DGNum/demarches-normaliennes
14
1
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

Merge pull request #1145 from sgmap/fix_1096

Browse source 
[RGS] GitHub Oauth
This commit is contained in:
gregoirenovel 2017-12-22 12:57:57 +01:00 committed by GitHub
commit df8bc786e6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
19 changed files with 149 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -27,6 +27,7 @@ config/initializers/token.rb
config/initializers/super_admin.rb config/initializers/super_admin.rb
doc/*.svg doc/*.svg
config/france_connect.yml config/france_connect.yml
config/github_secrets.yml
config/initializers/mailjet.rb config/initializers/mailjet.rb
config/fog_credentials.yml config/fog_credentials.yml
uploads/* uploads/*

1
Gemfile
View file

@ -44,6 +44,7 @@ gem 'unicode_utils'
# Gestion des comptes utilisateurs # Gestion des comptes utilisateurs
gem 'devise' gem 'devise'
gem 'openid_connect' gem 'openid_connect'
gem 'omniauth-github'
gem 'rest-client' gem 'rest-client'

18
Gemfile.lock
View file

@ -357,6 +357,7 @@ GEM
url_safe_base64 url_safe_base64
jsonapi (0.1.1.beta2) jsonapi (0.1.1.beta2)
json (~> 1.8) json (~> 1.8)
jwt (1.5.6)
kaminari (0.17.0) kaminari (0.17.0)
actionpack (>= 3.0.0) actionpack (>= 3.0.0)
activesupport (>= 3.0.0) activesupport (>= 3.0.0)
@ -396,6 +397,7 @@ GEM
mini_portile2 (2.3.0) mini_portile2 (2.3.0)
minitest (5.10.3) minitest (5.10.3)
multi_json (1.12.1) multi_json (1.12.1)
multi_xml (0.6.0)
multipart-post (2.0.0) multipart-post (2.0.0)
mustermann (1.0.1) mustermann (1.0.1)
nenv (0.3.0) nenv (0.3.0)
@ -406,6 +408,21 @@ GEM
notiffany (0.1.1) notiffany (0.1.1)
nenv (~> 0.1) nenv (~> 0.1)
shellany (~> 0.0) shellany (~> 0.0)
oauth2 (1.4.0)
faraday (>= 0.8, < 0.13)
jwt (~> 1.0)
multi_json (~> 1.3)
multi_xml (~> 0.5)
rack (>= 1.2, < 3)
omniauth (1.7.1)
hashie (>= 3.4.6, < 3.6.0)
rack (>= 1.6.2, < 3)
omniauth-github (1.3.0)
omniauth (~> 1.5)
omniauth-oauth2 (>= 1.4.0, < 2.0)
omniauth-oauth2 (1.5.0)
oauth2 (~> 1.1)
omniauth (~> 1.2)
open4 (1.3.4) open4 (1.3.4)
openid_connect (0.12.0) openid_connect (0.12.0)
activemodel activemodel
@ -720,6 +737,7 @@ DEPENDENCIES
mailjet mailjet
maruku maruku
mina! mina!
omniauth-github
openid_connect openid_connect
openstack openstack
pg pg

4
app/assets/stylesheets/new_design/flex.scss
View file

@ -16,4 +16,8 @@
&.justify-between { &.justify-between {
justify-content: space-between; justify-content: space-between;
} }
&.justify-center {
justify-content: center;
}
} }

11
app/assets/stylesheets/new_design/super_admin.scss Normal file
View file

@ -0,0 +1,11 @@
@import "constants";
.super-admin {
margin-top: 40px;
text-align: center;
h2 {
font-size: 24px;
margin-bottom: 4 * $default-spacer;
}
}

16
app/controllers/administrations/omniauth_callbacks_controller.rb Normal file
View file

@ -0,0 +1,16 @@
class Administrations::OmniauthCallbacksController < Devise::OmniauthCallbacksController
def github
administration = Administration.from_omniauth(request.env["omniauth.auth"])
if administration.present?
sign_in administration
redirect_to administrations_path
else
flash[:alert] = "Compte GitHub non autorisé"
redirect_to root_path
end
end
def failure
redirect_to root_path
end
end

11
app/controllers/administrations/sessions_controller.rb Normal file
View file

@ -0,0 +1,11 @@
class Administrations::SessionsController < ApplicationController
layout "new_application"
def new
end
def destroy
sign_out :administration if administration_signed_in?
redirect_to root_path
end
end

2
app/controllers/administrations_controller.rb
View file

@ -18,7 +18,7 @@ class AdministrationsController < ApplicationController
if admin.save if admin.save
flash.notice = "Administrateur créé" flash.notice = "Administrateur créé"
NewAdminMailer.new_admin_email(admin).deliver_now! NewAdminMailer.new_admin_email(admin, current_administration).deliver_now!
else else
flash.alert = admin.errors.full_messages flash.alert = admin.errors.full_messages
end end

3
app/mailers/new_admin_mailer.rb
View file

@ -1,6 +1,7 @@
class NewAdminMailer < ApplicationMailer class NewAdminMailer < ApplicationMailer
def new_admin_email admin def new_admin_email admin, administration
@admin = admin @admin = admin
@administration = administration
mail(to: 'tech@tps.apientreprise.fr', mail(to: 'tech@tps.apientreprise.fr',
subject: "Création d'un compte Admin TPS") subject: "Création d'un compte Admin TPS")

6
app/models/administration.rb
View file

@ -1,5 +1,9 @@
class Administration < ActiveRecord::Base class Administration < ActiveRecord::Base
# Include default devise modules. Others available are: # Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable and :omniauthable # :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :rememberable, :trackable, :validatable devise :database_authenticatable, :rememberable, :trackable, :validatable, :omniauthable, omniauth_providers: [:github]
def self.from_omniauth(params)
find_by(email: params["info"]["email"])
end
end end

2
app/views/administrations/index.html.haml
View file

@ -13,4 +13,4 @@
%br %br
.text-center .text-center
= link_to 'Deconnexion', '/administrations/sign_out', method: :delete = link_to 'Deconnexion', administrations_sign_out_path, method: :delete

6
app/views/administrations/sessions/new.html.haml Normal file
View file

@ -0,0 +1,6 @@
.super-admin.flex.justify-center
%div
%h2 Espace Admin
= link_to administration_github_omniauth_authorize_path, class: "button large" do
%span.icon.lock
Connexion avec GitHub

2
app/views/new_admin_mailer/new_admin_email.text.erb
View file

@ -4,6 +4,8 @@ Plateforme : <%= TPS::Application::URL %>
Login : <%= @admin.email %> Login : <%= @admin.email %>
Créateur : <%= @administration.email %>
Bonne journée, Bonne journée,
L'équipe Téléprocédures Simplifiées L'équipe Téléprocédures Simplifiées

1
config/deploy.rb
View file

@ -65,6 +65,7 @@ set :shared_paths, [
"config/unicorn.rb", "config/unicorn.rb",
"config/initializers/raven.rb", "config/initializers/raven.rb",
'config/france_connect.yml', 'config/france_connect.yml',
'config/github_secrets.yml',
'config/initializers/mailjet.rb', 'config/initializers/mailjet.rb',
'config/initializers/storage_url.rb' 'config/initializers/storage_url.rb'
] ]

5
config/initializers/devise.rb
View file

@ -232,7 +232,10 @@ Devise.setup do |config|
# ==> OmniAuth # ==> OmniAuth
# Add a new OmniAuth provider. Check the wiki for more information on setting # Add a new OmniAuth provider. Check the wiki for more information on setting
# up on your models and hooks. # up on your models and hooks.
# config.omniauth :github, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo' if !Rails.env.test?
github_secrets = YAML::load_file(File.join(__dir__, '../github_secrets.yml'))
config.omniauth :github, github_secrets['client_id'], github_secrets['client_secret'], scope: 'user:email'
end
# ==> Warden configuration # ==> Warden configuration
# If you want to use other strategies, that are not supported by Devise, or # If you want to use other strategies, that are not supported by Devise, or

8
config/routes.rb
View file

@ -1,7 +1,11 @@
Rails.application.routes.draw do Rails.application.routes.draw do
get "/ping" => "ping#index", :constraints => {:ip => /127.0.0.1/} get "/ping" => "ping#index", :constraints => {:ip => /127.0.0.1/}
devise_for :administrations, skip: [:password, :registrations] devise_for :administrations,
skip: [:password, :registrations, :sessions],
controllers: {
omniauth_callbacks: 'administrations/omniauth_callbacks'
}
devise_for :administrateurs, controllers: { devise_for :administrateurs, controllers: {
sessions: 'administrateurs/sessions' sessions: 'administrateurs/sessions'
@ -42,6 +46,8 @@ Rails.application.routes.draw do
get 'admin' => 'admin#index' get 'admin' => 'admin#index'
get 'backoffice' => 'backoffice#index' get 'backoffice' => 'backoffice#index'
get 'administrations/sign_in' => 'administrations/sessions#new'
delete 'administrations/sign_out' => 'administrations/sessions#destroy'
authenticate :administration do authenticate :administration do
resources :administrations, only: [:index, :create] resources :administrations, only: [:index, :create]
namespace :administrations do namespace :administrations do

8
lib/tasks/2017_12_20_delete_old_administration.rake Normal file
View file

@ -0,0 +1,8 @@
namespace :'2017_12_20_delete_old_administration' do
task set: :environment do
Administration.all.each do |a|
puts "Deleting #{a.email}"
a.destroy
end
end
end

12
lib/tasks/admin.rake Normal file
View file

@ -0,0 +1,12 @@
namespace :admin do
task :create_admin, [:email] => :environment do |t, args|
email = args[:email]
puts "Creating Administration for #{email}"
a = Administration.new(email: email, password: Devise.friendly_token[0,20])
if a.save
puts "#{a.email} created"
else
puts "An error occured : #{a.errors.full_messages}"
end
end
end

38
spec/controllers/administrations/omniauth_callbacks_controller_spec.rb Normal file
View file

@ -0,0 +1,38 @@
require 'spec_helper'
describe Administrations::OmniauthCallbacksController, type: :controller do
before(:each) do
@request.env["devise.mapping"] = Devise.mappings[:administration]
end
describe 'POST #github' do
let(:params) { { "info" => { "email" => email } } }
before do
controller.stub(:sign_in).and_return true
@request.env["omniauth.auth"] = params
end
subject { post :github }
context 'with an authorized email' do
let(:email) { "ivan@tps.fr" }
let(:administration) { create(:administration, email: email) }
before { administration }
it { is_expected.to redirect_to(administrations_path) }
it do
expect(controller).to receive(:sign_in).with(administration)
subject
end
end
context 'with an unauthorized email' do
let(:email) { "michel@tps.fr" }
it { is_expected.to redirect_to(root_path) }
it do
expect(controller).to_not receive(:sign_in)
subject
end
end
end
end