Make SSO feature switchable [SCI-7764] (#4916)

2024-12-27 02:04:33 +08:00 · 2023-02-01 15:43:20 +01:00 · 2023-02-01 15:43:20 +01:00 · 94806047c0
commit 94806047c0
parent e1c4aa9469
3 changed files with 12 additions and 2 deletions
--- a/app/controllers/users/omniauth_callbacks_controller.rb
+++ b/app/controllers/users/omniauth_callbacks_controller.rb
@ -3,10 +3,12 @@
 module Users
  class OmniauthCallbacksController < Devise::OmniauthCallbacksController
    include UsersGenerator
+    include ApplicationHelper

    skip_before_action :verify_authenticity_token
    before_action :sign_up_with_provider_enabled?,
                  only: :linkedin
+    before_action :check_sso_status, only: %i(customazureactivedirectory okta)

    # You should configure your model like this:
    # devise :omniauthable, omniauth_providers: [:twitter]
@ -200,6 +202,10 @@ module Users
      render_403 unless Rails.configuration.x.linkedin_signin_enabled
    end

+    def check_sso_status
+      render_403 unless sso_enabled?
+    end
+
    def generate_initials(full_name)
      initials = full_name.titleize.scan(/[A-Z]+/).join
      initials = initials.strip.blank? ? 'PLCH' : initials[0..3]
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@ -219,6 +219,10 @@ module ApplicationHelper
    'icon_small/missing.png'
  end

+  def sso_enabled?
+    ENV['SSO_ENABLED'] == 'true'
+  end
+
  def okta_configured?
    ApplicationSettings.instance.values['okta'].present?
  end
--- a/app/views/users/shared/_links.html.erb
+++ b/app/views/users/shared/_links.html.erb
@ -27,7 +27,7 @@
    <div data-hook="omniauth-sign-in-links"></div>
  <% end -%>

-  <%- if devise_mapping.omniauthable? && okta_configured? %>
+  <%- if sso_enabled? && okta_configured? %>
    <div class="okta-sign-in-actions">
      <%= form_tag omniauth_authorize_path(resource_name, :okta), method: :post do %>
        <%= submit_tag t('devise.okta.sign_in_label'), class: 'btn btn-okta' %>
@ -41,7 +41,7 @@
    <% end -%>
  <% end -%>

-  <% if devise_mapping.omniauthable? && azure_ad_configured? %>
+  <% if sso_enabled? && azure_ad_configured? %>
    <div class="azure-sign-in-actions">
      <%= render partial: "users/shared/azure_sign_in_links", locals: { resource_name: resource_name } %>
    </div>