2019-12-11 00:24:53 +08:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
require 'omniauth/strategies/custom_azure_active_directory'
|
|
|
|
|
2021-11-02 23:19:56 +08:00
|
|
|
AZURE_SETUP_PROC = lambda do |env|
|
2023-01-31 18:55:31 +08:00
|
|
|
settings = ApplicationSettings.instance
|
|
|
|
providers = settings.values['azure_ad_apps'].select { |v| v['enable_sign_in'] }
|
2021-07-23 17:56:28 +08:00
|
|
|
raise StandardError, 'No Azure AD config available for sign in' if providers.blank?
|
2019-12-11 00:24:53 +08:00
|
|
|
|
|
|
|
req = Rack::Request.new(env)
|
|
|
|
|
|
|
|
if providers.size > 1
|
|
|
|
if req.params['id_token'].present? # Callback phase
|
|
|
|
unverified_jwt_payload, = JWT.decode(req.params['id_token'], nil, false)
|
2023-01-31 18:55:31 +08:00
|
|
|
provider_conf = providers.select { |v| v['app_id'] == unverified_jwt_payload['aud'] }
|
2019-12-11 00:24:53 +08:00
|
|
|
else # Authorization phase
|
2019-12-12 21:57:27 +08:00
|
|
|
raise ActionController::ParameterMissing, 'Provider name is missing' if req.params['provider'].blank?
|
2019-12-11 00:24:53 +08:00
|
|
|
|
2023-01-31 18:55:31 +08:00
|
|
|
provider_conf = providers.find { |v| v['provider_name'] == req.params['provider'] }
|
2019-12-11 00:24:53 +08:00
|
|
|
end
|
2023-01-31 18:55:31 +08:00
|
|
|
raise StandardError, 'No Azure AD config available for sign in' if provider_conf.blank?
|
2019-12-11 00:24:53 +08:00
|
|
|
end
|
|
|
|
|
2023-01-31 18:55:31 +08:00
|
|
|
provider_conf ||= providers.first
|
|
|
|
env['omniauth.strategy'].options[:client_id] = provider_conf['app_id']
|
|
|
|
env['omniauth.strategy'].options[:client_secret] = provider_conf['client_secret']
|
|
|
|
env['omniauth.strategy'].options[:tenant_id] = provider_conf['tenant_id']
|
|
|
|
env['omniauth.strategy'].options[:sign_in_policy] = provider_conf['sign_in_policy']
|
2022-10-26 21:18:31 +08:00
|
|
|
env['omniauth.strategy'].options[:name] = 'customazureactivedirectory'
|
2023-08-17 22:51:46 +08:00
|
|
|
env['omniauth.strategy'].options[:conf_url] = provider_conf['conf_url']
|
2023-02-14 23:50:15 +08:00
|
|
|
conf_uri = URI.parse(provider_conf['conf_url'])
|
|
|
|
env['omniauth.strategy'].options[:base_azure_url] = "#{conf_uri.scheme || 'https'}://#{conf_uri.host}"
|
2019-12-11 00:24:53 +08:00
|
|
|
end
|
|
|
|
|
2023-01-31 18:55:31 +08:00
|
|
|
OKTA_SETUP_PROC = lambda do |env|
|
|
|
|
settings = ApplicationSettings.instance
|
|
|
|
provider_conf = settings.values['okta']
|
|
|
|
raise StandardError, 'No Okta config available for sign in' if provider_conf.blank?
|
|
|
|
|
|
|
|
oauth2_base_url =
|
|
|
|
if provider_conf['auth_server_id'].blank?
|
|
|
|
"https://#{provider_conf['domain']}/oauth2"
|
|
|
|
else
|
|
|
|
"https://#{provider_conf['domain']}/oauth2/#{provider_conf['auth_server_id']}"
|
|
|
|
end
|
|
|
|
|
|
|
|
client_options = {
|
|
|
|
site: "https://#{provider_conf['domain']}",
|
|
|
|
authorize_url: "#{oauth2_base_url}/v1/authorize",
|
|
|
|
token_url: "#{oauth2_base_url}/v1/token",
|
|
|
|
user_info_url: "#{oauth2_base_url}/v1/userinfo"
|
|
|
|
}
|
|
|
|
client_options[:audience] = provider_conf['audience'] if provider_conf['audience'].present?
|
|
|
|
if provider_conf['auth_server_id'].present?
|
|
|
|
client_options[:authorization_server] = provider_conf['auth_server_id']
|
|
|
|
client_options[:use_org_auth_server] = false
|
|
|
|
else
|
|
|
|
client_options[:use_org_auth_server] = true
|
|
|
|
end
|
|
|
|
|
|
|
|
env['omniauth.strategy'].options[:client_id] = provider_conf['client_id']
|
|
|
|
env['omniauth.strategy'].options[:client_secret] = provider_conf['client_secret']
|
|
|
|
env['omniauth.strategy'].options[:client_options] = client_options
|
|
|
|
end
|
|
|
|
|
2019-12-11 00:24:53 +08:00
|
|
|
Rails.application.config.middleware.use OmniAuth::Builder do
|
2021-11-02 23:19:56 +08:00
|
|
|
provider OmniAuth::Strategies::CustomAzureActiveDirectory, setup: AZURE_SETUP_PROC
|
2019-12-11 00:24:53 +08:00
|
|
|
end
|
|
|
|
|
2023-01-31 18:55:31 +08:00
|
|
|
Rails.application.config.middleware.use OmniAuth::Builder do
|
|
|
|
provider OmniAuth::Strategies::Okta, setup: OKTA_SETUP_PROC
|
|
|
|
end
|
|
|
|
|
2019-12-11 00:24:53 +08:00
|
|
|
OmniAuth.config.logger = Rails.logger
|