Setup for onelogin

OfficeForProductSafetyAndStandards · Dec 31, 2024 · f7a6ff3 · f7a6ff3
1 parent 9668bc7
commit f7a6ff3
Show file tree

Hide file tree

Showing 5 changed files with 76 additions and 0 deletions.
diff --git a/cosmetics-web/Gemfile b/cosmetics-web/Gemfile
@@ -98,3 +98,5 @@ gem "database_cleaner-active_record"
 
 gem "graphiql-rails", group: :development
 gem "graphql", "~> 2.4"
+gem 'omniauth'
+gem 'omniauth_openid_connect'
diff --git a/cosmetics-web/Gemfile.lock b/cosmetics-web/Gemfile.lock
@@ -104,11 +104,13 @@ GEM
       tzinfo (~> 2.0)
     addressable (2.8.7)
       public_suffix (>= 2.0.2, < 7.0)
+    aes_key_wrap (1.1.0)
     after_commit_everywhere (1.5.0)
       activerecord (>= 4.2)
       activesupport
     ansi (1.5.0)
     ast (2.4.2)
+    attr_required (1.0.2)
     aws-eventstream (1.3.0)
     aws-partitions (1.1023.0)
     aws-sdk-core (3.214.0)
@@ -130,6 +132,7 @@ GEM
     bcrypt (3.1.20)
     benchmark (0.4.0)
     bigdecimal (3.1.9)
+    bindata (2.5.0)
     brakeman (6.2.2)
       racc
     builder (3.3.0)
@@ -200,6 +203,8 @@ GEM
     elasticsearch-transport (7.17.10)
       faraday (>= 1, < 3)
       multi_json
+    email_validator (2.2.4)
+      activemodel
     erubi (1.13.1)
     et-orbi (1.2.11)
       tzinfo
@@ -213,6 +218,8 @@ GEM
     faraday (2.11.0)
       faraday-net_http (>= 2.0, < 3.4)
       logger
+    faraday-follow_redirects (0.3.0)
+      faraday (>= 1, < 3)
     faraday-net_http (3.3.0)
       net-http
     ffi (1.17.0-arm64-darwin)
@@ -278,6 +285,13 @@ GEM
     jsbundling-rails (1.3.1)
       railties (>= 6.0.0)
     json (2.9.1)
+    json-jwt (1.16.7)
+      activesupport (>= 4.2)
+      aes_key_wrap
+      base64
+      bindata
+      faraday (~> 2.0)
+      faraday-follow_redirects
     jwt (2.9.0)
       base64
     kaminari (1.2.2)
@@ -351,6 +365,26 @@ GEM
       jwt (>= 1.5, < 3)
     numerizer (0.1.1)
     okcomputer (1.18.5)
+    omniauth (2.1.2)
+      hashie (>= 3.4.6)
+      rack (>= 2.2.3)
+      rack-protection
+    omniauth_openid_connect (0.8.0)
+      omniauth (>= 1.9, < 3)
+      openid_connect (~> 2.2)
+    openid_connect (2.3.1)
+      activemodel
+      attr_required (>= 1.0.0)
+      email_validator
+      faraday (~> 2.0)
+      faraday-follow_redirects
+      json-jwt (>= 1.16)
+      mail
+      rack-oauth2 (~> 2.2)
+      swd (~> 2.0)
+      tzinfo
+      validate_url
+      webfinger (~> 2.0)
     orm_adapter (0.5.0)
     pagy (9.3.3)
     paper_trail (16.0.0)
@@ -379,6 +413,13 @@ GEM
     raabro (1.4.0)
     racc (1.8.1)
     rack (3.1.8)
+    rack-oauth2 (2.2.1)
+      activesupport
+      attr_required
+      faraday (~> 2.0)
+      faraday-follow_redirects
+      json-jwt (>= 1.11.0)
+      rack (>= 2.1.0)
     rack-protection (4.1.1)
       base64 (>= 0.1.0)
       logger (>= 1.6.0)
@@ -608,6 +649,11 @@ GEM
     stringio (3.1.2)
     strong_migrations (2.1.0)
       activerecord (>= 6.1)
+    swd (2.0.3)
+      activesupport (>= 3)
+      attr_required (>= 0.0.5)
+      faraday (~> 2.0)
+      faraday-follow_redirects
     terminal-table (3.0.2)
       unicode-display_width (>= 1.1.1, < 3)
     thor (1.3.2)
@@ -618,12 +664,19 @@ GEM
     unicode (0.4.4.5)
     unicode-display_width (2.6.0)
     uri (0.13.1)
+    validate_url (1.0.15)
+      activemodel (>= 3.0.0)
+      public_suffix
     view_component (3.20.0)
       activesupport (>= 5.2.0, < 8.1)
       concurrent-ruby (~> 1.0)
       method_source (~> 1.0)
     warden (1.2.9)
       rack (>= 2.0.9)
+    webfinger (2.1.3)
+      activesupport
+      faraday (~> 2.0)
+      faraday-follow_redirects
     webmock (3.24.0)
       addressable (>= 2.8.0)
       crack (>= 0.3.2)
@@ -687,6 +740,8 @@ DEPENDENCIES
   net-pop
   net-smtp
   okcomputer (~> 1.18.4)
+  omniauth
+  omniauth_openid_connect
   paper_trail (~> 16.0)
   pg (~> 1.5)
   phonelib (~> 0.10)

diff --git a/cosmetics-web/config/initializers/omniauth.rb b/cosmetics-web/config/initializers/omniauth.rb
@@ -0,0 +1,14 @@
+Rails.application.config.middleware.use OmniAuth::Builder do
+  provider :openid_connect, {
+    name: :one_login,
+    scope: [:openid, :email],
+    response_type: :code,
+    client_options: {
+      identifier: ENV['ONELOGIN_CLIENT_ID'],
+      secret: ENV['ONELOGIN_CLIENT_SECRET'],
+      redirect_uri: ENV['ONELOGIN_REDIRECT_URI'], 
+      host: ENV['ONELOGIN_HOST_URI'],
+      scheme: 'https'
+    }
+  }
+end
diff --git a/cosmetics-web/config/routes.rb b/cosmetics-web/config/routes.rb
@@ -24,6 +24,8 @@
 
   post "/graphql", to: "graphql#execute"
 
+  draw :auth_routes
+
   mount GovukDesignSystem::Engine => "/", as: "govuk_design_system_engine"
 
   get "/sign_up", to: redirect("/")

diff --git a/cosmetics-web/config/routes/auth_routes.rb b/cosmetics-web/config/routes/auth_routes.rb
@@ -0,0 +1,3 @@
+get '/auth/one_login', to: 'sessions#new', as: :login
+get '/auth/one_login/callback', to: 'sessions#create'
+delete '/logout', to: 'sessions#destroy', as: :logout