QT/sure
1
0
Fork 0
mirror of https://github.com/we-promise/sure.git synced 2026-04-19 12:04:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add OpenID Connect login support (#77)

Browse Source 
* Add OpenID Connect login support
* Add docs for OIDC config with Google Auth
* Use Google styles for log in
- Add support for linking existing account
- Force users to sign-in with passoword first, when linking existing accounts
- Add support to create new user when using OIDC
- Add identities to user to prevent account take-ver
- Make tests mocking instead of being integration tests
- Manage session handling correctly
- use OmniAuth.config.mock_auth instead of passing auth data via request env
* Conditionally render Oauth button

- Set a config item `configuration.x.auth.oidc_enabled`
- Hide button if disabled

---------

Signed-off-by: Juan José Mata <juanjo.mata@gmail.com>
Signed-off-by: soky srm <sokysrm@gmail.com>
Co-authored-by: sokie <sokysrm@gmail.com>
This commit is contained in:
Juan José Mata
2025-10-24 16:07:45 +02:00
committed by GitHub
parent d51ba515c9
commit 768e85ce08
29 changed files with 997 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
app/models/oidc_identity.rb Normal file
View File

@@ -0,0 +1,27 @@
class OidcIdentity < ApplicationRecord
belongs_to :user
validates :provider, presence: true
validates :uid, presence: true, uniqueness: { scope: :provider }
validates :user_id, presence: true
# Update the last authenticated timestamp
def record_authentication!
update!(last_authenticated_at: Time.current)
end
# Extract and store relevant info from OmniAuth auth hash
def self.create_from_omniauth(auth, user)
create!(
user: user,
provider: auth.provider,
uid: auth.uid,
info: {
email: auth.info&.email,
name: auth.info&.name,
first_name: auth.info&.first_name,
last_name: auth.info&.last_name
}
)
end
end

1
app/models/user.rb
View File

@@ -10,6 +10,7 @@ class User < ApplicationRecord
has_many :invitations, foreign_key: :inviter_id, dependent: :destroy
has_many :impersonator_support_sessions, class_name: "ImpersonationSession", foreign_key: :impersonator_id, dependent: :destroy
has_many :impersonated_support_sessions, class_name: "ImpersonationSession", foreign_key: :impersonated_id, dependent: :destroy
has_many :oidc_identities, dependent: :destroy
accepts_nested_attributes_for :family, update_only: true
validates :email, presence: true, uniqueness: true, format: { with: URI::MailTo::EMAIL_REGEXP }