Project

General

Profile

Forums » Help »

Create new user if not detected by SSO

Added by César DJ Caësar 9114 almost 10 years ago

Hello,

I managed to edit application_controller.rb to get user login if he's authenticated by SSO. Now I want Redmine to create a user if the login sent by the SSO is not in the database. I wrote that but it doesn't work, the user becomes "anonymous". Can anybody help me to fix my code?
Thanks in advance :)

def find_current_user
    user = nil
    unless api_request?
      if session[:user_id]
        # existing session
        user = (User.active.find(session[:user_id]) rescue nil)
      elsif (sso_user = request.env["HTTP_AUTH_USER"]) # !!! THIS IS WHERE MY CODE BEGINS
        begin
          user = User.find_by_login(sso_user)
        rescue
          user = User.new({:firstname => "Test_First", :lastname=>"Test_Last",:mail=>request.env["HTTP_MAIL"]})
          user.login = request.env["HTTP_AUTH_USER"]
          user.password = "password" 
          user.password_confirmation = "password" 
            if (user.valid)
              user.save
            end
        end # !!! THIS IS WHERE MY CODE ENDS
      elsif autologin_user = try_to_autologin
        user = autologin_user
      elsif params[:format] == 'atom' && params[:key] && request.get? && accept_rss_auth?
        # RSS key authentication does not start a session
        user = User.find_by_rss_key(params[:key])
      end
    end
    if user.nil? && Setting.rest_api_enabled? && accept_api_auth?
      if (key = api_key_from_request)
        # Use API key
        user = User.find_by_api_key(key)
      else
        # HTTP Basic, either username/password or API key/random
        authenticate_with_http_basic do |username, password|
          user = User.try_to_login(username, password) || User.find_by_api_key(username)
        end
        if user && user.must_change_password?
          render_error :message => 'You must change your password', :status => 403
          return
        end
      end
      # Switch user if requested by an admin user
      if user && user.admin? && (username = api_switch_user_from_request)
        su = User.find_by_login(username)
        if su && su.active?
          logger.info("  User switched by: #{user.login} (id=#{user.id})") if logger
          user = su
        else
          render_error :message => 'Invalid X-Redmine-Switch-User header', :status => 412
        end
      end
    end
    user
  end

Here is my info:
Environment:
Redmine version 2.4.3.stable
Ruby version 1.9.3-p194 (2012-04-20) [x86_64-linux]
Rails version 3.2.16
Environment production
Database adapter Mysql2