Configure Omniauth [wip]

Author: parndt

Gemfile

@@ -1,14 +1,14 @@
 # frozen_string_literal: true
 
 source "https://rubygems.org"
-ruby File.read(File.expand_path(".ruby-version", __dir__)).strip
+ruby file: ".ruby-version"
 
-gem "omniauth-azure-activedirectory-v2", "~> 2.1.0"
 gem "batch_api"
 gem "bcrypt", "~> 3.1.7"
 gem "clockwork"
 gem "devise"
-gem "devise_token_auth"
+gem "devise_token_auth", "~> 1.2"
+gem "omniauth-azure-activedirectory-v2", "~> 2.1.0"
 gem "foundation-rails"
 gem "fog-aws"
 gem "jquery-rails"

Gemfile.lock

@@ -121,7 +121,7 @@ GEM
     devise_token_auth (1.2.2)
       bcrypt (~> 3.0)
       devise (> 3.5.2, < 5)
-      rails (>= 4.2.0, < 7.1)
+      rails (>= 4.2.0, < 7.2)
     diff-lcs (1.5.0)
     docile (1.4.0)
     dotenv (2.8.1)
@@ -474,7 +474,7 @@ DEPENDENCIES
   connection_pool
   database_cleaner
   devise
-  devise_token_auth
+  devise_token_auth (~> 1.2)
   dotenv-rails
   factory_bot_rails (~> 6.0)
   faker

app/controllers/application_controller.rb

@@ -2,7 +2,7 @@
 
 class ApplicationController < ActionController::Base
   include DeviseTokenAuth::Concerns::SetUserByToken
-  include Pundit
+  include Pundit::Authorization
   rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized
 
   protect_from_forgery with: :exception

app/models/user.rb

@@ -1,16 +1,13 @@
 # frozen_string_literal: true
 
 class User < VersionedRecord
-  # Include default devise modules.
-  devise :database_authenticatable, :registerable,
-    :recoverable, :rememberable, :trackable, :validatable
-  include DeviseTokenAuth::Concerns::User
-  has_paper_trail ignore: [:tokens, :updated_at]
-
   # Include default devise modules. Others available are:
   # :confirmable, :lockable, :timeoutable and :omniauthable
   devise :database_authenticatable, :registerable,
     :recoverable, :rememberable, :trackable, :validatable
+  #  :omniauthable
+  include DeviseTokenAuth::Concerns::User
+  has_paper_trail ignore: [:tokens, :updated_at]
 
   has_many :user_roles, dependent: :destroy
   has_many :roles, through: :user_roles

config/initializers/devise.rb

@@ -247,12 +247,6 @@
   # Add a new OmniAuth provider. Check the wiki for more information on setting
   # up on your models and hooks.
   # config.omniauth :github, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo'
-  config.omniauth :azure_activedirectory_v2, {
-    client_id: ENV["AZURE_CLIENT_ID"],
-    client_secret: ENV["AZURE_CLIENT_SECRET"],
-    provider_ignores_state: ENV.fetch("AZURE_PROVIDER_IGNORES_STATE", "false") == "true",
-    tenant_id: ENV["AZURE_TENANT_ID"]
-  }
 
   # ==> Warden configuration
   # If you want to use other strategies, that are not supported by Devise, or

config/initializers/devise_token_auth.rb

@@ -22,7 +22,7 @@
   # This route will be the prefix for all oauth2 redirect callbacks. For
   # example, using the default '/omniauth', the github oauth2 provider will
   # redirect successful authentications to '/omniauth/github/callback'
-  # config.omniauth_prefix = "/omniauth"
+  config.omniauth_prefix = "/auth"
 
   # By default sending current password is not needed for the password update.
   # Uncomment to enforce current_password param to be checked before all

config/initializers/omniauth.rb

@@ -0,0 +1,13 @@
+Rails.application.config.middleware.use OmniAuth::Builder do
+  provider :azure_activedirectory_v2, {
+    callback_path: "/auth/azure_oauth2/callback",
+    client_id: ENV["AZURE_CLIENT_ID"],
+    client_secret: ENV["AZURE_CLIENT_SECRET"],
+    provider_ignores_state: ENV.fetch("AZURE_PROVIDER_IGNORES_STATE", "false") == "true",
+    tenant_id: ENV["AZURE_TENANT_ID"]
+  }
+
+  # By default only POST is supported but, for now, we need GET for our redirect.
+  OmniAuth.config.allowed_request_methods = %i[get post]
+  OmniAuth.config.silence_get_warning = true
+end