Single sign on for super admins (#648)
This commit is contained in:
parent
42f7d4f8d2
commit
b23f94dfb5
|
@ -62,6 +62,16 @@ module SessionsHelper
|
|||
# Retrieves the current user.
|
||||
def current_user
|
||||
@current_user ||= User.where(id: session[:user_id]).includes(:roles).first
|
||||
|
||||
if Rails.configuration.loadbalanced_configuration
|
||||
if @current_user && !@current_user.has_role?(:super_admin) &&
|
||||
@current_user.provider != @user_domain
|
||||
@current_user = nil
|
||||
session.clear
|
||||
end
|
||||
end
|
||||
|
||||
@current_user
|
||||
end
|
||||
|
||||
def generate_checksum(user_domain, redirect_url, secret)
|
||||
|
|
|
@ -2,4 +2,9 @@
|
|||
|
||||
# Be sure to restart your server when you modify this file.
|
||||
|
||||
Rails.application.config.session_store :cookie_store, key: '_greenlight-2_0_session'
|
||||
if Rails.configuration.loadbalanced_configuration
|
||||
Rails.application.config.session_store :cookie_store, key: '_greenlight-2_0_session',
|
||||
domain: ENV['GREENLIGHT_PARENT_DOMAIN'] || 'blindside-dev.com'
|
||||
else
|
||||
Rails.application.config.session_store :cookie_store, key: '_greenlight-2_0_session'
|
||||
end
|
||||
|
|
|
@ -20,6 +20,8 @@ require "rails_helper"
|
|||
|
||||
describe AdminsController, type: :controller do
|
||||
before do
|
||||
allow_any_instance_of(ApplicationController).to receive(:set_user_domain).and_return("provider1")
|
||||
controller.instance_variable_set(:@user_domain, "provider1")
|
||||
@user = create(:user, provider: "provider1")
|
||||
@admin = create(:user, provider: "provider1")
|
||||
@admin.add_role :admin
|
||||
|
@ -144,7 +146,7 @@ describe AdminsController, type: :controller do
|
|||
email = Faker::Internet.email
|
||||
post :invite, params: { invite_user: { email: email } }
|
||||
|
||||
invite = Invitation.find_by(email: email, provider: "greenlight")
|
||||
invite = Invitation.find_by(email: email, provider: "provider1")
|
||||
|
||||
expect(invite.present?).to eq(true)
|
||||
expect(flash[:success]).to be_present
|
||||
|
|
|
@ -42,9 +42,13 @@ describe ThemesController, type: :controller do
|
|||
it "returns the correct color based on provider" do
|
||||
allow(Rails.configuration).to receive(:loadbalanced_configuration).and_return(true)
|
||||
allow_any_instance_of(User).to receive(:greenlight_account?).and_return(true)
|
||||
allow_any_instance_of(ApplicationController).to receive(:set_user_domain).and_return("provider1")
|
||||
|
||||
color1 = Faker::Color.hex_color
|
||||
provider1 = Faker::Company.name
|
||||
|
||||
controller.instance_variable_set(:@user_domain, provider1)
|
||||
|
||||
Setting.create(provider: provider1).features.create(name: "Primary Color", value: color1, enabled: true)
|
||||
user1 = create(:user, provider: provider1)
|
||||
|
||||
|
|
|
@ -87,6 +87,8 @@ describe UsersController, type: :controller do
|
|||
it "allows admins to edit other users" do
|
||||
allow(Rails.configuration).to receive(:loadbalanced_configuration).and_return(true)
|
||||
allow_any_instance_of(User).to receive(:greenlight_account?).and_return(true)
|
||||
allow_any_instance_of(ApplicationController).to receive(:set_user_domain).and_return("provider1")
|
||||
controller.instance_variable_set(:@user_domain, "provider1")
|
||||
|
||||
user = create(:user, provider: "provider1")
|
||||
user.add_role :admin
|
||||
|
@ -339,6 +341,8 @@ describe UsersController, type: :controller do
|
|||
allow(Rails.configuration).to receive(:loadbalanced_configuration).and_return(true)
|
||||
allow_any_instance_of(User).to receive(:greenlight_account?).and_return(true)
|
||||
allow_any_instance_of(Room).to receive(:delete_all_recordings).and_return('')
|
||||
allow_any_instance_of(ApplicationController).to receive(:set_user_domain).and_return("provider1")
|
||||
controller.instance_variable_set(:@user_domain, "provider1")
|
||||
|
||||
user = create(:user, provider: "provider1")
|
||||
admin = create(:user, provider: "provider1")
|
||||
|
@ -354,6 +358,8 @@ describe UsersController, type: :controller do
|
|||
it "doesn't allow admins of other providers to delete users" do
|
||||
allow(Rails.configuration).to receive(:loadbalanced_configuration).and_return(true)
|
||||
allow_any_instance_of(User).to receive(:greenlight_account?).and_return(true)
|
||||
allow_any_instance_of(ApplicationController).to receive(:set_user_domain).and_return("provider2")
|
||||
controller.instance_variable_set(:@user_domain, "provider2")
|
||||
|
||||
user = create(:user, provider: "provider1")
|
||||
admin = create(:user, provider: "provider2")
|
||||
|
|
Reference in New Issue