mirror of
https://github.com/we-promise/sure.git
synced 2026-04-07 14:31:25 +00:00
14993d871c
Multi-provider SSO support: - Database-backed SSO provider management with admin UI - Support for OpenID Connect, Google OAuth2, GitHub, and SAML 2.0 - Flipper feature flag (db_sso_providers) for dynamic provider loading - ProviderLoader service for YAML or database configuration Admin functionality: - Admin::SsoProvidersController for CRUD operations - Admin::UsersController for super_admin role management - Pundit policies for authorization - Test connection endpoint for validating provider config User provisioning improvements: - JIT (just-in-time) account creation with configurable default role - Changed default JIT role from admin to member (security) - User attribute sync on each SSO login - Group/role mapping from IdP claims SSO identity management: - Settings::SsoIdentitiesController for users to manage connected accounts - Issuer validation for OIDC identities - Unlink protection when no password set Audit logging: - SsoAuditLog model tracking login, logout, link, unlink, JIT creation - Captures IP address, user agent, and metadata Advanced OIDC features: - Custom scopes per provider - Configurable prompt parameter (login, consent, select_account, none) - RP-initiated logout (federated logout to IdP) - id_token storage for logout SAML 2.0 support: - omniauth-saml gem integration - IdP metadata URL or manual configuration - Certificate and fingerprint validation - NameID format configuration
17 lines
336 B
Ruby
17 lines
336 B
Ruby
# frozen_string_literal: true
|
|
|
|
module Admin
|
|
class BaseController < ApplicationController
|
|
before_action :require_super_admin!
|
|
|
|
layout "settings"
|
|
|
|
private
|
|
def require_super_admin!
|
|
unless Current.user&.super_admin?
|
|
redirect_to root_path, alert: t("admin.unauthorized")
|
|
end
|
|
end
|
|
end
|
|
end
|