-
Notifications
You must be signed in to change notification settings - Fork 4
/
plugin.rb
145 lines (119 loc) · 4.14 KB
/
plugin.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
# name: discourse-ekklesia
# about: provides Ekklesia eDemocracy platform features for Discourse
# version: 0.3.0
# url: https://github.com/edemocracy
# authors: Tobias dpausp <dpausp@posteo.de>
# required_version: 1.7
load File.expand_path('../lib/omniauth-ekklesia.rb', __FILE__)
# If you don't allow other login methods (only via Ekklesia ID server), then the sign-up button can be hidden like that:
#
# .sign-up-button {
# display: none !important;
# }
#
# (put this CSS in: Admin Area -> Customize -> CSS/HTML -> your style -> CSS)
# XXX: don't know if disabling works for auth providers, check discourse code
enabled_site_setting :ekklesia_enabled
# add the following line somewhere in the code to open an interactive pry session in the current frame
#require 'pry'; binding.pry
# Discourse OAuth2 authenticator using the Ekklesia omniauth strategy.
# Following config vars must be set:
# * ekklesia_client_secret
# * ekklesia_site_url
#
# ekklesia_client_id defaults to 'discourse' if not set
#
class EkklesiaAuthenticator < ::Auth::Authenticator
def register_middleware(omniauth)
omniauth.provider(
:ekklesia,
SiteSetting.ekklesia_client_id,
SiteSetting.ekklesia_client_secret,
client_options: { site: SiteSetting.ekklesia_site_url })
Rails.logger.info("registered ekklesia authenticator for #{SiteSetting.ekklesia_site_url} ,"\
"client_id #{SiteSetting.ekklesia_client_id}")
end
def name
'ekklesia'
end
def initialize(opts = {})
@opts = opts
end
def after_authenticate(auth_token)
#require 'pry'; binding.pry
data = auth_token[:info]
extra = auth_token[:extra][:raw_info]
auid = auth_token[:uid]
user_type = extra[:type]
result = Auth::Result.new
result.name = data[:nickname]
user_id = ::PluginStore.get(name, "auid_#{auid}")
if user_id
result.user = user = User.where(id: user_id).first
if user
if user.active
result.user = user
change_user_trust_level(user, user_type)
else
result.failed = true
result.failed_reason = I18n.t("ekklesia.inactive_user")
end
end
end
result.extra_data = { auid: auid, type: user_type }
# only for development: supply valid mail adress to skip mail confirmation
#result.email = 'fake@adress.is'
#result.email_valid = true
result
end
def change_user_trust_level(user, user_type)
# increase trust level to level granted by ekklesia auth
if user_type == "guest"
lvl = SiteSetting.ekklesia_auto_trust_level_guest
elsif user_type == "plain member"
lvl = SiteSetting.ekklesia_auto_trust_level_plain_member
elsif user_type == "eligible member"
lvl = SiteSetting.ekklesia_auto_trust_level_eligible_member
elsif user_type == "system user"
lvl = SiteSetting.ekklesia_auto_trust_level_system_user
end
user.update_attribute(:trust_level, lvl)
end
def after_create_account(user, auth)
auid = auth[:extra_data][:auid]
user_type = auth[:extra_data][:type]
::PluginStore.set(name, "auid_#{auid}", user.id)
if user_type == "eligible member" or user_type == "system user"
auto_group = Group.where(name: SiteSetting.ekklesia_auto_group).first
user.groups << auto_group if auto_group
end
# XXX: saving the user obj recalculates the password hash. This leads to unintended email token invalidation.
# remove raw password in user object to avoid recalculation.
user.instance_variable_set(:@raw_password, nil)
change_user_trust_level(user, user_type)
user
end
end
auth_provider(
title_setting: "ekklesia_login_button_title",
enabled_setting: "ekklesia_enabled",
message: 'Log in!',
frame_width: 920,
frame_height: 800,
authenticator: EkklesiaAuthenticator.new
)
register_css <<CSS
.btn-social.ekklesia {
background: rgb(253, 195, 0);
color: black;
}
/* try to match the look of a normal link for the password change link which is in the wrong div */
a.change-id-password {
font-size: inherit !important;
color: #0088cc !important;
}
.change-id-password i {
font-size: inherit !important;
color: inherit !important;
}
CSS