Merge branch 'main' of ssh://git.booko.info:2222/Baffle-WAF/baffle-hub

2025-11-09 20:58:18 +11:00
parent 1f4428348d ab5f83ab97
commit 1825905320
9 changed files with 167 additions and 111 deletions
--- a/config/initializers/omniauth.rb
+++ b/config/initializers/omniauth.rb
@@ -1,29 +0,0 @@
-Rails.application.config.middleware.use OmniAuth::Builder do
-  # Only configure OIDC if environment variables are present
-  if ENV['OIDC_DISCOVERY_URL'].present? && ENV['OIDC_CLIENT_ID'].present? && ENV['OIDC_CLIENT_SECRET'].present?
-    provider :openid_connect, {
-      name: :oidc,
-      scope: [:openid, :email, :groups],
-      response_type: :code,
-      client_options: {
-        identifier: ENV['OIDC_CLIENT_ID'],
-        secret: ENV['OIDC_CLIENT_SECRET'],
-        redirect_uri: ENV['OIDC_REDIRECT_URI'],
-        discovery: true,
-        authorization_endpoint: nil,
-        token_endpoint: nil,
-        userinfo_endpoint: nil,
-        jwks_uri: nil
-      },
-      discovery_document: {
-        issuer: ENV['OIDC_ISSUER'] # Optional, defaults to discovery URL issuer
-      }
-    }
-  end
-end
-
-# Disable OmniAuth logging in production
-OmniAuth.config.logger = Rails.logger if Rails.env.production?
-
-# Set OmniAuth failure mode
-OmniAuth.config.failure_raise_out_environments = %w[development test]
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -4,9 +4,9 @@ Rails.application.routes.draw do
  resource :session
  resource :password

-  # OIDC authentication routes
-  get "/auth/failure", to: "omniauth_callbacks#failure"
-  get "/auth/:provider/callback", to: "omniauth_callbacks#oidc"
+  # OIDC authentication routes (explicit, no middleware)
+  post "/auth/oidc", to: "oidc_auth#authorize"
+  get "/auth/oidc/callback", to: "oidc_auth#callback"

  # Admin user management (admin only)
  resources :users, only: [:index, :show, :edit, :update]