2019-05-03 06:17:27 +08:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2019-03-07 19:31:04 +08:00
|
|
|
class Auth::GoogleOAuth2Authenticator < Auth::ManagedAuthenticator
|
2014-05-22 06:19:40 +08:00
|
|
|
def name
|
|
|
|
"google_oauth2"
|
|
|
|
end
|
|
|
|
|
2018-07-23 23:51:57 +08:00
|
|
|
def enabled?
|
|
|
|
SiteSetting.enable_google_oauth2_logins
|
|
|
|
end
|
|
|
|
|
2019-03-07 19:31:04 +08:00
|
|
|
def primary_email_verified?(auth_token)
|
|
|
|
# note, emails that come back from google via omniauth are always valid
|
|
|
|
# this protects against future regressions
|
|
|
|
auth_token[:extra][:raw_info][:email_verified]
|
2014-05-22 06:19:40 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
def register_middleware(omniauth)
|
2021-12-09 20:30:27 +08:00
|
|
|
strategy_class = Auth::OmniAuthStrategies::DiscourseGoogleOauth2
|
2018-02-23 07:19:36 +08:00
|
|
|
options = {
|
|
|
|
setup: lambda { |env|
|
|
|
|
strategy = env["omniauth.strategy"]
|
2019-01-31 18:05:25 +08:00
|
|
|
strategy.options[:client_id] = SiteSetting.google_oauth2_client_id
|
|
|
|
strategy.options[:client_secret] = SiteSetting.google_oauth2_client_secret
|
|
|
|
|
|
|
|
if (google_oauth2_hd = SiteSetting.google_oauth2_hd).present?
|
|
|
|
strategy.options[:hd] = google_oauth2_hd
|
|
|
|
end
|
|
|
|
|
|
|
|
if (google_oauth2_prompt = SiteSetting.google_oauth2_prompt).present?
|
|
|
|
strategy.options[:prompt] = google_oauth2_prompt.gsub("|", " ")
|
|
|
|
end
|
2020-12-09 17:09:31 +08:00
|
|
|
|
|
|
|
# All the data we need for the `info` and `credentials` auth hash
|
|
|
|
# are obtained via the user info API, not the JWT. Using and verifying
|
|
|
|
# the JWT can fail due to clock skew, so let's skip it completely.
|
|
|
|
# https://github.com/zquestz/omniauth-google-oauth2/pull/392
|
|
|
|
strategy.options[:skip_jwt] = true
|
2021-12-09 20:30:27 +08:00
|
|
|
strategy.options[:request_groups] = provides_groups?
|
|
|
|
|
|
|
|
if provides_groups?
|
|
|
|
strategy.options[:scope] = "#{strategy_class::DEFAULT_SCOPE},#{strategy_class::GROUPS_SCOPE}"
|
|
|
|
end
|
2019-03-07 19:31:04 +08:00
|
|
|
}
|
2018-02-23 07:19:36 +08:00
|
|
|
}
|
2021-12-09 20:30:27 +08:00
|
|
|
omniauth.provider strategy_class, options
|
|
|
|
end
|
|
|
|
|
|
|
|
def after_authenticate(auth_token, existing_account: nil)
|
|
|
|
result = super
|
|
|
|
if provides_groups? && (groups = auth_token[:extra][:raw_groups])
|
|
|
|
result.associated_groups = groups.map { |group| group.slice(:id, :name) }
|
|
|
|
end
|
|
|
|
result
|
|
|
|
end
|
|
|
|
|
|
|
|
def provides_groups?
|
|
|
|
SiteSetting.google_oauth2_hd.present? && SiteSetting.google_oauth2_hd_groups
|
2014-05-22 06:19:40 +08:00
|
|
|
end
|
2015-04-25 01:10:43 +08:00
|
|
|
end
|