Refine OpenID Connect Authentication from #1194 (#1399)

* Adds OpenID Connect. * Add CSS class for openid_connect omniauth provider * Add translation (de_DE and en) for openid_connect omniauth provider label * Make uid_field configurable for openid_connect omniauth provider * updates to support for openid * updates to support for openid * updated ldap gem * updated sample.env Co-authored-by: mapidentity <git@mapidentity.com> Co-authored-by: Jesus Federico <jesus@123it.ca> Co-authored-by: mapidentity <49822181+mapidentity@users.noreply.github.com>
2021-01-07 21:11:17 +01:00
parent 6be629ae82
commit 3b7b45cc03
11 changed files with 121 additions and 14 deletions
--- a/config/initializers/omniauth.rb
+++ b/config/initializers/omniauth.rb
@ -16,6 +16,9 @@ Rails.application.config.omniauth_twitter = ENV['TWITTER_ID'].present? && ENV['T
 Rails.application.config.omniauth_google = ENV['GOOGLE_OAUTH2_ID'].present? && ENV['GOOGLE_OAUTH2_SECRET'].present?
 Rails.application.config.omniauth_office365 = ENV['OFFICE365_KEY'].present? &&
                                              ENV['OFFICE365_SECRET'].present?
+Rails.application.config.omniauth_openid_connect = ENV['OPENID_CONNECT_CLIENT_ID'].present? &&
+                                                   ENV['OPENID_CONNECT_CLIENT_SECRET'].present? &&
+                                                   ENV['OPENID_CONNECT_ISSUER'].present?

 SETUP_PROC = lambda do |env|
  OmniauthOptions.omniauth_options env
@ -56,8 +59,44 @@ Rails.application.config.middleware.use OmniAuth::Builder do
      redirect = ENV['OAUTH2_REDIRECT'].present? ? File.join(ENV['OAUTH2_REDIRECT'], "auth", "office365", "callback") : nil

      provider :office365, ENV['OFFICE365_KEY'], ENV['OFFICE365_SECRET'],
-      redirect_uri: redirect,
-      setup: SETUP_PROC
+        redirect_uri: redirect,
+        setup: SETUP_PROC
+    end
+    if Rails.configuration.omniauth_openid_connect
+      Rails.application.config.providers << :openid_connect
+
+      redirect = ENV['OAUTH2_REDIRECT'].present? ? File.join(ENV['OAUTH2_REDIRECT'], "auth", "openid_connect", "callback") : nil
+
+      provider :openid_connect,
+        issuer: ENV["OPENID_CONNECT_ISSUER"],
+        discovery: true,
+        scope: [:email, :profile],
+        response_type: :code,
+        uid_field: ENV["OPENID_CONNECT_UID_FIELD"] || "preferred_username",
+        client_options: {
+          identifier: ENV['OPENID_CONNECT_CLIENT_ID'],
+          secret: ENV['OPENID_CONNECT_CLIENT_SECRET'],
+          redirect_uri: redirect
+        },
+        setup: SETUP_PROC
+    end
+    if Rails.configuration.omniauth_openid_connect
+      Rails.application.config.providers << :openid_connect
+
+      redirect = ENV['OAUTH2_REDIRECT'].present? ? File.join(ENV['OAUTH2_REDIRECT'], "auth", "openid_connect", "callback") : nil
+
+      provider :openid_connect,
+        issuer: ENV["OPENID_CONNECT_ISSUER"],
+        discovery: true,
+        scope: [:email, :profile],
+        response_type: :code,
+        uid_field: ENV["OPENID_CONNECT_UID_FIELD"] || "preferred_username",
+        client_options: {
+          identifier: ENV['OPENID_CONNECT_CLIENT_ID'],
+          secret: ENV['OPENID_CONNECT_CLIENT_SECRET'],
+          redirect_uri: redirect
+        },
+        setup: SETUP_PROC
    end
  end
 end
--- a/config/locales/de_DE.yml
+++ b/config/locales/de_DE.yml
@ -477,6 +477,7 @@ de_DE:
    office365: Office 365
    twitter: Twitter
    ldap: LDAP
+    openid_connect: OpenID Connect
  recaptcha:
    errors:
      recaptcha_unreachable: "Ups, es war nicht möglich die reCAPTCHA Antwort zu überprüfen. Bitte versuchen Sie es nochmals."
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@ -72,7 +72,7 @@ en:
      email_mapping:
        info: Map the user to a role using their email. Must be in the format email1=role1,email2=role2
        title: Role Mapping by Email
-        update: 
+        update:
      log_level:
        title: Log Level
        information: Change the Log Level for the entire deployment
@ -94,7 +94,7 @@ en:
        title: Maintenance Banner
        display: Set
        clear: Clear
-        time: "Example: Update scheduled on December 13 @ 23:00 ET. Users may experience problems signing in."        
+        time: "Example: Update scheduled on December 13 @ 23:00 ET. Users may experience problems signing in."
      preupload:
        info: Users can preupload a presentation to be used as the default presentation for that specific room
        title: Allow Users to Preupload Presentations
@ -478,6 +478,7 @@ en:
    office365: Office 365
    twitter: Twitter
    ldap: LDAP
+    openid_connect: OpenID Connect
  recaptcha:
    errors:
      recaptcha_unreachable: Oops, we failed to validate your reCAPTCHA response. Please try again.
@ -549,7 +550,7 @@ en:
      fail: Failed to delete room (%{error})
    enter_the_access_code: Enter the room's access code
    invalid_provider: You have entered an invalid url. Please check the url and try again.
-    invitation_description: You have been invited to join %{name} using BigBlueButton. To join, click the link above and enter your name.  
+    invitation_description: You have been invited to join %{name} using BigBlueButton. To join, click the link above and enter your name.
    invited: You have been invited to join
    recording_present: I acknowledge that this session is going to be recorded. This may include my voice and video if enabled.
    invite_participants: Invite Participants