From e94db861c585a5c2e01894d95b1aa523d70c6890 Mon Sep 17 00:00:00 2001 From: tejaswini chile Date: Thu, 15 Sep 2022 17:16:20 +0530 Subject: [PATCH] SAML changes to the controller --- app/controllers/dashboard_controller.rb | 34 +++++++++++-------- app/controllers/saml_controller | 0 app/controllers/saml_controller.rb | 32 +++++++++-------- .../dashboard/routes/auth/Signup.vue | 2 +- 4 files changed, 37 insertions(+), 31 deletions(-) create mode 100644 app/controllers/saml_controller diff --git a/app/controllers/dashboard_controller.rb b/app/controllers/dashboard_controller.rb index fb923a30e..ec68435ac 100644 --- a/app/controllers/dashboard_controller.rb +++ b/app/controllers/dashboard_controller.rb @@ -5,13 +5,11 @@ class DashboardController < ActionController::Base around_action :switch_locale before_action :ensure_installation_onboarding, only: [:index] before_action :redirect_to_custom_domain_page + before_action :redirect_to_saml_login layout 'vueapp' - def index - request = OneLogin::RubySaml::Authrequest.new - redirect_to(request.create(saml_settings)) - end + def index; end private @@ -50,6 +48,13 @@ class DashboardController < ActionController::Base redirect_to "/hc/#{portal.slug}" end + def redirect_to_saml_login + # request = OneLogin::RubySaml::Authrequest.new + # redirect_to(request.create(saml_settings)) + # end + redirect_to '/saml' and return unless Current.user + end + def app_config { APP_VERSION: Chatwoot.config[:version], @@ -66,26 +71,25 @@ class DashboardController < ActionController::Base settings.assertion_consumer_service_url = "http://#{request.host}/saml/consume" settings.sp_entity_id = "http://#{request.host}/saml/metadata" - settings.idp_entity_id = "https://app.onelogin.com/saml/metadata/1835014" - settings.idp_sso_target_url = "https://app.onelogin.com/trust/saml2/http-post/sso/1835014" - settings.idp_slo_target_url = "https://app.onelogin.com/trust/saml2/http-redirect/slo/1835014" - settings.name_identifier_format = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" + settings.idp_entity_id = 'https://app.onelogin.com/saml/metadata/1835014' + settings.idp_sso_target_url = 'https://app.onelogin.com/trust/saml2/http-post/sso/1835014' + settings.idp_slo_target_url = 'https://app.onelogin.com/trust/saml2/http-redirect/slo/1835014' + settings.name_identifier_format = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress' # Optional for most SAML IdPs - settings.authn_context = "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" + settings.authn_context = 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport' # or as an array settings.authn_context = [ - "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", - "urn:oasis:names:tc:SAML:2.0:ac:classes:Password" + 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport', + 'urn:oasis:names:tc:SAML:2.0:ac:classes:Password' ] # Optional bindings (defaults to Redirect for logout POST for ACS) - settings.single_logout_service_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" # or :post, :redirect - settings.assertion_consumer_service_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" # or :post, :redirect + settings.single_logout_service_binding = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect' # or :post, :redirect + settings.assertion_consumer_service_binding = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' # or :post, :redirect settings end - def cosnume - end + def cosnume; end end diff --git a/app/controllers/saml_controller b/app/controllers/saml_controller new file mode 100644 index 000000000..e69de29bb diff --git a/app/controllers/saml_controller.rb b/app/controllers/saml_controller.rb index a95abbed2..c7ce0f683 100644 --- a/app/controllers/saml_controller.rb +++ b/app/controllers/saml_controller.rb @@ -1,8 +1,9 @@ # This controller expects you to use the URLs /saml/init and /saml/consume in your OneLogin application. class SamlController < ApplicationController - skip_before_action :verify_authenticity_token, :only => [:consume] + # skip_before_action :verify_authenticity_token, :only => [:consume] + layout 'vueapp' - def init + def index request = OneLogin::RubySaml::Authrequest.new redirect_to(request.create(saml_settings)) end @@ -13,11 +14,12 @@ class SamlController < ApplicationController # We validate the SAML Response and check if the user already exists in the system if response.is_valid? - # authorize_success, log the user - session[:userid] = response.nameid - session[:attributes] = response.attributes + # authorize_success, log the user + session[:userid] = response.nameid + session[:attributes] = response.attributes else - authorize_failure # This method shows an error message + ChatwootExceptionTracker.new(response.errors, account: Account.first).capture_exception # This method shows an error message + # List of errors is available in response.errors array end end @@ -29,22 +31,22 @@ class SamlController < ApplicationController settings.assertion_consumer_service_url = "http://#{request.host}/saml/consume" settings.sp_entity_id = "http://#{request.host}/saml/metadata" - settings.idp_entity_id = "https://app.onelogin.com/saml/metadata/1835014" - settings.idp_sso_target_url = "https://app.onelogin.com/trust/saml2/http-post/sso/1835014" - settings.idp_slo_target_url = "https://app.onelogin.com/trust/saml2/http-redirect/slo/1835014" - settings.name_identifier_format = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" + settings.idp_entity_id = 'https://app.onelogin.com/saml/metadata/1835014' + settings.idp_sso_target_url = 'https://app.onelogin.com/trust/saml2/http-post/sso/1835014' + settings.idp_slo_target_url = 'https://app.onelogin.com/trust/saml2/http-redirect/slo/1835014' + settings.name_identifier_format = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress' # Optional for most SAML IdPs - settings.authn_context = "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" + settings.authn_context = 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport' # or as an array settings.authn_context = [ - "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", - "urn:oasis:names:tc:SAML:2.0:ac:classes:Password" + 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport', + 'urn:oasis:names:tc:SAML:2.0:ac:classes:Password' ] # Optional bindings (defaults to Redirect for logout POST for ACS) - settings.single_logout_service_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" # or :post, :redirect - settings.assertion_consumer_service_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" # or :post, :redirect + settings.single_logout_service_binding = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect' # or :post, :redirect + settings.assertion_consumer_service_binding = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' # or :post, :redirect settings end diff --git a/app/javascript/dashboard/routes/auth/Signup.vue b/app/javascript/dashboard/routes/auth/Signup.vue index a75cfc087..1907c4233 100644 --- a/app/javascript/dashboard/routes/auth/Signup.vue +++ b/app/javascript/dashboard/routes/auth/Signup.vue @@ -81,7 +81,7 @@
{{ $t('REGISTER.HAVE_AN_ACCOUNT') }} - + {{ useInstallationName( $t('LOGIN.TITLE'),