diff --git a/README.md b/README.md index 597ae17..e47a09f 100644 --- a/README.md +++ b/README.md @@ -46,6 +46,12 @@ > > cp config/database_example.yml config/database.yml > > cp config/secrets_example.yml config/secrets.yml +* Make copies of the example gem initializer files and update the values for your installation + +> > cp config/initializers/devise.rb.example config/initializers/devise.rb +> > cp config/initializers/recaptcha.rb.example config/initializers/recaptcha.rb +> > cp config/initializers/wicked_pdf.rb.example config/initializers/wicked_pdf.rb + * Create an environment variable for your instance's secret (as defined in config/secrets.yml). You should use the following command to generate secrets for each of your environments, storing the production one in the environment variable: > > rake secret @@ -58,11 +64,7 @@ > > rake db:migrate -> > rake db:seed - -* Setup the devise authentication gem - -> > rails generate devise:install (Is this really necessary?) +> > rake db:seed (Unless you are migrating data from an old DMPOnline system) * Start the application @@ -71,6 +73,10 @@ * Verify that the site is running properly by going to http://localhost:3000 * Login as the default administrator: 'super_admin@example.com' - 'password1' +#### Migrating data from a running instance of DMPOnline_v4 into DMPRoadmap + +TODO: Add instructions on exporting data from the old DB and migrating it into the Roadmap DB + #### Troubleshooting ##### Installation - OSX: @@ -88,6 +94,12 @@ > > bundle install +##### Post Installation Issues + +I installed the system and migrated my legacy DMPOnline data into the database but none of my users are able to login! + +This happens when the 'pepper' key defined in config/initializers/devise.rb does not match the one on your old server. Simply update the pepper and restart the application. + #### Support Issues should be reported here on [Github Issues](https://github.com/DMPRoadmap/roadmap/issues) Please be advised though that we can only provide limited support for your local installations. diff --git a/app/controllers/registrations_controller.rb b/app/controllers/registrations_controller.rb index 27ebbd2..abba8e8 100644 --- a/app/controllers/registrations_controller.rb +++ b/app/controllers/registrations_controller.rb @@ -6,6 +6,26 @@ @identifier_schemes = IdentifierScheme.order(:name) end + # GET /resource + def new + oauth = session["devise.#{scheme.name.downcase}_data"] + @user = User.new + + unless oauth.nil? + # The OAuth provider could not be determined or there was no unique UID! + if oauth.provider.nil? || oauth.uid.nil? + flash[:notice] = t('identifier_schemes.new_login_failure') + + else + # Connect the new user with the identifier sent back by the OAuth provider + flash[:notice] = t('identifier_schemes.new_login_success') + UserIdentifier.create(identifier_scheme: oauth.provider.upcase, + identifier: oauth.uid, + user: @user) + end + end + end + # POST /resource def create logger.debug "#{sign_up_params}" diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 8d49dc7..3719d84 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -2,6 +2,7 @@ # POST /auth/:provider/callback # --------------------------------------------------------------------- +=begin def oauth_create existing_user = User.find_by_email(params[:user][:email]) @@ -9,7 +10,8 @@ existing_user = UserIdentifier.find_by(identifier: params[:omniauth][:auth]) end end - +=end + # Capture the user's shibboleth id if they're coming in from an IDP # --------------------------------------------------------------------- def create diff --git a/app/controllers/users/omniauth_callbacks_controller.rb b/app/controllers/users/omniauth_callbacks_controller.rb index 74a9b8c..383974f 100644 --- a/app/controllers/users/omniauth_callbacks_controller.rb +++ b/app/controllers/users/omniauth_callbacks_controller.rb @@ -20,26 +20,32 @@ # @scheme [IdentifierScheme] The IdentifierScheme for the provider # ------------------------------------------------------------- def handle_omniauth(scheme) + +puts "GOT IN" + user = User.from_omniauth(request.env["omniauth.auth"]) # If the user isn't logged in if current_user.nil? - session["devise.#{scheme.name.downcase}_data"] = request.env["omniauth.auth"] - # If the uid didn't have a match in the system send them to register - if user.email.nil? + if user.nil? +puts "A" + session["devise.#{scheme.name.downcase}_data"] = request.env["omniauth.auth"] redirect_to new_user_registration_url # Otherwise sign them in else +puts "B" sign_in_and_redirect @user, event: :authentication set_flash_message(:notice, :success, kind: scheme.name) if is_navigational_format? end - # The user is just registering the uid with us + # The user is already logged in and just registering the uid with us else +puts "C" # If the user could not be found by that uid then attach it to their record - if user.email.nil? || user.email.empty? + if user.nil? +puts "D" if UserIdentifier.create(identifier_scheme: scheme, identifier: request.env["omniauth.auth"].uid, user: current_user) @@ -50,12 +56,14 @@ end end + # Redirect to the User Profile page redirect_to edit_user_registration_path end end - + # TODO: We should consider rolling the below function up into the + # generic handler above # ------------------------------------------------------------- def shibboleth if user_signed_in? && current_user.shibboleth_id.present? && current_user.shibboleth_id.length > 0 then diff --git a/app/models/user.rb b/app/models/user.rb index e43f6c3..ae828c4 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -286,7 +286,7 @@ throw Exception.new('Unknown OAuth provider: ' + auth.provider) else joins(:user_identifiers).where('user_identifiers.identifier': auth.uid, - 'user_identifiers.identifier_scheme_id': scheme.id).first_or_create + 'user_identifiers.identifier_scheme_id': scheme.id).first end end diff --git a/config/locales/de.yml b/config/locales/de.yml index 2159455..37c64fc 100644 --- a/config/locales/de.yml +++ b/config/locales/de.yml @@ -689,6 +689,8 @@ connect_failure: 'Wir konnten nicht auf Ihr Konto %{scheme} verbinden' disconnect_success: 'Ihr Konto wurde von %{scheme} getrennt' disconnect_failure: 'Wir waren nicht in der Lage, Ihr Konto zu trennen von %{scheme}' + new_login_success: 'Sie haben nicht Setup ein Konto bei uns. Bitte füllen Sie das folgende Informationen, um Ihre Registrierung abzuschließen.' + new_login_failure: 'Wir waren nicht in der Lage, Ihr Konto zu überprüfen. Bitte benutzen Sie das folgende Formular ein neues Konto zu erstellen. Sie können danach Ihr neues Konto zu verknüpfen.' schemes: ORCID: diff --git a/config/locales/en-UK.yml b/config/locales/en-UK.yml index 260a8d6..a2553c4 100644 --- a/config/locales/en-UK.yml +++ b/config/locales/en-UK.yml @@ -744,7 +744,9 @@ connect_failure: 'We could not connect your account to %{scheme}' disconnect_success: 'Your account has been disconnected from %{scheme}' disconnect_failure: 'We were unable to disconnect your account from %{scheme}' - + new_login_success: 'It does not look like you have setup an account with us yet. Please fill in the following information to complete your registration.' + new_login_failure: 'We were unable to verify your account. Please use the following form to create a new account. You will be able to link your new account afterward.' + schemes: ORCID: logo: 'http://orcid.org/sites/default/files/images/orcid_16x16.png' diff --git a/config/locales/en-US.yml b/config/locales/en-US.yml index a577b6a..1c1fd8d 100644 --- a/config/locales/en-US.yml +++ b/config/locales/en-US.yml @@ -730,7 +730,9 @@ connect_failure: 'We could not connect your account to %{scheme}' disconnect_success: 'Your account has been disconnected from %{scheme}' disconnect_failure: 'We were unable to disconnect your account from %{scheme}' - + new_login_success: 'It does not look like you have setup an account with us yet. Please fill in the following information to complete your registration.' + new_login_failure: 'We were unable to verify your account. Please use the following form to create a new account. You will be able to link your new account afterward.' + schemes: ORCID: logo: 'http://orcid.org/sites/default/files/images/orcid_16x16.png' diff --git a/config/locales/fr.yml b/config/locales/fr.yml index 08bf9f5..ac633e4 100644 --- a/config/locales/fr.yml +++ b/config/locales/fr.yml @@ -702,6 +702,8 @@ connect_failure: 'Nous ne pouvions pas connecter votre compte %{scheme}' disconnect_success: 'Votre compte a été déconnecté de %{scheme}' disconnect_failure: 'Nous avons été incapables de déconnecter votre compte %{scheme}' + new_login_success: "Vous ne l'avez pas configurer un compte avec nous. S'il vous plaît remplir les informations ci-dessous pour terminer votre inscription." + new_login_failure: "Nous avons été en mesure de vérifier votre compte. S'il vous plaît utiliser le formulaire ci-dessous pour créer un nouveau compte. Vous serez en mesure de lier votre nouveau compte par la suite." schemes: ORCID: diff --git a/config/routes.rb b/config/routes.rb index 7dc078f..0ed5f51 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -19,7 +19,7 @@ get 'auth/shibboleth' => 'users/omniauth_shibboleth_request#redirect', :as => 'user_omniauth_shibboleth' get 'auth/shibboleth/assoc' => 'users/omniauth_shibboleth_request#associate', :as => 'user_shibboleth_assoc' - post '/auth/:provider/callback' => 'sessions#oauth_create' + #post '/auth/:provider/callback' => 'sessions#oauth_create' # fix for activeadmin signout bug devise_scope :user do diff --git a/db/migrate/20161104161345_remove_logo_from_identifier_schemes.rb b/db/migrate/20161104161345_remove_logo_from_identifier_schemes.rb new file mode 100644 index 0000000..f7b27bf --- /dev/null +++ b/db/migrate/20161104161345_remove_logo_from_identifier_schemes.rb @@ -0,0 +1,5 @@ +class RemoveLogoFromIdentifierSchemes < ActiveRecord::Migration + def change + remove_column :identifier_schemes, :logo + end +end diff --git a/db/schema.rb b/db/schema.rb index 2c77110..9cd276f 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -11,7 +11,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20161102221313) do +ActiveRecord::Schema.define(version: 20161104161345) do create_table "answers", force: :cascade do |t| t.text "text" @@ -124,7 +124,6 @@ create_table "identifier_schemes", force: :cascade do |t| t.string "name" - t.string "logo" t.string "api_key" t.string "api_secret" t.string "landing_page_uri" @@ -185,6 +184,7 @@ t.boolean "is_other" t.string "sort_name" t.text "banner_text" + t.string "logo_file_name" t.integer "region_id" t.integer "language_id" t.string "logo_uid" @@ -374,6 +374,13 @@ t.integer "identifier_scheme_id" end + create_table "user_role_types", force: :cascade do |t| + t.string "name" + t.text "description" + t.datetime "created_at" + t.datetime "updated_at" + end + create_table "user_statuses", force: :cascade do |t| t.string "name" t.text "description" diff --git a/db/seeds.rb b/db/seeds.rb index 47ddf00..55845dc 100644 --- a/db/seeds.rb +++ b/db/seeds.rb @@ -90,7 +90,6 @@ 'orcid' => { name: 'ORCID', landing_page_uri: 'https://orcid.org/{id}', - logo: '/assets/orcid.png', api_key: 'ABCD1234', api_secret: 'secret', params: '{"scope": "/authenticate"}' diff --git a/test/fixtures/identifier_schemes.yml b/test/fixtures/identifier_schemes.yml new file mode 100644 index 0000000..a6383be --- /dev/null +++ b/test/fixtures/identifier_schemes.yml @@ -0,0 +1,9 @@ +<% # Load the org types from thosedefined in the MagicStrings section of the locale %> +<% I18n.t("identifier_schemes.schemes").each do |k,v| %> +<%= k.downcase %>: + name: <%= "#{k}" %> + api_key: 'ABCDEFG' + api_secret: '123456' + landing_page_uri: 'http://example-site.edu' + params: '{"scope":"/do_something"}' +<% end %> \ No newline at end of file diff --git a/test/functional/users/omniauth_callbacks_controller_test.rb b/test/functional/users/omniauth_callbacks_controller_test.rb new file mode 100644 index 0000000..8bf6245 --- /dev/null +++ b/test/functional/users/omniauth_callbacks_controller_test.rb @@ -0,0 +1,53 @@ +class OmniauthCallbacksController < ActionDispatch::IntegrationTest + + setup do + + end + + ## + # Dynamically test the registered omniauth handlers + # ------------------------------------------------------------- + test "should redirect to registration page if user is not already logged in and the omniauth provider does not supply correct information" do + + IdentifierScheme.all.each do |scheme| + uri = Rails.application.routes.url_helpers.send( + "user_#{scheme.name.downcase}_omniauth_authorize_path") + + header = {"omniauth.auth": { + "provider": "#{scheme.name.downcase}", + "uid": "0000-0003-2012-0010", + "info": { + "name": "John Smith", + "email": nil + }, + "credentials": { + "token": "e82938fa-a287-42cf-a2ce-f48ef68c9a35", + "refresh_token": "f94c58dd-b452-44f4-8863-0bf8486a0071", + "expires_at": 1979903874, + "expires": true + }, + "extra": {} + }} + + # Not yet logged in, valid responses from provider + # -------------------------------------------------------------- +=begin + post "#{uri}/callback", headers: headers + + assert_equal I18n.t('identifier_schemes.new_login_success'), flash[:notice], "Expected a success message when simulating a valid callback from #{scheme.name}" + assert_redirected_to new_user_registration_url, "Expected a redirect to the registration page when the user is not logged in and we received a valid callback from #{scheme.name}" + + # Not yet logged in, invalid responses from provider + # -------------------------------------------------------------- + confirm_invalid_provider_response(scheme.name, uri, nil) + + confirm_invalid_provider_response(scheme.name, uri, {'omniauth.auth': {}}) + + confirm_invalid_provider_response(scheme.name, uri, {'omniauth.auth': {'provider': scheme.name.downcase}}) + + confirm_invalid_provider_response(scheme.name, uri, {'omniauth.auth': {'uid': '123456'}}) +=end + end + end + +end \ No newline at end of file diff --git a/test/routing_test.rb b/test/routing_test.rb index 8ac04af..c83d5a1 100644 --- a/test/routing_test.rb +++ b/test/routing_test.rb @@ -34,6 +34,24 @@ assert_routing "/#{I18n.locale}/terms", target end + # OAuth - Based on providers identified in the en-UK locale file + # ------------------------------------------------------------------- + test "GET /users/auth/[:provider] should resolve to OmniauthCallbackController#passthru" do + target = {controller: "users/omniauth_callbacks", action: "passthru"} + + IdentifierScheme.all.each do |scheme| + assert_routing "/users/auth/#{scheme.name.downcase}", target + end + end + + test "POST /auth/[:provider]/callback should resolve to OmniauthCallbackController#[:provider]" do + IdentifierScheme.all.each do |scheme| + target = {controller: "users/omniauth_callbacks", action: "#{scheme.name.downcase}"} + assert_routing "/users/auth/#{scheme.name.downcase}/callback", target + end + end + + # Routing for Users (Some resolve to UsersController and others to Devise's # RegistrationController) # -------------------------------------------------------------------