ -80,7 +80,6 @@ Rails.application.routes.draw do
   devise_for :administrations,
     skip: [:password, :registrations, :sessions],
     controllers: {
-      omniauth_callbacks: 'administrations/omniauth_callbacks'
     }
 
   devise_for :users, controllers: {

config/secrets.yml

@@ -23,9 +23,6 @@ defaults: &defaults
     token_endpoint: <%= ENV['FC_PARTICULIER_BASE_URL'] %>/api/v1/token
     userinfo_endpoint: <%= ENV['FC_PARTICULIER_BASE_URL'] %>/api/v1/userinfo
     logout_endpoint: <%= ENV['FC_PARTICULIER_BASE_URL'] %>/api/v1/logout
-  github:
-    client_id: <%= ENV['GITHUB_CLIENT_ID'] %>
-    client_secret: <%= ENV['GITHUB_CLIENT_SECRET'] %>
   mailjet:
     api_key: <%= ENV['MAILJET_API_KEY'] %>
     secret_key: <%= ENV['MAILJET_SECRET_KEY'] %>

spec/controllers/administrations/omniauth_callbacks_controller_spec.rb

@@ -1,36 +0,0 @@
-describe Administrations::OmniauthCallbacksController, type: :controller do
-  before(:each) do
-    @request.env["devise.mapping"] = Devise.mappings[:administration]
-  end
-
-  describe 'POST #github' do
-    let(:params) { { "info" => { "email" => email } } }
-    before do
-      allow(controller).to receive(:sign_in).and_return true
-      @request.env["omniauth.auth"] = params
-    end
-    subject { post :github }
-
-    context 'with an authorized email' do
-      let(:email) { "ivan@tps.fr" }
-      let(:administration) { create(:administration, email: email) }
-      before { administration }
-
-      it { is_expected.to redirect_to(manager_administrateurs_path) }
-      it do
-        expect(controller).to receive(:sign_in).with(administration)
-        subject
-      end
-    end
-
-    context 'with an unauthorized email' do
-      let(:email) { "michel@tps.fr" }
-
-      it { is_expected.to redirect_to(root_path) }
-      it do
-        expect(controller).to_not receive(:sign_in)
-        subject
-      end
-    end
-  end
-end