Single sign on for super admins (#648)

This commit is contained in:
shawn-higgins1 2019-07-23 14:53:48 -04:00 committed by Jesus Federico
parent 42f7d4f8d2
commit b23f94dfb5
5 changed files with 29 additions and 2 deletions

View File

@ -62,6 +62,16 @@ module SessionsHelper
# Retrieves the current user.
def current_user
@current_user ||= User.where(id: session[:user_id]).includes(:roles).first
if Rails.configuration.loadbalanced_configuration
if @current_user && !@current_user.has_role?(:super_admin) &&
@current_user.provider != @user_domain
@current_user = nil
session.clear
end
end
@current_user
end
def generate_checksum(user_domain, redirect_url, secret)

View File

@ -2,4 +2,9 @@
# Be sure to restart your server when you modify this file.
Rails.application.config.session_store :cookie_store, key: '_greenlight-2_0_session'
if Rails.configuration.loadbalanced_configuration
Rails.application.config.session_store :cookie_store, key: '_greenlight-2_0_session',
domain: ENV['GREENLIGHT_PARENT_DOMAIN'] || 'blindside-dev.com'
else
Rails.application.config.session_store :cookie_store, key: '_greenlight-2_0_session'
end

View File

@ -20,6 +20,8 @@ require "rails_helper"
describe AdminsController, type: :controller do
before do
allow_any_instance_of(ApplicationController).to receive(:set_user_domain).and_return("provider1")
controller.instance_variable_set(:@user_domain, "provider1")
@user = create(:user, provider: "provider1")
@admin = create(:user, provider: "provider1")
@admin.add_role :admin
@ -144,7 +146,7 @@ describe AdminsController, type: :controller do
email = Faker::Internet.email
post :invite, params: { invite_user: { email: email } }
invite = Invitation.find_by(email: email, provider: "greenlight")
invite = Invitation.find_by(email: email, provider: "provider1")
expect(invite.present?).to eq(true)
expect(flash[:success]).to be_present

View File

@ -42,9 +42,13 @@ describe ThemesController, type: :controller do
it "returns the correct color based on provider" do
allow(Rails.configuration).to receive(:loadbalanced_configuration).and_return(true)
allow_any_instance_of(User).to receive(:greenlight_account?).and_return(true)
allow_any_instance_of(ApplicationController).to receive(:set_user_domain).and_return("provider1")
color1 = Faker::Color.hex_color
provider1 = Faker::Company.name
controller.instance_variable_set(:@user_domain, provider1)
Setting.create(provider: provider1).features.create(name: "Primary Color", value: color1, enabled: true)
user1 = create(:user, provider: provider1)

View File

@ -87,6 +87,8 @@ describe UsersController, type: :controller do
it "allows admins to edit other users" do
allow(Rails.configuration).to receive(:loadbalanced_configuration).and_return(true)
allow_any_instance_of(User).to receive(:greenlight_account?).and_return(true)
allow_any_instance_of(ApplicationController).to receive(:set_user_domain).and_return("provider1")
controller.instance_variable_set(:@user_domain, "provider1")
user = create(:user, provider: "provider1")
user.add_role :admin
@ -339,6 +341,8 @@ describe UsersController, type: :controller do
allow(Rails.configuration).to receive(:loadbalanced_configuration).and_return(true)
allow_any_instance_of(User).to receive(:greenlight_account?).and_return(true)
allow_any_instance_of(Room).to receive(:delete_all_recordings).and_return('')
allow_any_instance_of(ApplicationController).to receive(:set_user_domain).and_return("provider1")
controller.instance_variable_set(:@user_domain, "provider1")
user = create(:user, provider: "provider1")
admin = create(:user, provider: "provider1")
@ -354,6 +358,8 @@ describe UsersController, type: :controller do
it "doesn't allow admins of other providers to delete users" do
allow(Rails.configuration).to receive(:loadbalanced_configuration).and_return(true)
allow_any_instance_of(User).to receive(:greenlight_account?).and_return(true)
allow_any_instance_of(ApplicationController).to receive(:set_user_domain).and_return("provider2")
controller.instance_variable_set(:@user_domain, "provider2")
user = create(:user, provider: "provider1")
admin = create(:user, provider: "provider2")