From 6b46931ef76dd7a5011f59ee2741db1d1ec3dbe9 Mon Sep 17 00:00:00 2001
From: Ahmad Farhat <ahmad.af.farhat@gmail.com>
Date: Mon, 20 Nov 2023 13:17:17 -0500
Subject: [PATCH] Make changes to openid_connect uid field (#5523)
* Make changes to openid_connect uid field
* Clean up
---
.rubocop.yml | 4 ++--
.../api/v1/migrations/external_controller.rb | 3 ---
app/controllers/external_controller.rb | 10 +++++++++-
config/initializers/omniauth.rb | 4 ++--
sample.env | 1 +
5 files changed, 14 insertions(+), 8 deletions(-)
diff --git a/.rubocop.yml b/.rubocop.yml
index 9f6ae1c9..db58bc26 100644
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -70,7 +70,7 @@ Metrics/ClassLength:
# A calculated magnitude based on number of assignments,
# branches, and conditions.
Metrics/AbcSize:
- Max: 65
+ Max: 75
Metrics/ParameterLists:
CountKeywordArgs: false
@@ -82,7 +82,7 @@ Metrics/CyclomaticComplexity:
Max: 16
Metrics/PerceivedComplexity:
- Max: 15
+ Max: 17
Rails/Exit:
Exclude:
diff --git a/app/controllers/api/v1/migrations/external_controller.rb b/app/controllers/api/v1/migrations/external_controller.rb
index b398e241..f5191878 100644
--- a/app/controllers/api/v1/migrations/external_controller.rb
+++ b/app/controllers/api/v1/migrations/external_controller.rb
@@ -16,8 +16,6 @@
# frozen_string_literal: true
-# rubocop:disable Metrics/PerceivedComplexity
-
module Api
module V1
module Migrations
@@ -276,4 +274,3 @@ module Api
end
end
end
-# rubocop:enable Metrics/PerceivedComplexity
diff --git a/app/controllers/external_controller.rb b/app/controllers/external_controller.rb
index 7e916805..a4b87b6a 100644
--- a/app/controllers/external_controller.rb
+++ b/app/controllers/external_controller.rb
@@ -30,7 +30,15 @@ class ExternalController < ApplicationController
user_info = build_user_info(credentials)
- user = User.find_by(external_id: credentials['uid'], provider:) || User.find_by(email: credentials['info']['email'], provider:)
+ user = User.find_by(external_id: credentials['uid'], provider:)
+
+ # Fallback mechanism to search by email
+ if user.blank?
+ user = User.find_by(email: credentials['info']['email'], provider:)
+ # Update the user's external id to the latest value to avoid using the fallback
+ user.update(external_id: credentials['uid']) if user.present? && credentials['uid'].present?
+ end
+
new_user = user.blank?
registration_method = SettingGetter.new(setting_name: 'RegistrationMethod', provider: current_provider).call
diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb
index 9567c502..7d0a0cb7 100644
--- a/config/initializers/omniauth.rb
+++ b/config/initializers/omniauth.rb
@@ -29,7 +29,7 @@ Rails.application.config.middleware.use OmniAuth::Builder do
env['omniauth.strategy'].options[:issuer] = issuer_url
env['omniauth.strategy'].options[:scope] = %i[openid email profile]
- env['omniauth.strategy'].options[:uid_field] = ENV.fetch('OPENID_CONNECT_UID_FIELD', 'preferred_username')
+ env['omniauth.strategy'].options[:uid_field] = ENV.fetch('OPENID_CONNECT_UID_FIELD', 'sub')
env['omniauth.strategy'].options[:discovery] = true
env['omniauth.strategy'].options[:client_options].identifier = ENV.fetch('OPENID_CONNECT_CLIENT_ID')
env['omniauth.strategy'].options[:client_options].secret = secret
@@ -46,7 +46,7 @@ Rails.application.config.middleware.use OmniAuth::Builder do
provider :openid_connect,
issuer:,
scope: %i[openid email profile],
- uid_field: ENV.fetch('OPENID_CONNECT_UID_FIELD', 'preferred_username'),
+ uid_field: ENV.fetch('OPENID_CONNECT_UID_FIELD', 'sub'),
discovery: true,
client_options: {
identifier: ENV.fetch('OPENID_CONNECT_CLIENT_ID'),
diff --git a/sample.env b/sample.env
index 7a5f3543..9b3a2510 100644
--- a/sample.env
+++ b/sample.env
@@ -44,6 +44,7 @@ REDIS_URL=
#OPENID_CONNECT_CLIENT_SECRET=
#OPENID_CONNECT_ISSUER=
#OPENID_CONNECT_REDIRECT=
+#OPENID_CONNECT_UID_FIELD=
# To enable hCaptcha on the user sign up and sign in, define these 2 keys
#HCAPTCHA_SITE_KEY=
--
GitLab