SAML changes to the controller

2022-09-15 17:16:20 +05:30 · 2022-09-15 17:16:20 +05:30 · e94db861c5
commit e94db861c5
parent fb65f18b5f
4 changed files with 37 additions and 31 deletions
--- a/app/controllers/dashboard_controller.rb
+++ b/app/controllers/dashboard_controller.rb
@ -5,13 +5,11 @@ class DashboardController < ActionController::Base
  around_action :switch_locale
  before_action :ensure_installation_onboarding, only: [:index]
  before_action :redirect_to_custom_domain_page
+  before_action :redirect_to_saml_login

  layout 'vueapp'

-  def index
-    request = OneLogin::RubySaml::Authrequest.new
-    redirect_to(request.create(saml_settings))
-  end
+  def index; end

  private

@ -50,6 +48,13 @@ class DashboardController < ActionController::Base
    redirect_to "/hc/#{portal.slug}"
  end

+  def redirect_to_saml_login
+    #   request = OneLogin::RubySaml::Authrequest.new
+    #   redirect_to(request.create(saml_settings))
+    # end
+    redirect_to '/saml' and return unless Current.user
+  end
+
  def app_config
    {
      APP_VERSION: Chatwoot.config[:version],
@ -66,26 +71,25 @@ class DashboardController < ActionController::Base

    settings.assertion_consumer_service_url = "http://#{request.host}/saml/consume"
    settings.sp_entity_id                   = "http://#{request.host}/saml/metadata"
-    settings.idp_entity_id                  = "https://app.onelogin.com/saml/metadata/1835014"
-    settings.idp_sso_target_url            = "https://app.onelogin.com/trust/saml2/http-post/sso/1835014"
-    settings.idp_slo_target_url            = "https://app.onelogin.com/trust/saml2/http-redirect/slo/1835014"
-    settings.name_identifier_format         = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
+    settings.idp_entity_id                  = 'https://app.onelogin.com/saml/metadata/1835014'
+    settings.idp_sso_target_url            = 'https://app.onelogin.com/trust/saml2/http-post/sso/1835014'
+    settings.idp_slo_target_url            = 'https://app.onelogin.com/trust/saml2/http-redirect/slo/1835014'
+    settings.name_identifier_format = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'

    # Optional for most SAML IdPs
-    settings.authn_context = "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
+    settings.authn_context = 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
    # or as an array
    settings.authn_context = [
-      "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport",
-      "urn:oasis:names:tc:SAML:2.0:ac:classes:Password"
+      'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport',
+      'urn:oasis:names:tc:SAML:2.0:ac:classes:Password'
    ]

    # Optional bindings (defaults to Redirect for logout POST for ACS)
-    settings.single_logout_service_binding      = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" # or :post, :redirect
-    settings.assertion_consumer_service_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" # or :post, :redirect
+    settings.single_logout_service_binding      = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect' # or :post, :redirect
+    settings.assertion_consumer_service_binding = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' # or :post, :redirect

    settings
  end

-  def cosnume
-  end
+  def cosnume; end
 end
--- a/app/controllers/saml_controller
+++ b/app/controllers/saml_controller
--- a/app/controllers/saml_controller.rb
+++ b/app/controllers/saml_controller.rb
@ -1,8 +1,9 @@
 # This controller expects you to use the URLs /saml/init and /saml/consume in your OneLogin application.
 class SamlController < ApplicationController
-  skip_before_action :verify_authenticity_token, :only => [:consume]
+  # skip_before_action :verify_authenticity_token, :only => [:consume]
+  layout 'vueapp'

-  def init
+  def index
    request = OneLogin::RubySaml::Authrequest.new
    redirect_to(request.create(saml_settings))
  end
@ -13,11 +14,12 @@ class SamlController < ApplicationController

    # We validate the SAML Response and check if the user already exists in the system
    if response.is_valid?
-       # authorize_success, log the user
-       session[:userid] = response.nameid
-       session[:attributes] = response.attributes
+      # authorize_success, log the user
+      session[:userid] = response.nameid
+      session[:attributes] = response.attributes
    else
-      authorize_failure  # This method shows an error message
+      ChatwootExceptionTracker.new(response.errors, account: Account.first).capture_exception # This method shows an error message
+
      # List of errors is available in response.errors array
    end
  end
@ -29,22 +31,22 @@ class SamlController < ApplicationController

    settings.assertion_consumer_service_url = "http://#{request.host}/saml/consume"
    settings.sp_entity_id                   = "http://#{request.host}/saml/metadata"
-    settings.idp_entity_id                  = "https://app.onelogin.com/saml/metadata/1835014"
-    settings.idp_sso_target_url            = "https://app.onelogin.com/trust/saml2/http-post/sso/1835014"
-    settings.idp_slo_target_url            = "https://app.onelogin.com/trust/saml2/http-redirect/slo/1835014"
-    settings.name_identifier_format         = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
+    settings.idp_entity_id                  = 'https://app.onelogin.com/saml/metadata/1835014'
+    settings.idp_sso_target_url            = 'https://app.onelogin.com/trust/saml2/http-post/sso/1835014'
+    settings.idp_slo_target_url            = 'https://app.onelogin.com/trust/saml2/http-redirect/slo/1835014'
+    settings.name_identifier_format = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'

    # Optional for most SAML IdPs
-    settings.authn_context = "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
+    settings.authn_context = 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
    # or as an array
    settings.authn_context = [
-      "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport",
-      "urn:oasis:names:tc:SAML:2.0:ac:classes:Password"
+      'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport',
+      'urn:oasis:names:tc:SAML:2.0:ac:classes:Password'
    ]

    # Optional bindings (defaults to Redirect for logout POST for ACS)
-    settings.single_logout_service_binding      = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" # or :post, :redirect
-    settings.assertion_consumer_service_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" # or :post, :redirect
+    settings.single_logout_service_binding      = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect' # or :post, :redirect
+    settings.assertion_consumer_service_binding = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' # or :post, :redirect

    settings
  end
--- a/app/javascript/dashboard/routes/auth/Signup.vue
+++ b/app/javascript/dashboard/routes/auth/Signup.vue
@ -81,7 +81,7 @@
        </form>
        <div class="column text-center sigin--footer">
          <span>{{ $t('REGISTER.HAVE_AN_ACCOUNT') }}</span>
-          <router-link to="/app/login">
+          <router-link to="/saml">
            {{
              useInstallationName(
                $t('LOGIN.TITLE'),