logo

mastofe

My custom branche(s) on git.pleroma.social/pleroma/mastofe git clone https://hacktivis.me/git/mastofe.git

omniauth.rb (4534B)

    

  1. Rails.application.config.middleware.use OmniAuth::Builder do

  2.   # Vanilla omniauth stategies

  3. end

  4. 

  5. Devise.setup do |config|

  6.   # Devise omniauth strategies

  7.   options = {}

  8.   options[:redirect_at_sign_in] = ENV['OAUTH_REDIRECT_AT_SIGN_IN'] == 'true'

  9. 

  10.   # CAS strategy

  11.   if ENV['CAS_ENABLED'] == 'true'

  12.     cas_options = options

  13.     cas_options[:url] = ENV['CAS_URL'] if ENV['CAS_URL']

  14.     cas_options[:host] = ENV['CAS_HOST'] if ENV['CAS_HOST']

  15.     cas_options[:port] = ENV['CAS_PORT'] if ENV['CAS_PORT']

  16.     cas_options[:ssl] = ENV['CAS_SSL'] == 'true' if ENV['CAS_SSL']

  17.     cas_options[:validate_url] = ENV['CAS_VALIDATE_URL'] if ENV['CAS_VALIDATE_URL']

  18.     cas_options[:callback_url] = ENV['CAS_CALLBACK_URL'] if ENV['CAS_CALLBACK_URL']

  19.     cas_options[:logout_url] = ENV['CAS_LOGOUT_URL'] if ENV['CAS_LOGOUT_URL']

  20.     cas_options[:login_url] = ENV['CAS_LOGIN_URL'] if ENV['CAS_LOGIN_URL']

  21.     cas_options[:uid_field] = ENV['CAS_UID_FIELD'] || 'user' if ENV['CAS_UID_FIELD']

  22.     cas_options[:ca_path] = ENV['CAS_CA_PATH'] if ENV['CAS_CA_PATH']

  23.     cas_options[:disable_ssl_verification] = ENV['CAS_DISABLE_SSL_VERIFICATION'] == 'true'

  24.     cas_options[:uid_key] = ENV['CAS_UID_KEY'] || 'user'

  25.     cas_options[:name_key] = ENV['CAS_NAME_KEY'] || 'name'

  26.     cas_options[:email_key] = ENV['CAS_EMAIL_KEY'] || 'email'

  27.     cas_options[:nickname_key] = ENV['CAS_NICKNAME_KEY'] || 'nickname'

  28.     cas_options[:first_name_key] = ENV['CAS_FIRST_NAME_KEY'] || 'firstname'

  29.     cas_options[:last_name_key] = ENV['CAS_LAST_NAME_KEY'] || 'lastname'

  30.     cas_options[:location_key] = ENV['CAS_LOCATION_KEY'] || 'location'

  31.     cas_options[:image_key] = ENV['CAS_IMAGE_KEY'] || 'image'

  32.     cas_options[:phone_key] = ENV['CAS_PHONE_KEY'] || 'phone'

  33.     config.omniauth :cas, cas_options

  34.   end

  35. 

  36.   # SAML strategy

  37.   if ENV['SAML_ENABLED'] == 'true'

  38.     saml_options = options

  39.     saml_options[:assertion_consumer_service_url] = ENV['SAML_ACS_URL'] if ENV['SAML_ACS_URL']

  40.     saml_options[:issuer] = ENV['SAML_ISSUER'] if ENV['SAML_ISSUER']

  41.     saml_options[:idp_sso_target_url] = ENV['SAML_IDP_SSO_TARGET_URL']  if ENV['SAML_IDP_SSO_TARGET_URL']

  42.     saml_options[:idp_sso_target_url_runtime_params] = ENV['SAML_IDP_SSO_TARGET_PARAMS'] if ENV['SAML_IDP_SSO_TARGET_PARAMS'] # FIXME: Should be parsable Hash

  43.     saml_options[:idp_cert] = ENV['SAML_IDP_CERT'] if ENV['SAML_IDP_CERT']

  44.     saml_options[:idp_cert_fingerprint] = ENV['SAML_IDP_CERT_FINGERPRINT'] if ENV['SAML_IDP_CERT_FINGERPRINT']

  45.     saml_options[:idp_cert_fingerprint_validator] = ENV['SAML_IDP_CERT_FINGERPRINT_VALIDATOR'] if ENV['SAML_IDP_CERT_FINGERPRINT_VALIDATOR'] # FIXME: Should be Lambda { |fingerprint| }

  46.     saml_options[:name_identifier_format] = ENV['SAML_NAME_IDENTIFIER_FORMAT'] if ENV['SAML_NAME_IDENTIFIER_FORMAT']

  47.     saml_options[:request_attributes] = {}

  48.     saml_options[:certificate] = ENV['SAML_CERT'] if ENV['SAML_CERT']

  49.     saml_options[:private_key] = ENV['SAML_PRIVATE_KEY'] if ENV['SAML_PRIVATE_KEY']

  50.     saml_options[:security] = {}

  51.     saml_options[:security][:want_assertions_signed] = ENV['SAML_SECURITY_WANT_ASSERTION_SIGNED'] == 'true'

  52.     saml_options[:security][:want_assertions_encrypted] = ENV['SAML_SECURITY_WANT_ASSERTION_ENCRYPTED'] == 'true'

  53.     saml_options[:security][:assume_email_is_verified] = ENV['SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED'] == 'true'

  54.     saml_options[:attribute_statements] = {}

  55.     saml_options[:attribute_statements][:uid] = [ENV['SAML_ATTRIBUTES_STATEMENTS_UID']] if ENV['SAML_ATTRIBUTES_STATEMENTS_UID']

  56.     saml_options[:attribute_statements][:email] = [ENV['SAML_ATTRIBUTES_STATEMENTS_EMAIL']] if ENV['SAML_ATTRIBUTES_STATEMENTS_EMAIL']

  57.     saml_options[:attribute_statements][:full_name] = [ENV['SAML_ATTRIBUTES_STATEMENTS_FULL_NAME']] if ENV['SAML_ATTRIBUTES_STATEMENTS_FULL_NAME']

  58.     saml_options[:attribute_statements][:first_name] = [ENV['SAML_ATTRIBUTES_STATEMENTS_FIRST_NAME']] if ENV['SAML_ATTRIBUTES_STATEMENTS_FIRST_NAME']

  59.     saml_options[:attribute_statements][:last_name] = [ENV['SAML_ATTRIBUTES_STATEMENTS_LAST_NAME']] if ENV['SAML_ATTRIBUTES_STATEMENTS_LAST_NAME']

  60.     saml_options[:attribute_statements][:verified] = [ENV['SAML_ATTRIBUTES_STATEMENTS_VERIFIED']] if ENV['SAML_ATTRIBUTES_STATEMENTS_VERIFIED']

  61.     saml_options[:attribute_statements][:verified_email] = [ENV['SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL']] if ENV['SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL']

  62.     saml_options[:uid_attribute] = ENV['SAML_UID_ATTRIBUTE'] if ENV['SAML_UID_ATTRIBUTE']

  63.     config.omniauth :saml, saml_options

  64.   end

  65. 

  66. end