Top Menu

Jump to content
Home
    Modules
      • Projects
      • Activity
      • Work packages
      • Gantt charts
      • Calendars
      • Team planners
      • Boards
      • News
    • Getting started
    • Introduction video
      Welcome to OpenProject Community
      Get a quick overview of project management and team collaboration with OpenProject. You can restart this video from the help menu.
    • Help and support
    • Upgrade to Enterprise edition
    • User guides
    • Videos
    • Shortcuts
    • Community forum
    • Enterprise support
    • Additional resources
    • Data privacy and security policy
    • Digital accessibility (DE)
    • OpenProject website
    • Security alerts / Newsletter
    • OpenProject blog
    • Release notes
    • Report a bug
    • Development roadmap
    • Add and edit translations
    • API documentation
  • Sign in
      Forgot your password?

      or sign in with your existing account

      Google

Side Menu

  • Overview
  • Activity
    Activity
  • Roadmap
  • Work packages
    Work packages
  • Gantt charts
    Gantt charts
  • Calendars
    Calendars
  • Team planners
    Team planners
  • Boards
    Boards
  • News
  • Forums

Content

Plugins
  1. OpenProject
  2. Forums
  3. Plugins
  4. OmniAuth: attribute hash changes for a single provider

OmniAuth: attribute hash changes for a single provider

Added by Oliver Günther over 10 years ago

For the deployment of the OmniAuth CAS Provider for our use case, I had to patch the core Concerns::OmniauthLogin to override the user attributes build process,
as the login name corresponds to the user’s mail adress, instead of the actual username.

The attributes retrieved from Concerns::OmniauthLogin.omniauth_hash_to_user_attributes are, as I see it, hardcoded:

  def fill_user_fields_from_omniauth(user, auth)
    user.update_attributes omniauth_hash_to_user_attributes(auth)
    user.register
    user
  end

  def omniauth_hash_to_user_attributes(auth)
    info = auth[:info]
    {
      login:        info[:email],
      mail:         info[:email],
      firstname:    info[:first_name] || info[:name],
      lastname:     info[:last_name],
      identity_url: identity_url_from_omniauth(auth)
    }
  end

The patch of omniauth_hash_to_user_attributes is documented at Github

—

Apart from the aforementioned method chaining, is there another way (that I’ve missed) to override the user hash build process from omniauth attributes?
If not, I’d like to discuss on how (or rather, where) this could be integrated. I propose the option to add a callback/observer similar to OmniAuth::Authorization, just like the authorize_user and after_login callbacks provided there. Is this something the team would integrate to the core if I provide the implementation?

Best,
Oliver


Replies (9)

RE: OmniAuth: attribute hash changes for a single provider - Added by Markus Kahl over 10 years ago

Hey Oliver,

you haven’t missed anything. There’s no other way to do it right now.
Yes, it would be good to provide one and we would gladly accept any contribution you make.
I’m not sure if OmniAuth::Authorization is the right place, though.
I mean, conceptually, this is not a problem specifically with regard to authorization, but in general how to map user data.

So we might want to think about alternatives here.

Best,
Markus

RE: OmniAuth: attribute hash changes for a single provider - Added by Oliver Günther over 10 years ago

Thanks for the clarification, Markus! :) I didn’t quite mean to put it into Authorization, I was missing a ‘similar’ in my previous post.. oops.

Maybe there’s a way to include this with the Provider registration (i.e. In the Auth Plugins) so to tie Provider definitition and attribute mapping to one location.

Best,
Oliver

RE: OmniAuth: attribute hash changes for a single provider - Added by Markus Kahl over 10 years ago

Doing it in the provider registration is a good idea!

RE: OmniAuth: attribute hash changes for a single provider - Added by Oliver Günther over 10 years ago

I’ve created a work package on openproject.org and two Pull Requests (openproject-auth_plugins, openproject) that implement this feature.

If there is a prettier way than a block to allow custom mappings (even with :extra and :raw_info in the AuthHash), let me know ;)

RE: OmniAuth: attribute hash changes for a single provider - Added by Markus Kahl over 10 years ago

Good job! I haven’t had a time to give it a thorough look yet, but what I saw looked great.
Just tests are missing. Would you mind writing some?

RE: OmniAuth: attribute hash changes for a single provider - Added by Oliver Günther over 10 years ago

I’ve added specs to both pull requests. Do you have an officially defined code measure for spec coverage? If not, just drop me a note If you see something missing in the specs.

RE: OmniAuth: attribute hash changes for a single provider - Added by Markus Kahl over 10 years ago

I’ve looked at the PRs and they look good. I will merge them as soon as I’m allowed to (currently the plugin dev branch is frozen, but tomorrow I should be able to do it).

RE: OmniAuth: attribute hash changes for a single provider - Added by Markus Kahl over 10 years ago

Also: We have no officially defined coverage requirements that I know of. The specs look good either way.
Thanks for your contribution!

RE: OmniAuth: attribute hash changes for a single provider - Added by Philipp Tessenow over 10 years ago

As we all agree that Oliver’s change is good, I have merged the pull requests. Thanks!

  • (1 - 9/9)
Loading...