Adapt to new Keycloak structure

puzzle · Dec 2, 2020 · af5d443 · af5d443
1 parent c8cc7b7
commit af5d443
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 9 deletions.
diff --git a/app/helpers/omniauth_callbacks_helper.rb b/app/helpers/omniauth_callbacks_helper.rb
@@ -20,22 +20,28 @@ def login_with_matching_data(omni)
     if employee
       sign_in_and_redirect employee
     else
+      ldapname = login_fields(omni)[:ldapname]
+      flash[:alert] = t('error.login.ldapname_not_found', ldapname: ldapname)
       redirect_to new_employee_session_path
     end
   end
 
   private
 
   def find_employee(omni)
+    fields = login_fields(omni)
+    Employee.find_by(fields)
+  end
+
+  def login_fields(omni)
     provider = omni['provider']
     fields = {}
     Settings.dig(:auth, provider, :fields).each_pair do |key, path|
       value = omni.dig(*path)
       fields[key] = value if value
     end
-    Employee.find_by(fields)
+    fields
   end
-
   # def after_sign_in_path_for(employee)
   #   employee_path(employee)
   # end

diff --git a/config/locales/error_messages.de-CH.yml b/config/locales/error_messages.de-CH.yml
@@ -11,4 +11,7 @@ de-CH:
         order_not_on_company: >
           Der Auftrag muss im Highrise einer Firma zugeordnet sein.
           Aktuell ist er einem Objekt von Typ "%{party_type}" zugeordnet.
-          Bitte im Highrise korrigieren.
+          Bitte im Highrise korrigieren.
+    login:
+      ldapname_not_found:
+        'Der Member mit dem LDAP Name: "%{ldapname}" konnte nicht gefunden werden.'
diff --git a/config/settings.yml b/config/settings.yml
@@ -57,7 +57,7 @@ auth:
     client: <%= ENV['AUTH_KEYCLOAK_CLIENT'] %>
     secret: <%= ENV['AUTH_KEYCLOAK_SECRET'] %>
     fields:
-      ldapname: ['extra', 'raw_info', 'preferred_username']
+      ldapname: ['extra', 'raw_info', 'pitc', 'uid']
       email: ['info', 'email']
   saml:
     active: <%= ENV['AUTH_SAML_ACTIVE'] == 'true' %>

diff --git a/db/schema.rb b/db/schema.rb
@@ -165,7 +165,7 @@
     t.string "lastname", limit: 255, null: false
     t.string "shortname", limit: 3, null: false
     t.string "passwd", limit: 255
-    t.string "email", limit: 255, default: "", null: false
+    t.string "email", limit: 255, null: false
     t.boolean "management", default: false
     t.float "initial_vacation_days", default: -> { "(0)::double precision" }
     t.string "ldapname", limit: 255
@@ -190,12 +190,11 @@
     t.string "graduation"
     t.string "identity_card_type"
     t.date "identity_card_valid_until"
-    t.string "encrypted_password", default: "", null: false
+    t.string "encrypted_password", default: ""
     t.datetime "remember_created_at"
-    t.datetime "created_at", default: "2020-05-01 23:00:53", null: false
-    t.datetime "updated_at", default: "2020-05-01 23:00:53", null: false
+    t.datetime "created_at", default: "2020-12-01 12:25:49", null: false
+    t.datetime "updated_at", default: "2020-12-01 12:25:49", null: false
     t.index ["department_id"], name: "index_employees_on_department_id"
-    t.index ["email"], name: "index_employees_on_email", unique: true
     t.index ["shortname"], name: "chk_unique_name", unique: true
   end