Add sso

- Add sso.rb - Add the accounts edit - Add the api routes - Add the accounts account_controller_behavior - Add the proprietor_controller_override - Add missing migrattions - Add fix sso_conrtoller
ubiquitypress · May 3, 2023 · 06f1fce · 06f1fce
1 parent a9aa077
commit 06f1fce
Show file tree

Hide file tree

Showing 19 changed files with 164 additions and 19 deletions.
diff --git a/app/controllers/concerns/hyku_addons/account_controller_behavior.rb b/app/controllers/concerns/hyku_addons/account_controller_behavior.rb
@@ -11,7 +11,6 @@ module AccountControllerBehavior
 
     def merge_settings_for_update
       return if account_params["settings"].blank?
-
       @account.settings.merge!(account_params["settings"])
       @account.settings.compact!
 

diff --git a/app/controllers/concerns/hyku_addons/proprietor_controller_override.rb b/app/controllers/concerns/hyku_addons/proprietor_controller_override.rb
@@ -26,7 +26,7 @@ def update
 
     # Never trust parameters from the scary internet, only allow the allowed list through.
     def account_params
-      params.require(:account).permit(:name, :cname, :title, :search_only,
+      params.require(:account).permit(:work_os_organisation, :work_os_managed_domain, :enable_sso, :name, :cname, :title, :search_only,
                                       admin_emails: [],
                                       solr_endpoint_attributes: %i[id url],
                                       fcrepo_endpoint_attributes: %i[id url base_path],

diff --git a/app/controllers/hyku_addons/sso_controller.rb b/app/controllers/hyku_addons/sso_controller.rb
@@ -6,25 +6,51 @@ class SsoController < ::Hyku::API::V1::SessionsController
     before_action :set_account, only: :callback
 
     def auth
-      redirect_to HykuAddons::Sso::AuthService.new(host: request.host).generate_authorisation_url
+      redirect_to HykuAddons::Sso::AuthService.new(account: current_account).generate_authorisation_url
+    end
+
+    def uiauth
+      account = Account.find_by tenant: params[:tenant_id]
+      redirect_to HykuAddons::Sso::AuthService.new(account: account).generate_authorisation_url_for_frontend
+    end
+
+
+    def uicallback
+
+      service = HykuAddons::Sso::CallBackService.new(code: params[:code])
+
+      user = nil
+
+      service.handle do |profile, password|
+
+        user = User.find_or_create_by!(email: profile.email) do |u|
+          u.password = password
+        end
+        sign_in user
+        set_jwt_cookies(user)
+      end
+
+      raise HykuAddons::Sso::Error, "Failed to handle workos code #{params[:code]}" unless user
+
+      render_user(user)
     end
 
     def callback
+
       service = HykuAddons::Sso::CallBackService.new(code: params[:code])
 
       handled = false
 
       service.handle do |profile, password|
-        
-        user = User.find_or_create_by(email: profile.email).tap do |u|
+
+        user = User.find_or_create_by!(email: profile.email) do |u|
           u.password = password
-          u.password_confirmation = password
-          u.email = profile.email
         end
-        # this code is the same as the code used in the api for authentication
-        user = User.find_for_database_authentication(email: user.email)
+
         sign_in user
+
         set_jwt_cookies(user)
+
         handled = true
 
       end

diff --git a/app/views/proprietor/accounts/edit.html.erb b/app/views/proprietor/accounts/edit.html.erb
@@ -45,7 +45,7 @@
               <%= f.simple_fields_for :full_account_cross_searches do |full_account_cross_search| %>
                 <%= render 'full_account_cross_search_fields', f: full_account_cross_search %>
               <% end %>
-              <div 'class='links'>
+              <div class='links'>
                 <%= link_to_add_association 'Add account to search', f, :full_account_cross_searches %>
               </div>
             </div>
@@ -74,7 +74,13 @@
             <% end %>
           <% end %>
 
+          <h3> SSO </h3>
+
+          <%= f.input :enable_sso%>
+          <%= f.input :work_os_organisation%>
+					<%= f.input :work_os_managed_domain%>
           <%= f.submit class: 'btn btn-primary' %>
+
           <%= link_to t('simple_form.cancel'), proprietor_accounts_path, class: 'btn btn-link action-cancel' %>
         </div>
       <% end %>

diff --git a/app/views/proprietor/accounts/new.html.erb b/app/views/proprietor/accounts/new.html.erb
@@ -1,3 +1,4 @@
+here
 <% content_for :page_header do %>
   <h1><span class="fa fa-gears"></span> <%= t('.header') %></h1>
 <% end %>

diff --git a/config/routes.rb b/config/routes.rb
@@ -19,6 +19,10 @@
   get "/api/v1/tenant/:tenant_id/files/:id/work", to: "/hyku/api/v1/files#work"
   get "/api/v1/tenant/:tenant_id/files/:id/download", to: "/hyku/api/v1/files#download"
 
+  get "/api/v1/tenant/:tenant_id/sso/login", to: "/hyku_addons/sso#uiauth"
+  post "/api/v1/tenant/:tenant_id/sso/callback", to: "/hyku_addons/sso#uicallback"
+
+
   get "/sso/login", to: "/hyku_addons/sso#auth", as: :sso_login
   get "sso/callback", to: "/hyku_addons/sso#callback", as: :sso_callback
 

diff --git a/db/migrate/20200911164035_add_data_cite_endpoint_to_account.rb b/db/migrate/20200911164035_add_data_cite_endpoint_to_account.rb
@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+class AddDataCiteEndpointToAccount < ActiveRecord::Migration[5.2]
+  def change
+    add_reference :accounts, :datacite_endpoint, index: true unless column_exists?(:accounts, :datacite_endpoint_id)
+  end
+end
diff --git a/db/migrate/20200929084240_add_parent_id_and_data_settings_column_to_account.rb b/db/migrate/20200929084240_add_parent_id_and_data_settings_column_to_account.rb
@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+class AddParentIdAndDataSettingsColumnToAccount < ActiveRecord::Migration[5.2]
+  def change
+    add_reference :accounts, :parent, foreign_key: { to_table: :accounts } unless column_exists?(:accounts, :parent_id)
+    add_column :accounts, :settings, :jsonb, default: {} unless column_exists?(:accounts, :settings)
+    add_column :accounts, :data, :jsonb, default: {} unless column_exists?(:accounts, :data)
+    add_index  :accounts, :settings, using: :gin unless index_exists?(:accounts, :settings)
+    add_index  :accounts, :data, using: :gin unless index_exists?(:accounts, :data)
+  end
+end
diff --git a/db/migrate/20210212137215_add_frontend_url_to_account.rb b/db/migrate/20210212137215_add_frontend_url_to_account.rb
@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+class AddFrontendUrlToAccount < ActiveRecord::Migration[5.2]
+  def change
+    add_column :accounts, :frontend_url, :string, default: "" unless column_exists?(:accounts, :frontend_url)
+    add_index  :accounts, :frontend_url unless index_exists?(:accounts, :frontend_url)
+  end
+end
diff --git a/db/migrate/20210922122645_add_search_only_to_accounts.rb b/db/migrate/20210922122645_add_search_only_to_accounts.rb
@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+class AddSearchOnlyToAccounts < ActiveRecord::Migration[5.2]
+  def self.up
+    add_column :accounts, :search_only, :boolean, default: false unless column_exists?(:accounts, :search_only)
+  end
+
+  def self.down
+    remove_column :accounts, :search_only if column_exists?(:accounts, :search_only)
+  end
+end
diff --git a/db/migrate/20210922124547_create_account_cross_searches.rb b/db/migrate/20210922124547_create_account_cross_searches.rb
@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+class CreateAccountCrossSearches < ActiveRecord::Migration[5.2]
+  def self.up
+    return if table_exists?(:account_cross_searches)
+
+    create_table :account_cross_searches do |t|
+      t.references :search_account, foreign_key: { to_table: :accounts }
+      t.references :full_account, foreign_key: { to_table: :accounts }
+
+      t.timestamps
+    end
+  end
+
+  def self.down
+    drop_table(:account_cross_searches)
+  end
+end
diff --git a/db/migrate/20210922163123_remove_parent_id_from_accounts.rb b/db/migrate/20210922163123_remove_parent_id_from_accounts.rb
@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+class RemoveParentIdFromAccounts < ActiveRecord::Migration[5.2]
+  def change
+    remove_reference :accounts, :parent, foreign_key: { to_table: :accounts }
+  end
+end
diff --git a/db/migrate/20211027153500_add_display_profile_to_users.rb b/db/migrate/20211027153500_add_display_profile_to_users.rb
@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+class AddDisplayProfileToUsers < ActiveRecord::Migration[5.2]
+  def self.up
+    add_column :users, :display_profile, :boolean, default: false unless column_exists?(:users, :display_profile)
+  end
+
+  def self.down
+    remove_column :users, :display_profile if column_exists?(:users, :display_profile)
+  end
+end
diff --git a/db/migrate/20211214153900_add_bio_to_users.rb b/db/migrate/20211214153900_add_bio_to_users.rb
@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+class AddBioToUsers < ActiveRecord::Migration[5.2]
+  def change
+    add_column :users, :biography, :text
+  end
+end
diff --git a/db/migrate/20230301152739_add_sso_attributes_to_accounts.rb b/db/migrate/20230301152739_add_sso_attributes_to_accounts.rb
@@ -0,0 +1,6 @@
+class AddSsoAttributesToAccounts < ActiveRecord::Migration[5.2]
+  def change
+    add_column :accounts, :enable_sso, :boolean
+    add_column :accounts, :work_os_orgnaisation, :string
+  end
+end
diff --git a/db/migrate/20230317071542_add_workos_connection_id_to_accounts.rb b/db/migrate/20230317071542_add_workos_connection_id_to_accounts.rb
@@ -0,0 +1,5 @@
+class AddWorkosConnectionIdToAccounts < ActiveRecord::Migration[5.2]
+  def change
+    add_column :accounts, :work_os_connection_id, :string
+  end
+end
diff --git a/db/migrate/20230320114316_clean_up_work_os_fields.rb b/db/migrate/20230320114316_clean_up_work_os_fields.rb
@@ -0,0 +1,13 @@
+class CleanUpWorkOsFields < ActiveRecord::Migration[5.2]
+  def change
+
+    if column_exists?(:accounts, :work_os_orgnaisation)
+      rename_column :accounts, :work_os_orgnaisation, :work_os_organisation
+    end
+
+    if column_exists?(:accounts,:work_os_connection_id)
+      rename_column :accounts, :work_os_connection_id, :work_os_connection
+    end
+
+  end
+end
diff --git a/db/migrate/20230411011527_add_work_os_managed_domain_to_accounts.rb b/db/migrate/20230411011527_add_work_os_managed_domain_to_accounts.rb
@@ -0,0 +1,5 @@
+class AddWorkOsManagedDomainToAccounts < ActiveRecord::Migration[5.2]
+  def change
+    add_column :accounts, :work_os_managed_domain, :string
+  end
+end
diff --git a/lib/hyku_addons/sso.rb b/lib/hyku_addons/sso.rb
@@ -31,7 +31,6 @@ def configuration
       def configure
         configuration.api_key = ENV["WORKOS_API_KEY"]
         configuration.client_id = ENV["WORKOS_CLIENT_ID"]
-        configuration.organisation_id = ENV["ORGANISATION_ID"]
         initialize
         yield(configuration)
       end
@@ -40,20 +39,27 @@ class Error < StandardError; end
 
     # The auth service is responsbible for generating the workos redirect url.
     class AuthService
-      def initialize(host:)
-        @host = host
+      def initialize(account:)
+        @account = account
       end
 
-      def generate_authorisation_url
+      def generate_authorisation_url_for_frontend
         # The callback URI WorkOS should redirect to after the authentication
-        redirect_uri = "https://#{@host}/sso/callback"
+        WorkOS::SSO.authorization_url(
+          client_id: Sso.configuration.client_id,
+          organization: @account.work_os_organisation,
+          domain: @account.work_os_managed_domain,
+          redirect_uri: "https://#{@account.cname.gsub("dashboard.","")}/sso/callback" 
+        )
+      end
 
-        account = Account.find_by cname: @host
-          
+      def generate_authorisation_url
+        # The callback URI WorkOS should redirect to after the authentication
         WorkOS::SSO.authorization_url(
           client_id: Sso.configuration.client_id,
-          organization: account.nil? ? Sso.configuration.work_os_orgntion : account.work_os_orgnaisation,
-          redirect_uri: redirect_uri
+          organization: @account.work_os_organisation,
+          domain: @account.work_os_managed_domain,
+          redirect_uri: "https://#{@account.cname}/sso/callback" 
         )
       end
     end