merenber
/
greenlight
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Single sign on for super admins (#648)

Browse Source
v2
shawn-higgins1 4 years ago committed by Jesus Federico
parent 42f7d4f8d2
commit b23f94dfb5
5 changed files with 29 additions and 2 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 10
      app/helpers/sessions_helper.rb
  2. 7
      config/initializers/session_store.rb
  3. 4
      spec/controllers/admins_controller_spec.rb
  4. 4
      spec/controllers/themes_controller_spec.rb
  5. 6
      spec/controllers/users_controller_spec.rb

10
app/helpers/sessions_helper.rb
Unescape View File

@ -62,6 +62,16 @@ module SessionsHelper
# Retrieves the current user.
def current_user
@current_user ||= User.where(id: session[:user_id]).includes(:roles).first
if Rails.configuration.loadbalanced_configuration
if @current_user && !@current_user.has_role?(:super_admin) &&
@current_user.provider != @user_domain
@current_user = nil
session.clear
end
end
@current_user
end
def generate_checksum(user_domain, redirect_url, secret)

7
config/initializers/session_store.rb
Unescape View File

@ -2,4 +2,9 @@
# Be sure to restart your server when you modify this file.
Rails.application.config.session_store :cookie_store, key: '_greenlight-2_0_session'
if Rails.configuration.loadbalanced_configuration
Rails.application.config.session_store :cookie_store, key: '_greenlight-2_0_session',
domain: ENV['GREENLIGHT_PARENT_DOMAIN'] || 'blindside-dev.com'
else
Rails.application.config.session_store :cookie_store, key: '_greenlight-2_0_session'
end

4
spec/controllers/admins_controller_spec.rb
Unescape View File

@ -20,6 +20,8 @@ require "rails_helper"
describe AdminsController, type: :controller do
before do
allow_any_instance_of(ApplicationController).to receive(:set_user_domain).and_return("provider1")
controller.instance_variable_set(:@user_domain, "provider1")
@user = create(:user, provider: "provider1")
@admin = create(:user, provider: "provider1")
@admin.add_role :admin
@ -144,7 +146,7 @@ describe AdminsController, type: :controller do
email = Faker::Internet.email
post :invite, params: { invite_user: { email: email } }
invite = Invitation.find_by(email: email, provider: "greenlight")
invite = Invitation.find_by(email: email, provider: "provider1")
expect(invite.present?).to eq(true)
expect(flash[:success]).to be_present

4
spec/controllers/themes_controller_spec.rb
Unescape View File

@ -42,9 +42,13 @@ describe ThemesController, type: :controller do
it "returns the correct color based on provider" do
allow(Rails.configuration).to receive(:loadbalanced_configuration).and_return(true)
allow_any_instance_of(User).to receive(:greenlight_account?).and_return(true)
allow_any_instance_of(ApplicationController).to receive(:set_user_domain).and_return("provider1")
color1 = Faker::Color.hex_color
provider1 = Faker::Company.name
controller.instance_variable_set(:@user_domain, provider1)
Setting.create(provider: provider1).features.create(name: "Primary Color", value: color1, enabled: true)
user1 = create(:user, provider: provider1)

6
spec/controllers/users_controller_spec.rb
Unescape View File

@ -87,6 +87,8 @@ describe UsersController, type: :controller do
it "allows admins to edit other users" do
allow(Rails.configuration).to receive(:loadbalanced_configuration).and_return(true)
allow_any_instance_of(User).to receive(:greenlight_account?).and_return(true)
allow_any_instance_of(ApplicationController).to receive(:set_user_domain).and_return("provider1")
controller.instance_variable_set(:@user_domain, "provider1")
user = create(:user, provider: "provider1")
user.add_role :admin
@ -339,6 +341,8 @@ describe UsersController, type: :controller do
allow(Rails.configuration).to receive(:loadbalanced_configuration).and_return(true)
allow_any_instance_of(User).to receive(:greenlight_account?).and_return(true)
allow_any_instance_of(Room).to receive(:delete_all_recordings).and_return('')
allow_any_instance_of(ApplicationController).to receive(:set_user_domain).and_return("provider1")
controller.instance_variable_set(:@user_domain, "provider1")
user = create(:user, provider: "provider1")
admin = create(:user, provider: "provider1")
@ -354,6 +358,8 @@ describe UsersController, type: :controller do
it "doesn't allow admins of other providers to delete users" do
allow(Rails.configuration).to receive(:loadbalanced_configuration).and_return(true)
allow_any_instance_of(User).to receive(:greenlight_account?).and_return(true)
allow_any_instance_of(ApplicationController).to receive(:set_user_domain).and_return("provider2")
controller.instance_variable_set(:@user_domain, "provider2")
user = create(:user, provider: "provider1")
admin = create(:user, provider: "provider2")