1d557305d2 
								
									
								
							
								 
							
						 
						
							
							
								
								Enable Rubocop Style/FrozenStringLiteralComment ( #23793 )  
							
							
							
						 
						
							2023-07-12 09:47:08 +02:00  
				
					
						
							
							
								 
						
							
							
								c0b9664a31 
								
									
								
							
								 
							
						 
						
							
							
								
								Autofix Rubocop spacing in config ( #25022 )  
							
							
							
						 
						
							2023-05-22 13:17:56 +02:00  
				
					
						
							
							
								 
						
							
							
								ae4f068a84 
								
									
								
							
								 
							
						 
						
							
							
								
								Fix CAS_DISPLAY_NAME, SAML_DISPLAY_NAME and OIDC_DISPLAY_NAME being ignored ( #18568 )  
							
							
							
						 
						
							2022-06-01 19:22:55 +02:00  
				
					
						
							
							
								 
						
							
							
								a6ed6845c9 
								
									
								
							
								 
							
						 
						
							
							
								
								Allow login through OpenID Connect ( #16221 )  
							
							... 
							
							
							
							* added OpenID Connect as an SSO option
* minor fixes
* added comments, removed an option that shouldn't be set
* fixed Gemfile.lock
* added newline to end of Gemfile.lock
* removed tab from Gemfile.lock
* remove chomp
* codeclimate changes and small name change to make function's purpose clearer
* codeclimate fix
* added SSO buttons to /about page
* minor refactor
* minor style change
* removed spurious change
* removed unecessary conditional from ensure_valid_username and added support for auth.info.name in user_params_from_auth
* minor changes 
							
						 
						
							2022-03-09 12:07:35 +01:00  
				
					
						
							
							
								 
						
							
							
								b5329e0035 
								
									
								
							
								 
							
						 
						
							
							
								
								Spelling ( #17705 )  
							
							... 
							
							
							
							* spelling: account
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: affiliated
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: appearance
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: autosuggest
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: cacheable
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: component
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: conversations
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: domain.example
Clarify what's distinct and use RFC friendly domain space.
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: environment
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: exceeds
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: functional
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: inefficiency
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: not
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: notifications
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: occurring
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: position
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: progress
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: promotable
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: reblogging
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: repetitive
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: resolve
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: saturated
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: similar
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: strategies
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: success
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: targeting
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: thumbnails
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: unauthorized
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: unsensitizes
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: validations
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* spelling: various
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com> 
							
						 
						
							2022-03-06 22:51:40 +01:00  
				
					
						
							
							
								 
						
							
							
								cfa583fa71 
								
									
								
							
								 
							
						 
						
							
							
								
								Remove support for OAUTH_REDIRECT_AT_SIGN_IN ( #17287 )  
							
							... 
							
							
							
							Fixes  #15959 
Introduced in #6540 , OAUTH_REDIRECT_AT_SIGN_IN allowed skipping the log-in form
to instead redirect to the external OmniAuth login provider.
However, it did not prevent the log-in form on /about introduced by #10232  from
appearing, and completely broke with the introduction of #15228 .
As I restoring that previous log-in flow without introducing a security
vulnerability may require extensive care and knowledge of how OmniAuth works,
this commit removes support for OAUTH_REDIRECT_AT_SIGN_IN instead for the time
being. 
						
							2022-01-23 15:50:41 +01:00  
				
					
						
							
							
								 
						
							
							
								2ed1c92c63 
								
									
								
							
								 
							
						 
						
							
							
								
								New env variable: CAS_SECURITY_ASSUME_EMAIL_IS_VERIFIED ( #16655 )  
							
							... 
							
							
							
							When using a CAS server, the users only have a temporary email
`change@me-foo-cas.com` which can't be changed but by an
administrator.
We need a new environment variable like for SAML to assume the email
from CAS is verified.
* config/initializers/omniauth.rb: define CAS option for assuming
  email are always verified.
* .env.nanobox: add new variable as an example. 
							
						 
						
							2021-08-25 18:41:24 +02:00  
				
					
						
							
							
								 
						
							
							
								f47c177eb7 
								
									
								
							
								 
							
						 
						
							
							
								
								Support clock drift in Omniauth SAML provider ( #15511 )  
							
							... 
							
							
							
							The setting is not well documented by the provider, but allows for
clock skew between SP and IDP, see:
https://github.com/omniauth/omniauth-saml/blob/master/spec/omniauth/strategies/saml_spec.rb 
Co-authored-by: kaiyou <dev@kaiyou.fr> 
							
						 
						
							2021-01-08 07:07:08 +01:00  
				
					
						
							
							
								 
						
							
							
								7169928f96 
								
							
								 
							
						 
						
							
							
								
								cas_options :validate_url should be :service_validate_url ( #10328 )  
							
							... 
							
							
							
							Otherwise, no matter what is given for CAS_VALIDATE_URL the default /serviceValidate path would be used. 
							
						 
						
							2019-03-21 04:06:41 +01:00  
				
					
						
							
							
								 
						
							
							
								0a4739c732 
								
							
								 
							
						 
						
							
							
								
								lint pass 2 ( #8878 )  
							
							... 
							
							
							
							* Code quality pass
* Typofix
* Update applications_controller_spec.rb
* Update applications_controller_spec.rb 
							
						 
						
							2018-10-04 17:38:04 +02:00  
				
					
						
							
							
								 
						
							
							
								1f98eae1cf 
								
							
								 
							
						 
						
							
							
								
								Lint pass ( #8876 )  
							
							
							
						 
						
							2018-10-04 12:36:53 +02:00  
				
					
						
							
							
								 
						
							
							
								dd9d00d293 
								
							
								 
							
						 
						
							
							
								
								Add additional first_name and last_name SAML attribute statement options, and modify Omniauthable concern to use full_name or first_name + last_name if not available ( #6669 )  
							
							
							
						 
						
							2018-03-07 06:19:10 +01:00  
				
					
						
							
							
								 
						
							
							
								e668180044 
								
							
								 
							
						 
						
							
							
								
								New variable OAUTH_REDIRECT_AT_SIGN_IN + Ref  #6538  (not only SAML strategies) ( #6540 )  
							
							
							
						 
						
							2018-02-23 01:16:17 +01:00  
				
					
						
							
							
								 
						
							
							
								3084fe4959 
								
							
								 
							
						 
						
							
							
								
								New env variable: SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED +  fixes   #6533  ( #6538 )  
							
							
							
						 
						
							2018-02-22 23:31:25 +01:00  
				
					
						
							
							
								 
						
							
							
								26f21fd5a0 
								
									
								
							
								 
							
						 
						
							
							
								
								CAS + SAML authentication feature ( #6425 )  
							
							... 
							
							
							
							* Cas authentication feature
* Config
* Remove class_eval + Omniauth initializer
* Codeclimate review
* Codeclimate review 2
* Codeclimate review 3
* Remove uid/email reconciliation
* SAML authentication
* Clean up code
* Improve login form
* Fix code style issues
* Add locales 
							
						 
						
							2018-02-04 05:42:13 +01:00