GRN2-30: Add custom ldap sign in page (#619)

* Add custom ldap signin page * Remove old omniauth-ldap gem * Use new bn gems
2019-07-10 11:26:43 -04:00
parent 09afd9154f
commit 523d9a38f2
14 changed files with 180 additions and 82 deletions
--- a/app/assets/images/ldap-logo.png
+++ b/app/assets/images/ldap-logo.png
--- a/app/assets/stylesheets/main.scss
+++ b/app/assets/stylesheets/main.scss
@ -145,6 +145,17 @@
  }
 }

+.customBtn-ldap {
+  @extend .customBtn;
+  background: #d61515;
+
+  .customBtn-image {
+    background: #ffffff image-url("ldap-logo.png") no-repeat left top;
+    background-size: 18px 18px;
+    padding:10px 10px 10px 10px;
+  }
+}
+
 .signin-button {
  font-size: 16px;
 }
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@ -19,6 +19,7 @@
 class SessionsController < ApplicationController
  include Registrar
  include Emailer
+  include LdapAuthenticator

  skip_before_action :verify_authenticity_token, only: [:omniauth, :fail]

@ -47,8 +48,65 @@ class SessionsController < ApplicationController

  # GET/POST /auth/:provider/callback
  def omniauth
+    @auth = request.env['omniauth.auth']
+
+    process_signin
+  end
+
+  # POST /auth/failure
+  def omniauth_fail
+    redirect_to root_path, alert: I18n.t(params[:message], default: I18n.t("omniauth_error"))
+  end
+
+  # GET /auth/ldap
+  def ldap
+    ldap_config = {}
+    ldap_config[:host] = ENV['LDAP_SERVER']
+    ldap_config[:port] = ENV['LDAP_PORT'].to_i != 0 ? ENV['LDAP_PORT'].to_i : 389
+    ldap_config[:bind_dn] = ENV['LDAP_BIND_DN']
+    ldap_config[:password] = ENV['LDAP_PASSWORD']
+    ldap_config[:encryption] = if ENV['LDAP_METHOD'] == 'ssl'
+                                    'simple_tls'
+                                elsif ENV['LDAP_METHOD'] == 'tls'
+                                    'start_tls'
+                                end
+    ldap_config[:base] = ENV['LDAP_BASE']
+    ldap_config[:uid] = ENV['LDAP_UID']
+
+    result = send_ldap_request(params[:session], ldap_config)
+
+    if result
+      result = result.first
+    else
+      return redirect_to(ldap_signin_path, alert: I18n.t("invalid_credentials"))
+    end
+
+    @auth = parse_auth(result)
+
+    process_signin
+  end
+
+  private
+
+  def session_params
+    params.require(:session).permit(:email, :password)
+  end
+
+  def check_user_exists
+    provider = @auth['provider'] == "bn_launcher" ? @auth['info']['customer'] : @auth['provider']
+    User.exists?(social_uid: @auth['uid'], provider: provider)
+  end
+
+  # Check if the user already exists, if not then check for invitation
+  def passes_invite_reqs
+    return true if @user_exists
+
+    invitation = check_user_invited("", session[:invite_token], @user_domain)
+    invitation[:present]
+  end
+
+  def process_signin
    begin
-      @auth = request.env['omniauth.auth']
      @user_exists = check_user_exists

      if !@user_exists && @auth['provider'] == "twitter"
@ -89,28 +147,4 @@ class SessionsController < ApplicationController
        omniauth_fail
    end
  end
-
-  # POST /auth/failure
-  def omniauth_fail
-    redirect_to root_path, alert: I18n.t(params[:message], default: I18n.t("omniauth_error"))
-  end
-
-  private
-
-  def session_params
-    params.require(:session).permit(:email, :password)
-  end
-
-  def check_user_exists
-    provider = @auth['provider'] == "bn_launcher" ? @auth['info']['customer'] : @auth['provider']
-    User.exists?(social_uid: @auth['uid'], provider: provider)
-  end
-
-  # Check if the user already exists, if not then check for invitation
-  def passes_invite_reqs
-    return true if @user_exists
-
-    invitation = check_user_invited("", session[:invite_token], @user_domain)
-    invitation[:present]
-  end
 end
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -68,6 +68,10 @@ class UsersController < ApplicationController
    end
  end

+  # GET /ldap_signin
+  def ldap_signin
+  end
+
  # GET /signup
  def new
    return redirect_to root_path unless Rails.configuration.allow_user_signup
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@ -33,7 +33,7 @@ module ApplicationHelper

  # Determines which providers can show a login button in the login modal.
  def iconset_providers
-    providers = configured_providers & [:google, :twitter, :microsoft_office365]
+    providers = configured_providers & [:google, :twitter, :microsoft_office365, :ldap]

    providers.delete(:twitter) if session[:old_twitter_user_id]

@ -42,7 +42,11 @@ module ApplicationHelper

  # Generates the login URL for a specific provider.
  def omniauth_login_url(provider)
-    "#{Rails.configuration.relative_url_root}/auth/#{provider}"
+    if provider == :ldap
+      ldap_signin_path
+    else
+      "#{Rails.configuration.relative_url_root}/auth/#{provider}"
+    end
  end

  # Determine if Greenlight is configured to allow user signups.
--- a/app/views/shared/_header.html.erb
+++ b/app/views/shared/_header.html.erb
@ -72,9 +72,7 @@
          </div>
        <% else %>
          <% allow_greenlight_accounts = allow_greenlight_accounts? %>
-          <% if Rails.configuration.omniauth_ldap %>
-            <%= link_to t("login"), omniauth_login_url(:ldap), :class => "btn btn-outline-primary mx-2 sign-in-button" %>
-          <% elsif allow_greenlight_accounts %>
+          <% if allow_greenlight_accounts %>
            <%= link_to t("login"), signin_path, :class => "btn btn-outline-primary mx-2 sign-in-button" %>
          <% elsif Rails.configuration.loadbalanced_configuration %>
            <%= link_to t("login"), omniauth_login_url(:bn_launcher), :class => "btn btn-outline-primary mx-2 sign-in-button" %>
--- a/app/views/users/ldap_signin.html.erb
+++ b/app/views/users/ldap_signin.html.erb
@ -0,0 +1,34 @@
+<div class="container">
+    <div class="row pt-7">
+        <div class="col col-lg-6 offset-lg-3">
+            <div class="card">
+                <div class="card-header background">
+                    <h4 class="mt-2"><%= t("login_title") %></h4>
+                </div>
+                <div class="card-body background">
+                    <%= form_for(:session, url: ldap_callback_path) do |f| %>
+                        <div class="form-group">
+                            <div class="input-icon">
+                                <span class="input-icon-addon">
+                                    <i class="fas fa-user"></i>
+                                </span>
+                                <%= f.text_field :username, class: "form-control", placeholder: t("administrator.users.table.username"), value: "" %>
+                            </div>
+                        </div>
+                        <div class="form-group">
+                            <div class="input-icon">
+                                <span class="input-icon-addon">
+                                    <i class="fas fa-key"></i>
+                                </span>
+                                <%= f.password_field :password, class: "form-control", placeholder: t("password"), value: "" %>
+                            </div>
+                        </div>
+                        <div>
+                            <%= f.submit t("login"), class: "btn btn-primary btn-block signin-button" %>
+                        </div>
+                    <% end %>
+                </div>
+            </div>
+        </div>
+    </div>
+</div>