Merge pull request #1145 from sgmap/fix_1096

[RGS] GitHub Oauth
2017-12-22 12:57:57 +01:00 · 2017-12-22 12:57:57 +01:00 · df8bc786e6
commit df8bc786e6
parent 271860ae34 fab00b1674
19 changed files with 149 additions and 6 deletions
--- a/.gitignore
+++ b/.gitignore
@ -27,6 +27,7 @@ config/initializers/token.rb
 config/initializers/super_admin.rb
 doc/*.svg
 config/france_connect.yml
+config/github_secrets.yml
 config/initializers/mailjet.rb
 config/fog_credentials.yml
 uploads/*
--- a/1
+++ b/1
@ -44,6 +44,7 @@ gem 'unicode_utils'
 # Gestion des comptes utilisateurs
 gem 'devise'
 gem 'openid_connect'
+gem 'omniauth-github'

 gem 'rest-client'

--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -357,6 +357,7 @@ GEM
      url_safe_base64
    jsonapi (0.1.1.beta2)
      json (~> 1.8)
+    jwt (1.5.6)
    kaminari (0.17.0)
      actionpack (>= 3.0.0)
      activesupport (>= 3.0.0)
@ -396,6 +397,7 @@ GEM
    mini_portile2 (2.3.0)
    minitest (5.10.3)
    multi_json (1.12.1)
+    multi_xml (0.6.0)
    multipart-post (2.0.0)
    mustermann (1.0.1)
    nenv (0.3.0)
@ -406,6 +408,21 @@ GEM
    notiffany (0.1.1)
      nenv (~> 0.1)
      shellany (~> 0.0)
+    oauth2 (1.4.0)
+      faraday (>= 0.8, < 0.13)
+      jwt (~> 1.0)
+      multi_json (~> 1.3)
+      multi_xml (~> 0.5)
+      rack (>= 1.2, < 3)
+    omniauth (1.7.1)
+      hashie (>= 3.4.6, < 3.6.0)
+      rack (>= 1.6.2, < 3)
+    omniauth-github (1.3.0)
+      omniauth (~> 1.5)
+      omniauth-oauth2 (>= 1.4.0, < 2.0)
+    omniauth-oauth2 (1.5.0)
+      oauth2 (~> 1.1)
+      omniauth (~> 1.2)
    open4 (1.3.4)
    openid_connect (0.12.0)
      activemodel
@ -720,6 +737,7 @@ DEPENDENCIES
  mailjet
  maruku
  mina!
+  omniauth-github
  openid_connect
  openstack
  pg
--- a/app/assets/stylesheets/new_design/flex.scss
+++ b/app/assets/stylesheets/new_design/flex.scss
@ -16,4 +16,8 @@
  &.justify-between {
    justify-content: space-between;
  }
+
+  &.justify-center {
+    justify-content: center;
+  }
 }
--- a/app/assets/stylesheets/new_design/super_admin.scss
+++ b/app/assets/stylesheets/new_design/super_admin.scss
@ -0,0 +1,11 @@
+@import "constants";
+
+.super-admin {
+  margin-top: 40px;
+  text-align: center;
+
+  h2 {
+    font-size: 24px;
+    margin-bottom: 4 * $default-spacer;
+  }
+}
--- a/app/controllers/administrations/omniauth_callbacks_controller.rb
+++ b/app/controllers/administrations/omniauth_callbacks_controller.rb
@ -0,0 +1,16 @@
+class Administrations::OmniauthCallbacksController < Devise::OmniauthCallbacksController
+  def github
+    administration = Administration.from_omniauth(request.env["omniauth.auth"])
+    if administration.present?
+      sign_in administration
+      redirect_to administrations_path
+    else
+      flash[:alert] = "Compte GitHub non autorisé"
+      redirect_to root_path
+    end
+  end
+
+  def failure
+    redirect_to root_path
+  end
+end
--- a/app/controllers/administrations/sessions_controller.rb
+++ b/app/controllers/administrations/sessions_controller.rb
@ -0,0 +1,11 @@
+class Administrations::SessionsController < ApplicationController
+  layout "new_application"
+
+  def new
+  end
+
+  def destroy
+    sign_out :administration if administration_signed_in?
+    redirect_to root_path
+  end
+end
--- a/app/controllers/administrations_controller.rb
+++ b/app/controllers/administrations_controller.rb
@ -18,7 +18,7 @@ class AdministrationsController < ApplicationController

    if admin.save
      flash.notice = "Administrateur créé"
-      NewAdminMailer.new_admin_email(admin).deliver_now!
+      NewAdminMailer.new_admin_email(admin, current_administration).deliver_now!
    else
      flash.alert = admin.errors.full_messages
    end
--- a/app/mailers/new_admin_mailer.rb
+++ b/app/mailers/new_admin_mailer.rb
@ -1,6 +1,7 @@
 class NewAdminMailer < ApplicationMailer
-  def new_admin_email admin
+  def new_admin_email admin, administration
    @admin = admin
+    @administration = administration

    mail(to: 'tech@tps.apientreprise.fr',
         subject: "Création d'un compte Admin TPS")
--- a/app/models/administration.rb
+++ b/app/models/administration.rb
@ -1,5 +1,9 @@
 class Administration < ActiveRecord::Base
  # Include default devise modules. Others available are:
  # :confirmable, :lockable, :timeoutable and :omniauthable
-  devise :database_authenticatable, :rememberable, :trackable, :validatable
+  devise :database_authenticatable, :rememberable, :trackable, :validatable, :omniauthable, omniauth_providers: [:github]
+
+  def self.from_omniauth(params)
+    find_by(email: params["info"]["email"])
+  end
 end
--- a/app/views/administrations/index.html.haml
+++ b/app/views/administrations/index.html.haml
@ -13,4 +13,4 @@
    %br

    .text-center
-      = link_to 'Deconnexion', '/administrations/sign_out', method: :delete
+      = link_to 'Deconnexion', administrations_sign_out_path, method: :delete
--- a/app/views/administrations/sessions/new.html.haml
+++ b/app/views/administrations/sessions/new.html.haml
@ -0,0 +1,6 @@
+.super-admin.flex.justify-center
+  %div
+    %h2 Espace Admin
+    = link_to administration_github_omniauth_authorize_path, class: "button large" do
+      %span.icon.lock
+      Connexion avec GitHub
--- a/app/views/new_admin_mailer/new_admin_email.text.erb
+++ b/app/views/new_admin_mailer/new_admin_email.text.erb
@ -4,6 +4,8 @@ Plateforme : <%= TPS::Application::URL %>

 Login : <%= @admin.email %>

+Créateur : <%= @administration.email %>
+
 Bonne journée,

 L'équipe Téléprocédures Simplifiées
--- a/config/deploy.rb
+++ b/config/deploy.rb
@ -65,6 +65,7 @@ set :shared_paths, [
                     "config/unicorn.rb",
                     "config/initializers/raven.rb",
                     'config/france_connect.yml',
+                     'config/github_secrets.yml',
                     'config/initializers/mailjet.rb',
                     'config/initializers/storage_url.rb'
                 ]
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@ -232,7 +232,10 @@ Devise.setup do |config|
  # ==> OmniAuth
  # Add a new OmniAuth provider. Check the wiki for more information on setting
  # up on your models and hooks.
-  # config.omniauth :github, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo'
+  if !Rails.env.test?
+    github_secrets = YAML::load_file(File.join(__dir__, '../github_secrets.yml'))
+    config.omniauth :github, github_secrets['client_id'], github_secrets['client_secret'], scope: 'user:email'
+  end

  # ==> Warden configuration
  # If you want to use other strategies, that are not supported by Devise, or
--- a/config/routes.rb
+++ b/config/routes.rb
@ -1,7 +1,11 @@
 Rails.application.routes.draw do
  get "/ping" => "ping#index", :constraints => {:ip => /127.0.0.1/}

-  devise_for :administrations, skip: [:password, :registrations]
+  devise_for :administrations,
+    skip: [:password, :registrations, :sessions],
+    controllers: {
+      omniauth_callbacks: 'administrations/omniauth_callbacks'
+    }

  devise_for :administrateurs, controllers: {
                                 sessions: 'administrateurs/sessions'
@ -42,6 +46,8 @@ Rails.application.routes.draw do
  get 'admin' => 'admin#index'
  get 'backoffice' => 'backoffice#index'

+  get 'administrations/sign_in' => 'administrations/sessions#new'
+  delete 'administrations/sign_out' => 'administrations/sessions#destroy'
  authenticate :administration do
    resources :administrations, only: [:index, :create]
    namespace :administrations do
--- a/lib/tasks/2017_12_20_delete_old_administration.rake
+++ b/lib/tasks/2017_12_20_delete_old_administration.rake
@ -0,0 +1,8 @@
+namespace :'2017_12_20_delete_old_administration' do
+  task set: :environment do
+    Administration.all.each do |a|
+      puts "Deleting #{a.email}"
+      a.destroy
+    end
+  end
+end
--- a/lib/tasks/admin.rake
+++ b/lib/tasks/admin.rake
@ -0,0 +1,12 @@
+namespace :admin do
+  task :create_admin, [:email] => :environment do |t, args|
+    email = args[:email]
+    puts "Creating Administration for #{email}"
+    a = Administration.new(email: email, password: Devise.friendly_token[0,20])
+    if a.save
+      puts "#{a.email} created"
+    else
+      puts "An error occured : #{a.errors.full_messages}"
+    end
+  end
+end
--- a/spec/controllers/administrations/omniauth_callbacks_controller_spec.rb
+++ b/spec/controllers/administrations/omniauth_callbacks_controller_spec.rb
@ -0,0 +1,38 @@
+require 'spec_helper'
+
+describe Administrations::OmniauthCallbacksController, type: :controller do
+  before(:each) do
+    @request.env["devise.mapping"] = Devise.mappings[:administration]
+  end
+
+  describe 'POST #github' do
+    let(:params) { { "info" => { "email" => email } } }
+    before do
+      controller.stub(:sign_in).and_return true
+      @request.env["omniauth.auth"] = params
+    end
+    subject { post :github }
+
+    context 'with an authorized email' do
+      let(:email) { "ivan@tps.fr" }
+      let(:administration) { create(:administration, email: email) }
+      before { administration }
+
+      it { is_expected.to redirect_to(administrations_path) }
+      it do
+        expect(controller).to receive(:sign_in).with(administration)
+        subject
+      end
+    end
+
+    context 'with an unauthorized email' do
+      let(:email) { "michel@tps.fr" }
+
+      it { is_expected.to redirect_to(root_path) }
+      it do
+        expect(controller).to_not receive(:sign_in)
+        subject
+      end
+    end
+  end
+end