Commit b65258a4ad9fb14970eedcf74352d09b9ff5502c
Committed by
Larissa Reis
Larissa Reis
1 parent
9ccdbb65
Exists in
federation-webfinger
Starting federated login
Showing
4 changed files
with
56 additions
and
4 deletions
Show diff stats
app/concerns/authenticated_system.rb
| @@ -25,7 +25,14 @@ module AuthenticatedSystem | @@ -25,7 +25,14 @@ module AuthenticatedSystem | ||
| 25 | # Accesses the current user from the session. | 25 | # Accesses the current user from the session. |
| 26 | def current_user user_id = session[:user] | 26 | def current_user user_id = session[:user] |
| 27 | @current_user ||= begin | 27 | @current_user ||= begin |
| 28 | - user = User.find_by id: user_id if user_id | 28 | + user = nil |
| 29 | + if session[:external] | ||
| 30 | + user = User.new | ||
| 31 | + user.external_person_id = session[:external] | ||
| 32 | + else | ||
| 33 | + id = session[:user] | ||
| 34 | + user = User.where(id: id).first if id | ||
| 35 | + end | ||
| 29 | user.session = session if user | 36 | user.session = session if user |
| 30 | User.current = user | 37 | User.current = user |
| 31 | user | 38 | user |
| @@ -37,9 +44,13 @@ module AuthenticatedSystem | @@ -37,9 +44,13 @@ module AuthenticatedSystem | ||
| 37 | if new_user.nil? | 44 | if new_user.nil? |
| 38 | session.delete(:user) | 45 | session.delete(:user) |
| 39 | else | 46 | else |
| 40 | - session[:user] = new_user.id | 47 | + if new_user.id |
| 48 | + session[:user] = new_user.id | ||
| 49 | + else | ||
| 50 | + session[:external] = new_user.external_person_id | ||
| 51 | + end | ||
| 41 | new_user.session = session | 52 | new_user.session = session |
| 42 | - new_user.register_login | 53 | + new_user.register_login if new_user.id |
| 43 | end | 54 | end |
| 44 | @current_user = User.current = new_user | 55 | @current_user = User.current = new_user |
| 45 | end | 56 | end |
app/controllers/application_controller.rb
| @@ -8,6 +8,8 @@ class ApplicationController < ActionController::Base | @@ -8,6 +8,8 @@ class ApplicationController < ActionController::Base | ||
| 8 | before_filter :allow_cross_domain_access | 8 | before_filter :allow_cross_domain_access |
| 9 | 9 | ||
| 10 | include AuthenticatedSystem | 10 | include AuthenticatedSystem |
| 11 | + include ExternalAuthenticatedSystem | ||
| 12 | + | ||
| 11 | before_filter :require_login_for_environment, :if => :private_environment? | 13 | before_filter :require_login_for_environment, :if => :private_environment? |
| 12 | 14 | ||
| 13 | before_filter :verify_members_whitelist, :if => [:private_environment?, :user] | 15 | before_filter :verify_members_whitelist, :if => [:private_environment?, :user] |
app/models/user.rb
| @@ -8,6 +8,8 @@ class User < ApplicationRecord | @@ -8,6 +8,8 @@ class User < ApplicationRecord | ||
| 8 | 8 | ||
| 9 | attr_accessible :login, :email, :password, :password_confirmation, :activated_at | 9 | attr_accessible :login, :email, :password, :password_confirmation, :activated_at |
| 10 | 10 | ||
| 11 | + include ExternalUser | ||
| 12 | + | ||
| 11 | N_('Password') | 13 | N_('Password') |
| 12 | N_('Password confirmation') | 14 | N_('Password confirmation') |
| 13 | N_('Terms accepted') | 15 | N_('Terms accepted') |
| @@ -147,7 +149,8 @@ class User < ApplicationRecord | @@ -147,7 +149,8 @@ class User < ApplicationRecord | ||
| 147 | u.generate_private_token_if_not_exist | 149 | u.generate_private_token_if_not_exist |
| 148 | return u | 150 | return u |
| 149 | end | 151 | end |
| 150 | - return nil | 152 | + |
| 153 | + return User.external_authenticate(login, password, environment) | ||
| 151 | end | 154 | end |
| 152 | 155 | ||
| 153 | def register_login | 156 | def register_login |
| @@ -0,0 +1,36 @@ | @@ -0,0 +1,36 @@ | ||
| 1 | +module ExternalUser | ||
| 2 | + included do | ||
| 3 | + attr_accessor :external_person_id | ||
| 4 | + end | ||
| 5 | + | ||
| 6 | + def self.webfinger_lookup(login, domain, environment) | ||
| 7 | + if login && domain && environment.has_federated_network?(domain) | ||
| 8 | + # Ask if network at <domain> has user with login <login> | ||
| 9 | + # FIXME: Make an actual request to the federated network, which should return nil if not found | ||
| 10 | + { | ||
| 11 | + login: login | ||
| 12 | + } | ||
| 13 | + end | ||
| 14 | + nil | ||
| 15 | + end | ||
| 16 | + | ||
| 17 | + def self.external_login | ||
| 18 | + # Call Noosfero /api/login | ||
| 19 | + end | ||
| 20 | + | ||
| 21 | + # Authenticates a user from an external social network | ||
| 22 | + def self.external_authenticate(username, password, environment) | ||
| 23 | + login, domain = username.split('@') | ||
| 24 | + webfinger = User.webfinger_lookup(login, domain, environment) | ||
| 25 | + if webfinger | ||
| 26 | + user = User.external_login(login, password, domain) | ||
| 27 | + if user | ||
| 28 | + u = User.new | ||
| 29 | + # Set other fields on "u" based on information in "user" returned by API | ||
| 30 | + u.external_person_id = ExternalPerson.get_or_create(login, domain).id | ||
| 31 | + return u | ||
| 32 | + end | ||
| 33 | + end | ||
| 34 | + nil | ||
| 35 | + end | ||
| 36 | +end |