From 6b46931ef76dd7a5011f59ee2741db1d1ec3dbe9 Mon Sep 17 00:00:00 2001 From: Ahmad Farhat Date: Mon, 20 Nov 2023 13:17:17 -0500 Subject: [PATCH] Make changes to openid_connect uid field (#5523) * Make changes to openid_connect uid field * Clean up --- .rubocop.yml | 4 ++-- .../api/v1/migrations/external_controller.rb | 3 --- app/controllers/external_controller.rb | 10 +++++++++- config/initializers/omniauth.rb | 4 ++-- sample.env | 1 + 5 files changed, 14 insertions(+), 8 deletions(-) diff --git a/.rubocop.yml b/.rubocop.yml index 9f6ae1c9eb..db58bc2600 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -70,7 +70,7 @@ Metrics/ClassLength: # A calculated magnitude based on number of assignments, # branches, and conditions. Metrics/AbcSize: - Max: 65 + Max: 75 Metrics/ParameterLists: CountKeywordArgs: false @@ -82,7 +82,7 @@ Metrics/CyclomaticComplexity: Max: 16 Metrics/PerceivedComplexity: - Max: 15 + Max: 17 Rails/Exit: Exclude: diff --git a/app/controllers/api/v1/migrations/external_controller.rb b/app/controllers/api/v1/migrations/external_controller.rb index b398e241e5..f5191878ad 100644 --- a/app/controllers/api/v1/migrations/external_controller.rb +++ b/app/controllers/api/v1/migrations/external_controller.rb @@ -16,8 +16,6 @@ # frozen_string_literal: true -# rubocop:disable Metrics/PerceivedComplexity - module Api module V1 module Migrations @@ -276,4 +274,3 @@ def generate_secure_pwd end end end -# rubocop:enable Metrics/PerceivedComplexity diff --git a/app/controllers/external_controller.rb b/app/controllers/external_controller.rb index 7e91680566..a4b87b6af1 100644 --- a/app/controllers/external_controller.rb +++ b/app/controllers/external_controller.rb @@ -30,7 +30,15 @@ def create_user user_info = build_user_info(credentials) - user = User.find_by(external_id: credentials['uid'], provider:) || User.find_by(email: credentials['info']['email'], provider:) + user = User.find_by(external_id: credentials['uid'], provider:) + + # Fallback mechanism to search by email + if user.blank? + user = User.find_by(email: credentials['info']['email'], provider:) + # Update the user's external id to the latest value to avoid using the fallback + user.update(external_id: credentials['uid']) if user.present? && credentials['uid'].present? + end + new_user = user.blank? registration_method = SettingGetter.new(setting_name: 'RegistrationMethod', provider: current_provider).call diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb index 9567c50278..7d0a0cb7c9 100644 --- a/config/initializers/omniauth.rb +++ b/config/initializers/omniauth.rb @@ -29,7 +29,7 @@ env['omniauth.strategy'].options[:issuer] = issuer_url env['omniauth.strategy'].options[:scope] = %i[openid email profile] - env['omniauth.strategy'].options[:uid_field] = ENV.fetch('OPENID_CONNECT_UID_FIELD', 'preferred_username') + env['omniauth.strategy'].options[:uid_field] = ENV.fetch('OPENID_CONNECT_UID_FIELD', 'sub') env['omniauth.strategy'].options[:discovery] = true env['omniauth.strategy'].options[:client_options].identifier = ENV.fetch('OPENID_CONNECT_CLIENT_ID') env['omniauth.strategy'].options[:client_options].secret = secret @@ -46,7 +46,7 @@ provider :openid_connect, issuer:, scope: %i[openid email profile], - uid_field: ENV.fetch('OPENID_CONNECT_UID_FIELD', 'preferred_username'), + uid_field: ENV.fetch('OPENID_CONNECT_UID_FIELD', 'sub'), discovery: true, client_options: { identifier: ENV.fetch('OPENID_CONNECT_CLIENT_ID'), diff --git a/sample.env b/sample.env index 7a5f35434d..9b3a2510d9 100644 --- a/sample.env +++ b/sample.env @@ -44,6 +44,7 @@ REDIS_URL= #OPENID_CONNECT_CLIENT_SECRET= #OPENID_CONNECT_ISSUER= #OPENID_CONNECT_REDIRECT= +#OPENID_CONNECT_UID_FIELD= # To enable hCaptcha on the user sign up and sign in, define these 2 keys #HCAPTCHA_SITE_KEY=