forked from External/greenlight
Single sign on for super admins (#648)
This commit is contained in:
shawn-higgins1
Jesus Federico
parent
42f7d4f8d2
commit
b23f94dfb5
|
|
@ -62,6 +62,16 @@ module SessionsHelper
|
||||||
# Retrieves the current user.
|
# Retrieves the current user.
|
||||||
def current_user
|
def current_user
|
||||||
@current_user ||= User.where(id: session[:user_id]).includes(:roles).first
|
@current_user ||= User.where(id: session[:user_id]).includes(:roles).first
|
||||||
|
|
||||||
|
if Rails.configuration.loadbalanced_configuration
|
||||||
|
if @current_user && !@current_user.has_role?(:super_admin) &&
|
||||||
|
@current_user.provider != @user_domain
|
||||||
|
@current_user = nil
|
||||||
|
session.clear
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
@current_user
|
||||||
end
|
end
|
||||||
|
|
||||||
def generate_checksum(user_domain, redirect_url, secret)
|
def generate_checksum(user_domain, redirect_url, secret)
|
||||||
|
|
|
||||||
|
|
@ -2,4 +2,9 @@
|
||||||
|
|
||||||
# Be sure to restart your server when you modify this file.
|
# Be sure to restart your server when you modify this file.
|
||||||
|
|
||||||
|
if Rails.configuration.loadbalanced_configuration
|
||||||
|
Rails.application.config.session_store :cookie_store, key: '_greenlight-2_0_session',
|
||||||
|
domain: ENV['GREENLIGHT_PARENT_DOMAIN'] || 'blindside-dev.com'
|
||||||
|
else
|
||||||
Rails.application.config.session_store :cookie_store, key: '_greenlight-2_0_session'
|
Rails.application.config.session_store :cookie_store, key: '_greenlight-2_0_session'
|
||||||
|
end
|
||||||
|
|
|
||||||
|
|
@ -20,6 +20,8 @@ require "rails_helper"
|
||||||
|
|
||||||
describe AdminsController, type: :controller do
|
describe AdminsController, type: :controller do
|
||||||
before do
|
before do
|
||||||
|
allow_any_instance_of(ApplicationController).to receive(:set_user_domain).and_return("provider1")
|
||||||
|
controller.instance_variable_set(:@user_domain, "provider1")
|
||||||
@user = create(:user, provider: "provider1")
|
@user = create(:user, provider: "provider1")
|
||||||
@admin = create(:user, provider: "provider1")
|
@admin = create(:user, provider: "provider1")
|
||||||
@admin.add_role :admin
|
@admin.add_role :admin
|
||||||
|
|
@ -144,7 +146,7 @@ describe AdminsController, type: :controller do
|
||||||
email = Faker::Internet.email
|
email = Faker::Internet.email
|
||||||
post :invite, params: { invite_user: { email: email } }
|
post :invite, params: { invite_user: { email: email } }
|
||||||
|
|
||||||
invite = Invitation.find_by(email: email, provider: "greenlight")
|
invite = Invitation.find_by(email: email, provider: "provider1")
|
||||||
|
|
||||||
expect(invite.present?).to eq(true)
|
expect(invite.present?).to eq(true)
|
||||||
expect(flash[:success]).to be_present
|
expect(flash[:success]).to be_present
|
||||||
|
|
|
||||||
|
|
@ -42,9 +42,13 @@ describe ThemesController, type: :controller do
|
||||||
it "returns the correct color based on provider" do
|
it "returns the correct color based on provider" do
|
||||||
allow(Rails.configuration).to receive(:loadbalanced_configuration).and_return(true)
|
allow(Rails.configuration).to receive(:loadbalanced_configuration).and_return(true)
|
||||||
allow_any_instance_of(User).to receive(:greenlight_account?).and_return(true)
|
allow_any_instance_of(User).to receive(:greenlight_account?).and_return(true)
|
||||||
|
allow_any_instance_of(ApplicationController).to receive(:set_user_domain).and_return("provider1")
|
||||||
|
|
||||||
color1 = Faker::Color.hex_color
|
color1 = Faker::Color.hex_color
|
||||||
provider1 = Faker::Company.name
|
provider1 = Faker::Company.name
|
||||||
|
|
||||||
|
controller.instance_variable_set(:@user_domain, provider1)
|
||||||
|
|
||||||
Setting.create(provider: provider1).features.create(name: "Primary Color", value: color1, enabled: true)
|
Setting.create(provider: provider1).features.create(name: "Primary Color", value: color1, enabled: true)
|
||||||
user1 = create(:user, provider: provider1)
|
user1 = create(:user, provider: provider1)
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -87,6 +87,8 @@ describe UsersController, type: :controller do
|
||||||
it "allows admins to edit other users" do
|
it "allows admins to edit other users" do
|
||||||
allow(Rails.configuration).to receive(:loadbalanced_configuration).and_return(true)
|
allow(Rails.configuration).to receive(:loadbalanced_configuration).and_return(true)
|
||||||
allow_any_instance_of(User).to receive(:greenlight_account?).and_return(true)
|
allow_any_instance_of(User).to receive(:greenlight_account?).and_return(true)
|
||||||
|
allow_any_instance_of(ApplicationController).to receive(:set_user_domain).and_return("provider1")
|
||||||
|
controller.instance_variable_set(:@user_domain, "provider1")
|
||||||
|
|
||||||
user = create(:user, provider: "provider1")
|
user = create(:user, provider: "provider1")
|
||||||
user.add_role :admin
|
user.add_role :admin
|
||||||
|
|
@ -339,6 +341,8 @@ describe UsersController, type: :controller do
|
||||||
allow(Rails.configuration).to receive(:loadbalanced_configuration).and_return(true)
|
allow(Rails.configuration).to receive(:loadbalanced_configuration).and_return(true)
|
||||||
allow_any_instance_of(User).to receive(:greenlight_account?).and_return(true)
|
allow_any_instance_of(User).to receive(:greenlight_account?).and_return(true)
|
||||||
allow_any_instance_of(Room).to receive(:delete_all_recordings).and_return('')
|
allow_any_instance_of(Room).to receive(:delete_all_recordings).and_return('')
|
||||||
|
allow_any_instance_of(ApplicationController).to receive(:set_user_domain).and_return("provider1")
|
||||||
|
controller.instance_variable_set(:@user_domain, "provider1")
|
||||||
|
|
||||||
user = create(:user, provider: "provider1")
|
user = create(:user, provider: "provider1")
|
||||||
admin = create(:user, provider: "provider1")
|
admin = create(:user, provider: "provider1")
|
||||||
|
|
@ -354,6 +358,8 @@ describe UsersController, type: :controller do
|
||||||
it "doesn't allow admins of other providers to delete users" do
|
it "doesn't allow admins of other providers to delete users" do
|
||||||
allow(Rails.configuration).to receive(:loadbalanced_configuration).and_return(true)
|
allow(Rails.configuration).to receive(:loadbalanced_configuration).and_return(true)
|
||||||
allow_any_instance_of(User).to receive(:greenlight_account?).and_return(true)
|
allow_any_instance_of(User).to receive(:greenlight_account?).and_return(true)
|
||||||
|
allow_any_instance_of(ApplicationController).to receive(:set_user_domain).and_return("provider2")
|
||||||
|
controller.instance_variable_set(:@user_domain, "provider2")
|
||||||
|
|
||||||
user = create(:user, provider: "provider1")
|
user = create(:user, provider: "provider1")
|
||||||
admin = create(:user, provider: "provider2")
|
admin = create(:user, provider: "provider2")
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue