From 1b02822a59cddc5b57cfe0af9ef6fa92fc826753 Mon Sep 17 00:00:00 2001 From: Jakub Jirutka Date: Tue, 4 Apr 2023 18:38:47 +0200 Subject: [PATCH] Allow to disable user account creation --- README.rdoc | 2 ++ app/controllers/oidc_controller.rb | 19 ++++++++++++++----- app/views/settings/_redmine_oidc.html.erb | 4 ++++ config/locales/de.yml | 1 + config/locales/en.yml | 1 + lib/redmine_oidc/settings.rb | 1 + 6 files changed, 23 insertions(+), 5 deletions(-) diff --git a/README.rdoc b/README.rdoc index 9c1f3e6..64ebd89 100644 --- a/README.rdoc +++ b/README.rdoc @@ -87,6 +87,8 @@ admin_role:: +realm_access.roles+. Example: ROLES/REDMINE/ADMIN +create_user_if_not_exists:: + Whether to create a user account for an authenticated user who does not already have one. == Mapping users diff --git a/app/controllers/oidc_controller.rb b/app/controllers/oidc_controller.rb index ee6b586..647498e 100644 --- a/app/controllers/oidc_controller.rb +++ b/app/controllers/oidc_controller.rb @@ -82,11 +82,17 @@ def login_user end def create_user - user = User.create(@oidc_session.user_attributes) - user.activate - user.random_password - user.last_login_on = Time.now - user.save ? successful_login(user) : unsuccessful_login(user) + if settings.create_user_if_not_exists + user = User.create(@oidc_session.user_attributes) + user.activate + user.random_password + user.last_login_on = Time.now + user.save ? successful_login(user) : unsuccessful_login(user) + else + user_id = @oidc_session.user_attributes[:login] || @oidc_session.user_attributes[:oidc_identifier] + logger.info "User #{user_id} does not exist and creating new users by OIDC is disabled" + render 'lock_user', :status => :unauthorized + end end def update_user(user) @@ -110,4 +116,7 @@ def unsuccessful_login(user) end end + def settings + @settings ||= RedmineOidc.settings + end end diff --git a/app/views/settings/_redmine_oidc.html.erb b/app/views/settings/_redmine_oidc.html.erb index c77d19f..d0688a5 100644 --- a/app/views/settings/_redmine_oidc.html.erb +++ b/app/views/settings/_redmine_oidc.html.erb @@ -38,6 +38,10 @@ <%= label_tag 'settings[admin_role]', l('oidc.settings.admin_role') %> <%= text_field_tag 'settings[admin_role]', oidc_settings.admin_role, size: 60 %>

+

+ <%= label_tag 'settings[create_user_if_not_exists]', l('oidc.settings.create_user_if_not_exists') %> + <%= check_box_tag 'settings[create_user_if_not_exists]', 1, oidc_settings.create_user_if_not_exists %> +

<%= label_tag 'settings[session_check_enabled]', l('oidc.settings.session_check_enabled') %> <%= check_box_tag 'settings[session_check_enabled]', 1, oidc_settings.session_check_enabled %> diff --git a/config/locales/de.yml b/config/locales/de.yml index 66adf98..4ad0cc6 100644 --- a/config/locales/de.yml +++ b/config/locales/de.yml @@ -34,6 +34,7 @@ de: roles_claim_placeholder: roles access_roles: Leerzeichen-separierte Liste der autorisierten Rollen admin_role: Administrationsrolle + create_user_if_not_exists: Benutzer erstellen, falls nicht vorhanden session_check_enabled: Session Check aktivieren session_check_users_csv: Komma-separierte Liste der Logins mit Session Check (* = alle) error: diff --git a/config/locales/en.yml b/config/locales/en.yml index cedad2a..e89b68a 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -34,6 +34,7 @@ en: roles_claim_placeholder: roles access_roles: Space-separated list of authorized roles admin_role: Administration role + create_user_if_not_exists: Create user if not exists session_check_enabled: Enable session check session_check_users_csv: Comma-separated list of logins with session check (* = all) error: diff --git a/lib/redmine_oidc/settings.rb b/lib/redmine_oidc/settings.rb index 39f7444..d227f50 100644 --- a/lib/redmine_oidc/settings.rb +++ b/lib/redmine_oidc/settings.rb @@ -31,6 +31,7 @@ class Settings roles_claim access_roles admin_role + create_user_if_not_exists session_check_enabled session_check_users_csv )