Class: ConcertoShibAuth::ApplicationController

Inherits:
ApplicationController
  • Object
show all
Defined in:
app/controllers/concerto_shib_auth/application_controller.rb

Direct Known Subclasses

OmniauthCallbackController

Instance Method Summary collapse

Instance Method Details

#find_from_omniauth(shib_hash) ⇒ Object

Find or create a new user based on values returned by the shib callback



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
 
# File 'app/controllers/concerto_shib_auth/application_controller.rb', line 9

def find_from_omniauth(shib_hash)
  # Get configuration options for customized shib return value identifiers
  omniauth_keys = ConcertoShibAuth::Engine.config.omniauth_keys

  # Check if an identity records exists for the user attempting to sign in
  if identity = ConcertoIdentity::Identity.find_by_external_id(
                                        shib_hash[omniauth_keys[:uid_key]])
    # Return the matching user record
    return identity.user
  else
    # Add a new user via omniauth shib details
    user = User.new

    # Set user attributes

    # First name is required for user validation
    if !shib_hash[omniauth_keys[:first_name_key]].nil?
      user.first_name = shib_hash[omniauth_keys[:first_name_key]]
    else 
      user.first_name = shib_hash[omniauth_keys[:uid_key]]
    end

    # Email is required for user validation
    if !shib_hash[omniauth_keys[:email_key]].nil?
      user.email = shib_hash[omniauth_keys[:email_key]]
    else
      user.email = shib_hash[omniauth_keys[:uid_key]] + 
                   "@" + omniauth_keys[:email_suffix].tr("@", "")
    end

    # Set user admin flag to false
    user.is_admin = false
    # Set user password and confirmation to random tokens
    user.password,user.password_confirmation=Devise.friendly_token.first(8)

    # Check if this is our application's first user
    if !User.exists?
      # First user is an admin
      first_user_setup = true
      user.is_admin = true

      # Error reporting
      user.recieve_moderation_notifications = true
      user.confirmed_at = Date.today

      # Set concerto system config variables
      if ConcertoConfig["setup_complete"] == false
        ConcertoConfig.set("setup_complete", "true")
        ConcertoConfig.set("send_errors", "true")
      end

      # Create Concerto Admin Group
      group = Group.where(:name => "Concerto Admins").first_or_create
      membership = Membership.create(:user_id => user.id, 
        :group_id => group.id, 
        :level => Membership::LEVELS[:leader])
    end

    # Attempt to save our new user
    if user.save
      # Create a matching identity to track our new user for future 
      #   sessions and return our new user record 
      ConcertoIdentity::Identity.create(provider: "shibboleth", 
        external_id: shib_hash[omniauth_keys[:uid_key]], 
        user_id: user.id)
      return user
    else
      # User save failed, an error occurred 
      flash.notice = "Failed to sign in with Shib. 
        #{user.errors.full_messages.to_sentence}."
      return nil
    end
  end
end