Merge branch '13219-jobs-time-limit'
[arvados.git] / services / api / lib / josh_id.rb
1 # Copyright (C) The Arvados Authors. All rights reserved.
2 #
3 # SPDX-License-Identifier: AGPL-3.0
4
5 require 'omniauth-oauth2'
6 module OmniAuth
7   module Strategies
8     class JoshId < OmniAuth::Strategies::OAuth2
9
10       args [:client_id, :client_secret, :custom_provider_url]
11
12       option :custom_provider_url, ''
13
14       uid { raw_info['id'] }
15
16       option :client_options, {}
17
18       info do
19         {
20           :first_name => raw_info['info']['first_name'],
21           :last_name => raw_info['info']['last_name'],
22           :email => raw_info['info']['email'],
23           :identity_url => raw_info['info']['identity_url'],
24           :username => raw_info['info']['username'],
25         }
26       end
27
28       extra do
29         {
30           'raw_info' => raw_info
31         }
32       end
33
34       def authorize_params
35         options.authorize_params[:auth_provider] = request.params['auth_provider']
36         super
37       end
38
39       def client
40         options.client_options[:site] = options[:custom_provider_url]
41         options.client_options[:authorize_url] = "#{options[:custom_provider_url]}/auth/josh_id/authorize"
42         options.client_options[:access_token_url] = "#{options[:custom_provider_url]}/auth/josh_id/access_token"
43         if Rails.configuration.sso_insecure
44           options.client_options[:ssl] = {verify_mode: OpenSSL::SSL::VERIFY_NONE}
45         end
46         ::OAuth2::Client.new(options.client_id, options.client_secret, deep_symbolize(options.client_options))
47       end
48
49       def callback_url
50         full_host + script_name + callback_path + "?return_to=" + CGI.escape(request.params['return_to'] || '')
51       end
52
53       def raw_info
54         @raw_info ||= access_token.get("/auth/josh_id/user.json?oauth_token=#{access_token.token}").parsed
55       end
56     end
57   end
58 end