From c3be314fb677a48d57ab07af71adf301a0d90290 Mon Sep 17 00:00:00 2001 From: Syphax Bouazzouni Date: Fri, 4 Aug 2023 08:50:54 +0200 Subject: [PATCH] install and configure omniauth gems --- Gemfile | 9 +- Gemfile.lock | 152 +++++++++++++++++--------- config/bioportal_config_env.rb.sample | 28 +++++ config/initializers/omniauth.rb | 5 + 4 files changed, 143 insertions(+), 51 deletions(-) create mode 100644 config/initializers/omniauth.rb diff --git a/Gemfile b/Gemfile index 12069fa20..788d61707 100644 --- a/Gemfile +++ b/Gemfile @@ -76,6 +76,13 @@ gem 'inline_svg' gem 'ontologies_api_client', git: 'https://github.com/ontoportal-lirmm/ontologies_api_ruby_client.git', branch: 'development' +# Multi-Provider Authentication +gem 'omniauth' +gem "omniauth-rails_csrf_protection" +gem 'omniauth-github' +gem 'omniauth-google-oauth2' +gem 'omniauth-orcid' +gem 'omniauth-keycloak' group :staging, :production, :appliance do # application monitoring @@ -123,4 +130,4 @@ end gem "net-ftp", "~> 0.2.0", require: false gem "net-http" -gem 'inline_svg' + diff --git a/Gemfile.lock b/Gemfile.lock index 1b6b17dff..72a708d4d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,6 +1,6 @@ GIT remote: https://github.com/ontoportal-lirmm/ontologies_api_ruby_client.git - revision: ca20880499a737803120f18ce99c14d3f10bc071 + revision: f49cd49aee437c98221521f7763ecb8386855e17 branch: development specs: ontologies_api_client (2.2.0) @@ -84,12 +84,14 @@ GEM tzinfo (~> 2.0) addressable (2.8.4) public_suffix (>= 2.0.2, < 6.0) + aes_key_wrap (1.1.0) airbrussh (1.4.1) sshkit (>= 1.6.1, != 1.7.0) ast (2.4.2) autoprefixer-rails (10.4.13.0) execjs (~> 2) bcrypt_pbkdf (1.1.0) + bindata (2.4.15) bindex (0.8.1) bootsnap (1.16.0) msgpack (~> 1.2) @@ -110,12 +112,12 @@ GEM capistrano (~> 3.0) capistrano-passenger (0.2.1) capistrano (~> 3.0) - capistrano-rails (1.6.2) + capistrano-rails (1.6.3) capistrano (~> 3.1) capistrano-bundler (>= 1.1, < 3) capistrano-yarn (2.0.2) capistrano (~> 3.0) - capybara (3.39.1) + capybara (3.39.2) addressable matrix mini_mime (>= 0.1.3) @@ -133,7 +135,7 @@ GEM addressable cube-ruby (0.0.3) daemons (1.4.1) - dalli (3.2.4) + dalli (3.2.5) date (3.3.3) debug (1.8.0) irb (>= 1.5.0) @@ -145,7 +147,7 @@ GEM erubi (1.12.0) erubis (2.7.0) eventmachine (1.2.7) - excon (0.99.0) + excon (0.100.0) execjs (2.8.1) faraday (2.0.1) faraday-net_http (~> 2.0) @@ -153,6 +155,8 @@ GEM faraday-excon (2.0.0) excon (>= 0.27.4) faraday (~> 2.0.0.alpha.pre.2) + faraday-follow_redirects (0.3.0) + faraday (>= 1, < 3) faraday-multipart (1.0.4) multipart-post (~> 2) faraday-net_http (2.1.0) @@ -160,13 +164,14 @@ GEM flamegraph (0.9.5) globalid (1.1.0) activesupport (>= 5.0) - graphql (2.0.22) + graphql (2.0.24) graphql-client (0.18.0) activesupport (>= 3.0) graphql haml (5.2.2) temple (>= 0.8.0) tilt + hashie (5.0.0) html2haml (2.3.0) erubis (~> 2.7.0) haml (>= 4.0) @@ -177,27 +182,35 @@ GEM http-accept (1.7.0) http-cookie (1.0.5) domain_name (~> 0.5) - i18n (1.13.0) + i18n (1.14.1) concurrent-ruby (~> 1.0) iconv (1.0.8) - importmap-rails (1.1.6) + importmap-rails (1.2.1) actionpack (>= 6.0.0) railties (>= 6.0.0) inline_svg (1.9.0) activesupport (>= 3.0) nokogiri (>= 1.6) io-console (0.6.0) - irb (1.6.4) - reline (>= 0.3.0) - jquery-rails (4.5.1) + irb (1.7.4) + reline (>= 0.3.6) + jquery-rails (4.6.0) rails-dom-testing (>= 1, < 3) railties (>= 4.2.0) thor (>= 0.14, < 2.0) jquery-ui-rails (6.0.1) railties (>= 3.2.16) - jsbundling-rails (1.1.1) + jsbundling-rails (1.1.2) railties (>= 6.0.0) json (2.6.3) + json-jwt (1.16.3) + activesupport (>= 4.2) + aes_key_wrap + bindata + faraday (~> 2.0) + faraday-follow_redirects + jwt (2.7.1) + language_server-protocol (3.17.0.3) listen (3.8.0) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) @@ -230,10 +243,10 @@ GEM mime-types-data (~> 3.2015) mime-types-data (3.2023.0218.1) mini_mime (1.1.2) - mini_portile2 (2.8.2) - minitest (5.18.0) - msgpack (1.7.1) + minitest (5.19.0) + msgpack (1.7.2) multi_json (1.15.0) + multi_xml (0.6.0) multipart-post (2.3.0) mysql2 (0.5.3) net-ftp (0.2.0) @@ -241,7 +254,7 @@ GEM time net-http (0.3.2) uri - net-imap (0.3.4) + net-imap (0.3.7) date net-protocol net-pop (0.1.2) @@ -252,33 +265,63 @@ GEM net-ssh (>= 2.6.5, < 8.0.0) net-smtp (0.3.3) net-protocol - net-ssh (7.1.0) + net-ssh (7.2.0) netrc (0.11.0) - newrelic_rpm (9.2.2) + newrelic_rpm (9.3.1) nio4r (2.5.9) - nokogiri (1.14.2-x86_64-linux) + nokogiri (1.15.3-x86_64-darwin) racc (~> 1.4) - nokogiri (1.15.2) - mini_portile2 (~> 2.8.2) + nokogiri (1.15.3-x86_64-linux) racc (~> 1.4) - oj (3.14.3) + oauth2 (1.4.11) + faraday (>= 0.17.3, < 3.0) + jwt (>= 1.0, < 3.0) + multi_json (~> 1.3) + multi_xml (~> 0.5) + rack (>= 1.2, < 4) + oj (3.15.1) + omniauth (1.9.2) + hashie (>= 3.4.6) + rack (>= 1.6.2, < 3) + omniauth-github (1.4.0) + omniauth (~> 1.5) + omniauth-oauth2 (>= 1.4.0, < 2.0) + omniauth-google-oauth2 (0.8.2) + jwt (>= 2.0) + oauth2 (~> 1.1) + omniauth (~> 1.1) + omniauth-oauth2 (>= 1.6) + omniauth-keycloak (1.2.1) + json-jwt (~> 1.12) + omniauth (~> 1.9.0) + omniauth-oauth2 (~> 1.6.0) + omniauth-oauth2 (1.6.0) + oauth2 (~> 1.1) + omniauth (~> 1.9) + omniauth-orcid (2.1.1) + omniauth-oauth2 (~> 1.3) + ruby_dig (~> 0.0.2) + omniauth-rails_csrf_protection (0.1.2) + actionpack (>= 4.2) + omniauth (>= 1.3.1) open_uri_redirections (0.2.1) parallel (1.23.0) - parser (3.2.2.1) + parser (3.2.2.3) ast (~> 2.4.1) + racc popper_js (1.16.1) pry (0.14.2) coderay (~> 1.1) method_source (~> 1.0) psych (3.3.4) - public_suffix (5.0.1) - puma (5.6.5) + public_suffix (5.0.3) + puma (5.6.6) nio4r (~> 2.0) - racc (1.6.2) - rack (2.2.7) + racc (1.7.1) + rack (2.2.8) rack-accept (0.4.5) rack (>= 0.4) - rack-mini-profiler (3.1.0) + rack-mini-profiler (3.1.1) rack (>= 1.2.0) rack-test (2.1.0) rack (>= 1.3) @@ -296,8 +339,9 @@ GEM activesupport (= 7.0.3) bundler (>= 1.15.0) railties (= 7.0.3) - rails-dom-testing (2.0.3) - activesupport (>= 4.2.0) + rails-dom-testing (2.1.1) + activesupport (>= 5.0.0) + minitest nokogiri (>= 1.6) rails-html-sanitizer (1.6.0) loofah (~> 2.21) @@ -325,22 +369,22 @@ GEM recaptcha (5.9.0) json redcarpet (3.6.0) - regexp_parser (2.8.0) - reline (0.3.4) + regexp_parser (2.8.1) + reline (0.3.7) io-console (~> 0.5) rest-client (2.1.0) http-accept (>= 1.7.0, < 2.0) http-cookie (>= 1.0.2, < 2.0) mime-types (>= 1.16, < 4.0) netrc (~> 0.8) - rexml (3.2.5) - rouge (4.1.2) + rexml (3.2.6) + rouge (4.1.3) rspec-core (3.12.2) rspec-support (~> 3.12.0) rspec-expectations (3.12.3) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.12.0) - rspec-mocks (3.12.5) + rspec-mocks (3.12.6) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.12.0) rspec-rails (6.0.3) @@ -351,22 +395,24 @@ GEM rspec-expectations (~> 3.12) rspec-mocks (~> 3.12) rspec-support (~> 3.12) - rspec-support (3.12.0) - rubocop (1.51.0) + rspec-support (3.12.1) + rubocop (1.55.1) json (~> 2.3) + language_server-protocol (>= 3.17.0) parallel (~> 1.10) - parser (>= 3.2.0.0) + parser (>= 3.2.2.3) rainbow (>= 2.2.2, < 4.0) regexp_parser (>= 1.8, < 3.0) rexml (>= 3.2.5, < 4.0) - rubocop-ast (>= 1.28.0, < 2.0) + rubocop-ast (>= 1.28.1, < 2.0) ruby-progressbar (~> 1.7) unicode-display_width (>= 2.4.0, < 3.0) rubocop-ast (1.29.0) parser (>= 3.2.1.0) ruby-progressbar (1.13.0) ruby2_keywords (0.0.5) - ruby_parser (3.20.1) + ruby_dig (0.0.2) + ruby_parser (3.20.3) sexp_processor (~> 4.16) rubyzip (2.3.2) sassc (2.4.0) @@ -391,24 +437,24 @@ GEM actionpack (>= 5.2) activesupport (>= 5.2) sprockets (>= 3.0.0) - sshkit (1.21.4) + sshkit (1.21.5) net-scp (>= 1.1.2) net-ssh (>= 2.8.0) stackprof (0.2.25) stimulus-rails (1.2.1) railties (>= 6.0.0) temple (0.10.2) - terser (1.1.16) + terser (1.1.17) execjs (>= 0.3.0, < 3) thin (1.8.2) daemons (~> 1.0, >= 1.0.9) eventmachine (~> 1.0, >= 1.0.4) rack (>= 1, < 3) thor (1.2.2) - tilt (2.1.0) + tilt (2.2.0) time (0.2.2) date - timeout (0.3.2) + timeout (0.4.0) turbo-rails (1.4.0) actionpack (>= 6.0.0) activejob (>= 6.0.0) @@ -424,7 +470,7 @@ GEM unf_ext unf_ext (0.0.8.2) unicode-display_width (2.4.2) - uri (0.12.1) + uri (0.12.2) view_component (2.82.0) activesupport (>= 5.2.0, < 8.0) concurrent-ruby (~> 1.0) @@ -434,22 +480,22 @@ GEM activemodel (>= 6.0.0) bindex (>= 0.4.0) railties (>= 6.0.0) - webdrivers (5.2.0) + webdrivers (5.3.1) nokogiri (~> 1.6) rubyzip (>= 1.3.0) - selenium-webdriver (~> 4.0) + selenium-webdriver (~> 4.0, < 4.11) websocket (1.2.9) - websocket-driver (0.7.5) + websocket-driver (0.7.6) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) will_paginate (3.3.1) xpath (3.2.0) nokogiri (~> 1.8) yard (0.9.34) - zeitwerk (2.6.7) + zeitwerk (2.6.11) PLATFORMS - ruby + x86_64-darwin-21 x86_64-linux DEPENDENCIES @@ -488,6 +534,12 @@ DEPENDENCIES net-http newrelic_rpm oj + omniauth + omniauth-github + omniauth-google-oauth2 + omniauth-keycloak + omniauth-orcid + omniauth-rails_csrf_protection ontologies_api_client! open_uri_redirections pry diff --git a/config/bioportal_config_env.rb.sample b/config/bioportal_config_env.rb.sample index 4c83979d0..0f747779c 100644 --- a/config/bioportal_config_env.rb.sample +++ b/config/bioportal_config_env.rb.sample @@ -61,6 +61,34 @@ $ANNOUNCE_LIST||= "users-list@test" # Where "ncbo" is the namespace used as key in the interportal_hash $INTERPORTAL_HASH = {} +# OAuth2 authentication +$OMNIAUTH_PROVIDERS = { + github: { + client_id: 'CLIENT_ID', + client_secret: 'CLIENT_SECRET', + icon: 'icons/github.svg', + }, + google: { + strategy: :google_oauth2, + client_id: 'CLIENT_ID', + client_secret: 'CLIENT_SECRET', + icon: 'icons/google.svg', + }, + orcid: { + client_id: 'CLIENT_SECRET', + client_secret: 'CLIENT_SECRET', + icon: 'icons/orcid.svg' + }, + keycloak: { + strategy: :keycloak_openid, + client_id: 'YOUR_KEYCLOAK_CLIENT_ID', + client_secret: 'YOUR_KEYCLOAK_CLIENT_SECRET', + client_options: { site: 'KEYCLOAK_SITE', realm: 'KEYCLOAK_REALM' }, + name: 'keycloak', + icon: 'icons/keycloak.svg' + } +}.freeze + # Don't load and don't display recent mappings if false, in case of too many mappings (take longer to load homepage) $DISPLAY_RECENT = false diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb new file mode 100644 index 000000000..af53788f9 --- /dev/null +++ b/config/initializers/omniauth.rb @@ -0,0 +1,5 @@ +Rails.application.config.middleware.use OmniAuth::Builder do + $OMNIAUTH_PROVIDERS.each do |provider, config| + provider config[:strategy] || provider, config[:client_id], config[:client_secret], client_options: {}.merge(config[:client_options].to_h) + end +end \ No newline at end of file