Tomnm1
commented
1 month ago Here's my ready to use patch to AccountController which works fine, except for logout method, which is custumized for our use case which is Keycloak, I guess same could be done for other providers.
Also response to #33
require 'net/http'
require 'uri'
module AccountControllerPatch
def self.included(base)
base.class_eval do
alias_method :original_login, :login
alias_method :original_logout, :logout
alias_method :original_register, :register
alias_method :original_lost_password, :lost_password
def login
if request.path == '/login'
session[:back_url] = params[:back_url]
redirect_to back_url.present? ? "/oauth?back_url=#{CGI.escape(back_url)}" : '/oauth'
else
original_login
end
end
def register
if request.path == '/account/register'
redirect_to '/oauth'
else
original_login
end
end
def lost_password
if request.path == '/account/lost_password'
redirect_to '/oauth'
else
original_login
end
end
def logout
if User.current.logged?
if session[:user_id]
session.delete(:user_id)
end
cookies.delete :autologin
User.current = nil
end
id_token = session[:id_token]
keycloak_domain = "xxx"
keycloak_realm = "xxx"
keycloak_client_id = "xxx"
post_logout_redirect_uri = CGI.escape("xxx")
keycloak_logout_url = "#{keycloak_domain}/auth/realms/#{keycloak_realm}/protocol/openid-connect/logout?id_token_hint=#{id_token}&post_logout_redirect_uri=#{post_logout_redirect_uri}"
redirect_to keycloak_logout_url and return
end
end
end
end
unless AccountController.included_modules.include? AccountControllerPatch
AccountController.send(:include, AccountControllerPatch)
end
picman
If password login is disabled, and oauth2 is the only login-method, could there be a "skip-press-button" option? Where I don't have to manually press the login button to trigger oauth2 authentication?
That is, a user that already has a valid session could directly access redmine and will be auto-logged in.