Allow different omniauth settings per tenant

Co-Authored-By: Javi Martín <javim@elretirao.net>
2019-05-13 10:34:43 +02:00
parent a3be1e174b
commit 0ea61b9b61
4 changed files with 70 additions and 11 deletions
--- a/app/views/shared/_social_media_meta_tags.html.erb
+++ b/app/views/shared/_social_media_meta_tags.html.erb
@@ -17,4 +17,4 @@
 <meta id="ogimage" property="og:image" content="<%= root_url + (local_assigns[:og_image_url] || "social_media_icon.png") %>" />
 <meta property="og:site_name" content="<%= setting["org_name"] %>" />
 <meta id="ogdescription" property="og:description" content="<%= description %>" />
-<meta property="fb:app_id" content="<%= Rails.application.secrets.facebook_key %>" />
+<meta property="fb:app_id" content="<%= Tenant.current_secrets.facebook_key %>" />
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -245,14 +245,26 @@ Devise.setup do |config|
  # Add a new OmniAuth provider. Check the wiki for more information on setting
  # up on your models and hooks.
  # config.omniauth :github, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo'
-  config.omniauth :twitter, Rails.application.secrets.twitter_key, Rails.application.secrets.twitter_secret
-  config.omniauth :facebook, Rails.application.secrets.facebook_key, Rails.application.secrets.facebook_secret, scope: "email", info_fields: "email,name,verified"
-  config.omniauth :google_oauth2, Rails.application.secrets.google_oauth2_key, Rails.application.secrets.google_oauth2_secret
+  config.omniauth :twitter,
+                  Rails.application.secrets.twitter_key,
+                  Rails.application.secrets.twitter_secret,
+                  setup: OmniauthTenantSetup.twitter
+  config.omniauth :facebook,
+                  Rails.application.secrets.facebook_key,
+                  Rails.application.secrets.facebook_secret,
+                  scope: "email",
+                  info_fields: "email,name,verified",
+                  setup: OmniauthTenantSetup.facebook
+  config.omniauth :google_oauth2,
+                  Rails.application.secrets.google_oauth2_key,
+                  Rails.application.secrets.google_oauth2_secret,
+                  setup: OmniauthTenantSetup.google_oauth2
  config.omniauth :wordpress_oauth2,
                  Rails.application.secrets.wordpress_oauth2_key,
                  Rails.application.secrets.wordpress_oauth2_secret,
                  strategy_class: OmniAuth::Strategies::Wordpress,
-                  client_options: { site: Rails.application.secrets.wordpress_oauth2_site }
+                  client_options: { site: Rails.application.secrets.wordpress_oauth2_site },
+                  setup: OmniauthTenantSetup.wordpress_oauth2

  # ==> Warden configuration
  # If you want to use other strategies, that are not supported by Devise, or
--- a/config/secrets.yml.example
+++ b/config/secrets.yml.example
@@ -57,8 +57,8 @@ staging:
    # my_tenant_subdomain:
    #   secret_key: my_secret_value
    #
-    # Currently you can overwrite SMTP, SMS, manager, microsoft API and
-    # HTTP basic settings.
+    # Currently you can overwrite SMTP, SMS, manager, microsoft API,
+    # HTTP basic, twitter, facebook, google and wordpress settings.
  <<: *maps
  <<: *apis

@@ -93,8 +93,8 @@ preproduction:
    # my_tenant_subdomain:
    #   secret_key: my_secret_value
    #
-    # Currently you can overwrite SMTP, SMS, manager, microsoft API and
-    # HTTP basic settings.
+    # Currently you can overwrite SMTP, SMS, manager, microsoft API,
+    # HTTP basic, twitter, facebook, google and wordpress settings.
  twitter_key: ""
  twitter_secret: ""
  facebook_key: ""
@@ -134,8 +134,8 @@ production:
    # my_tenant_subdomain:
    #   secret_key: my_secret_value
    #
-    # Currently you can overwrite SMTP, SMS, manager, microsoft API and
-    # HTTP basic settings.
+    # Currently you can overwrite SMTP, SMS, manager, microsoft API,
+    # HTTP basic, twitter, facebook, google and wordpress settings.
  twitter_key: ""
  twitter_secret: ""
  facebook_key: ""
--- a/lib/omniauth_tenant_setup.rb
+++ b/lib/omniauth_tenant_setup.rb
@@ -0,0 +1,47 @@
+module OmniauthTenantSetup
+  class << self
+    def twitter
+      ->(env) do
+        oauth(env, secrets.twitter_key, secrets.twitter_secret)
+      end
+    end
+
+    def facebook
+      ->(env) do
+        oauth2(env, secrets.facebook_key, secrets.facebook_secret)
+      end
+    end
+
+    def google_oauth2
+      ->(env) do
+        oauth2(env, secrets.google_oauth2_key, secrets.google_oauth2_secret)
+      end
+    end
+
+    def wordpress_oauth2
+      ->(env) do
+        oauth2(env, secrets.wordpress_oauth2_key, secrets.wordpress_oauth2_secret)
+      end
+    end
+
+    private
+
+      def oauth(env, key, secret)
+        unless Tenant.default?
+          env["omniauth.strategy"].options[:consumer_key] = key
+          env["omniauth.strategy"].options[:consumer_secret] = secret
+        end
+      end
+
+      def oauth2(env, key, secret)
+        unless Tenant.default?
+          env["omniauth.strategy"].options[:client_id] = key
+          env["omniauth.strategy"].options[:client_secret] = secret
+        end
+      end
+
+      def secrets
+        Tenant.current_secrets
+      end
+  end
+end