From 58132d869262b74dfb02feb445b854b842c5643d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kaz=C4=B1m=20SARIKAYA?= Date: Wed, 5 Feb 2020 16:37:43 +0300 Subject: [PATCH 01/13] keycloak groups fix MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Kazım SARIKAYA --- app/models/oic_session.rb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/app/models/oic_session.rb b/app/models/oic_session.rb index cc11713..8517fca 100644 --- a/app/models/oic_session.rb +++ b/app/models/oic_session.rb @@ -134,6 +134,9 @@ def check_keycloak_role(role) if user["resource_access"].present? && user["resource_access"][client_config['client_id']].present? kc_is_in_role = user["resource_access"][client_config['client_id']]["roles"].include?(role) end + if user["groups"].present? + kc_is_in_role = user["groups"].include?(role) + end return true if kc_is_in_role end From 273ff93e7696c49913b0b103b1c774655a51b64a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kaz=C4=B1m=20SARIKAYA?= Date: Wed, 5 Feb 2020 16:58:41 +0300 Subject: [PATCH 02/13] fix half french/english to english. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Kazım SARIKAYA --- lib/redmine_openid_connect/account_controller_patch.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/redmine_openid_connect/account_controller_patch.rb b/lib/redmine_openid_connect/account_controller_patch.rb index 94ec852..52d8ae4 100644 --- a/lib/redmine_openid_connect/account_controller_patch.rb +++ b/lib/redmine_openid_connect/account_controller_patch.rb @@ -22,7 +22,7 @@ def logout rescue ActiveRecord::RecordNotFound => e redirect_to oic_local_logout_url end - + # performs redirect to SSO server def oic_login if session[:oic_session_id].blank? @@ -64,7 +64,7 @@ def oic_local_login # verify request state or reauthorize unless oic_session.state == params[:state] - flash[:error] = "Requête OpenID Connect invalide." + flash[:error] = "Invalid OpenID Connect request." return redirect_to oic_local_logout end @@ -73,7 +73,7 @@ def oic_local_login # verify id token nonce or reauthorize if oic_session.id_token.present? unless oic_session.claims['nonce'] == oic_session.nonce - flash[:error] = "ID Token invalide." + flash[:error] = "ID Token invalid." return redirect_to oic_local_logout end end From c2e46200364ed087cd31a6b61a227670bddd478a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kaz=C4=B1m=20SARIKAYA?= Date: Wed, 5 Feb 2020 22:03:43 +0300 Subject: [PATCH 03/13] convert mail to login add user groups at login MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Kazım SARIKAYA --- .../_redmine_openid_connect_settings.html.erb | 5 ++ config/locales/en.yml | 1 + .../account_controller_patch.rb | 50 ++++++++++++++++++- 3 files changed, 55 insertions(+), 1 deletion(-) diff --git a/app/views/settings/_redmine_openid_connect_settings.html.erb b/app/views/settings/_redmine_openid_connect_settings.html.erb index de205ea..bafac74 100644 --- a/app/views/settings/_redmine_openid_connect_settings.html.erb +++ b/app/views/settings/_redmine_openid_connect_settings.html.erb @@ -59,3 +59,8 @@ <%= select_tag 'settings[disallowed_auth_sources_login]', options_for_select(AuthSource.all.map { |a| [a.name, a.id] }, OicSession.disallowed_auth_sources_login), :multiple => true, :include_blank => true, :size => 5 %>

+ +

+ + <%= check_box_tag 'settings[override_user_attributes]', true, @settings['override_user_attributes'] %> +

diff --git a/config/locales/en.yml b/config/locales/en.yml index 0aa1a7a..9200d68 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -13,6 +13,7 @@ en: dynamic_config_expiry: How often to retrieve openid configuration (default 1 day) create_user_if_not_exists: Create user if not exists disallowed_auth_sources_login: Users from the following auth sources will be required to login with SSO + override_user_attributes: Override user attributes at each login oic_logout_success: 'You have been logged out. Click here to log in again.' oic_cannot_create_user: "Could not create the user %{value}: " oic_try_another_account: "Try logging in with another account" diff --git a/lib/redmine_openid_connect/account_controller_patch.rb b/lib/redmine_openid_connect/account_controller_patch.rb index 52d8ae4..0305026 100644 --- a/lib/redmine_openid_connect/account_controller_patch.rb +++ b/lib/redmine_openid_connect/account_controller_patch.rb @@ -87,8 +87,21 @@ def oic_local_login return invalid_credentials end + username = user_info["user_name"] || user_info["nickname"] || user_info["preferred_username"] || user_info["username"] + # Check if there's already an existing user - user = User.find_by_mail(user_info["email"]) + user = User.find_by_login(username) + + firstname = user_info["given_name"] + lastname = user_info["family_name"] + + if (firstname.nil? || lastname.nil?) && user_info["name"] + parts = user_info["name"].split + if parts.length >= 2 + firstname = parts[0] + lastname = parts[-1] + end + end if user.nil? if !OicSession.create_user_if_not_exists? @@ -127,6 +140,9 @@ def oic_local_login if user.save user.update_attribute(:admin, oic_session.admin?) + + update_groups(user,user_info['groups']) + oic_session.user_id = user.id oic_session.save! # after user creation just show "My Page" don't redirect to remember @@ -141,6 +157,15 @@ def oic_local_login end else user.update_attribute(:admin, oic_session.admin?) + + if Setting.plugin_redmine_openid_connect['override_user_attributes'] + user.update_attribute(:firstname, firstname) + user.update_attribute(:lastname, lastname) + user.update_attribute(:mail, user_info["email"]) + end + + update_groups(user,user_info['groups']) + oic_session.user_id = user.id oic_session.save! # redirect back to initial URL @@ -193,5 +218,28 @@ def authorize_params end end end + + def update_groups(user, groups) + groups.each do |group| + begin + rm_g = Group.find_by(:lastname => group.to_s.downcase) + logger.error("group found") + if not rm_g.user_ids.include? user.id + rm_g.users << user + logger.error("user added to group") + end + rescue ActiveRecord::RecordNotFound + logger.error("no group " + group) + g = Group.new() + g.name = group + g.user_ids = [user.id] + if g.save() + logger.error("group added") + end + rescue => e + logger.error(e) + end + end + end end # AccountControllerPatch end From d6adfbad481c0cce976238cce0a09de4d0e59e50 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kaz=C4=B1m=20SARIKAYA?= Date: Wed, 5 Feb 2020 22:55:21 +0300 Subject: [PATCH 04/13] fix group adding bug MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Kazım SARIKAYA --- .../account_controller_patch.rb | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/lib/redmine_openid_connect/account_controller_patch.rb b/lib/redmine_openid_connect/account_controller_patch.rb index 0305026..28edd9c 100644 --- a/lib/redmine_openid_connect/account_controller_patch.rb +++ b/lib/redmine_openid_connect/account_controller_patch.rb @@ -223,10 +223,20 @@ def update_groups(user, groups) groups.each do |group| begin rm_g = Group.find_by(:lastname => group.to_s.downcase) - logger.error("group found") - if not rm_g.user_ids.include? user.id - rm_g.users << user - logger.error("user added to group") + if rm_g + logger.error("group found") + if not rm_g.users.include?(user) + rm_g.users << user + logger.error("user added to group") + end + else + logger.error("no group " + group) + g = Group.new() + g.name = group + g.user_ids = [user.id] + if g.save() + logger.error("group added") + end end rescue ActiveRecord::RecordNotFound logger.error("no group " + group) From b27d65c867536013915b780a33e814497f6524d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kaz=C4=B1m=20SARIKAYA?= Date: Wed, 5 Feb 2020 22:03:43 +0300 Subject: [PATCH 05/13] fix: merge issues MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Kazım SARIKAYA --- config/locales/de.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/config/locales/de.yml b/config/locales/de.yml index e9cbcd3..b0e41b5 100644 --- a/config/locales/de.yml +++ b/config/locales/de.yml @@ -12,6 +12,7 @@ de: dynamic_config_expiry: "Intervall für Aktualisierung der OpenID-Einstellungen (Default: 1 day)" create_user_if_not_exists: "Benutzer erstellen, falls nicht vorhanden" disallowed_auth_sources_login: "Benutzer aus den folgenden Authentifizierungsquellen müssen sich mit SSO anmelden" + override_user_attributes: "Benutzerattribute bei jedem Login überschreiben" oic_logout_success: 'Sie wurden ausgeloggt. Klicken Sie hier, um sich erneut einzuloggen.' oic_cannot_create_user: "Der Benutzer %{value} konnte nicht angelegt werden: " oic_try_another_account: "Mit einem anderen Account einloggen." From fd4914e78baea4e202ee414525cba75eaf15d6fc Mon Sep 17 00:00:00 2001 From: Tiago Gomes Date: Thu, 4 Feb 2021 06:39:03 +0000 Subject: [PATCH 06/13] Added Support for login selector (external or sso); Added pt translation; (#46) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Kazım SARIKAYA --- config/locales/pt.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/config/locales/pt.yml b/config/locales/pt.yml index 05a3c8c..3df40f6 100644 --- a/config/locales/pt.yml +++ b/config/locales/pt.yml @@ -13,6 +13,7 @@ pt: dynamic_config_expiry: "Com que frequência obter configuração do openid (padrão 1 dia)" create_user_if_not_exists: "Criar utilizador caso não exista" disallowed_auth_sources_login: "Utilizadores das fontes selecionadas deverão fazer login SSO" + override_user_attributes: "Sobrescrever atributos do utilizador em cada login" oic_logout_success: 'Saiu com sucesso. Clique aqui para voltar a entrar.' oic_cannot_create_user: "Não foi possível criar o utilizador %{value}: " oic_try_another_account: "Tente entrar com uma conta diferente" From 9d97f6dbf51dbe0bb43c2f06166e5b781d79cd74 Mon Sep 17 00:00:00 2001 From: Tiago Gomes Date: Wed, 24 Feb 2021 08:22:18 +0000 Subject: [PATCH 07/13] Added feature to choose whehter to create or not users if they don't exist (#49) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Added Support for login selector (external or sso); Added pt translation; * Added feature to choose whehter to create or not users if they don't exist * Added feature to avoid direct login from selected auth sources * Added two important conditions for the feature to run Co-authored-by: Tiago Gomes Signed-off-by: Kazım SARIKAYA --- .../account_controller_patch.rb | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/lib/redmine_openid_connect/account_controller_patch.rb b/lib/redmine_openid_connect/account_controller_patch.rb index 28edd9c..449d212 100644 --- a/lib/redmine_openid_connect/account_controller_patch.rb +++ b/lib/redmine_openid_connect/account_controller_patch.rb @@ -92,8 +92,17 @@ def oic_local_login # Check if there's already an existing user user = User.find_by_login(username) - firstname = user_info["given_name"] - lastname = user_info["family_name"] + if user.nil? + if !OicSession.create_user_if_not_exists? + flash.now[:warning] ||= l(:oic_cannot_create_user, user_info["email"]) + + logger.warn "Could not create user #{user_info["email"]}, the system is not allowed to create new users through openid" + flash.now[:warning] += "The system is not allowed to create new users through openid" + + return invalid_credentials + end + + user = User.new if (firstname.nil? || lastname.nil?) && user_info["name"] parts = user_info["name"].split From ac8ef3af3bc6988620515275d6a82551bbc17748 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kaz=C4=B1m=20SARIKAYA?= Date: Wed, 5 Feb 2020 22:03:43 +0300 Subject: [PATCH 08/13] convert mail to login add user groups at login MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Kazım SARIKAYA --- .../account_controller_patch.rb | 18 ++++-------------- 1 file changed, 4 insertions(+), 14 deletions(-) diff --git a/lib/redmine_openid_connect/account_controller_patch.rb b/lib/redmine_openid_connect/account_controller_patch.rb index 449d212..fd56a6a 100644 --- a/lib/redmine_openid_connect/account_controller_patch.rb +++ b/lib/redmine_openid_connect/account_controller_patch.rb @@ -232,20 +232,10 @@ def update_groups(user, groups) groups.each do |group| begin rm_g = Group.find_by(:lastname => group.to_s.downcase) - if rm_g - logger.error("group found") - if not rm_g.users.include?(user) - rm_g.users << user - logger.error("user added to group") - end - else - logger.error("no group " + group) - g = Group.new() - g.name = group - g.user_ids = [user.id] - if g.save() - logger.error("group added") - end + logger.error("group found") + if not rm_g.user_ids.include? user.id + rm_g.users << user + logger.error("user added to group") end rescue ActiveRecord::RecordNotFound logger.error("no group " + group) From 9cacb6607c3dc2cf3fb5f05abaaf17cdc8ab7346 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kaz=C4=B1m=20SARIKAYA?= Date: Wed, 5 Feb 2020 22:03:43 +0300 Subject: [PATCH 09/13] fix: wrong end MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Kazım SARIKAYA --- lib/redmine_openid_connect/account_controller_patch.rb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lib/redmine_openid_connect/account_controller_patch.rb b/lib/redmine_openid_connect/account_controller_patch.rb index fd56a6a..73ae7f2 100644 --- a/lib/redmine_openid_connect/account_controller_patch.rb +++ b/lib/redmine_openid_connect/account_controller_patch.rb @@ -101,8 +101,7 @@ def oic_local_login return invalid_credentials end - - user = User.new + end if (firstname.nil? || lastname.nil?) && user_info["name"] parts = user_info["name"].split From fa6c8d8eea2c292366b4e9c8ac4888344c9b7f77 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kaz=C4=B1m=20SARIKAYA?= Date: Wed, 5 Feb 2020 22:03:43 +0300 Subject: [PATCH 10/13] add: local variables with default values MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Kazım SARIKAYA --- lib/redmine_openid_connect/account_controller_patch.rb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/redmine_openid_connect/account_controller_patch.rb b/lib/redmine_openid_connect/account_controller_patch.rb index 73ae7f2..1cc2eab 100644 --- a/lib/redmine_openid_connect/account_controller_patch.rb +++ b/lib/redmine_openid_connect/account_controller_patch.rb @@ -103,6 +103,9 @@ def oic_local_login end end + firstname = user_info["given_name"] + lastname = user_info["family_name"] + if (firstname.nil? || lastname.nil?) && user_info["name"] parts = user_info["name"].split if parts.length >= 2 From 46c39af158f50cf57225c1a3c3705203514747f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kaz=C4=B1m=20SARIKAYA?= Date: Mon, 18 Aug 2025 07:04:20 +0000 Subject: [PATCH 11/13] fix: for redmine:6 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Kazım SARIKAYA --- app/models/oic_session.rb | 4 +- init.rb | 13 ++---- .../account_controller_patch.rb | 44 ++++++++++++------- .../application_controller_patch.rb | 2 + 4 files changed, 38 insertions(+), 25 deletions(-) diff --git a/app/models/oic_session.rb b/app/models/oic_session.rb index 8517fca..2525358 100644 --- a/app/models/oic_session.rb +++ b/app/models/oic_session.rb @@ -1,4 +1,6 @@ class OicSession < ActiveRecord::Base + unloadable if self.respond_to?(:unloadable) + before_create :randomize_state! before_create :randomize_nonce! @@ -44,7 +46,7 @@ def self.openid_configuration_url def self.get_dynamic_config hash = Digest::SHA1.hexdigest client_config.to_json - expiry = client_config['dynamic_config_expiry'] || 86400 + expiry = (client_config['dynamic_config_expiry'] || 86400).to_i Rails.cache.fetch("oic_session_dynamic_#{hash}", expires_in: expiry) do HTTParty::Basement.default_options.update(verify: false) if client_config['disable_ssl_validation'] ActiveSupport::HashWithIndifferentAccess.new HTTParty.get(openid_configuration_url) diff --git a/init.rb b/init.rb index 9f9620f..141c516 100644 --- a/init.rb +++ b/init.rb @@ -1,7 +1,7 @@ -require 'redmine' -require_relative 'lib/redmine_openid_connect/application_controller_patch' -require_relative 'lib/redmine_openid_connect/account_controller_patch' -require_relative 'lib/redmine_openid_connect/hooks' +require "redmine" +require "#{File.dirname(__FILE__)}/lib/redmine_openid_connect/application_controller_patch" +require "#{File.dirname(__FILE__)}/lib/redmine_openid_connect/account_controller_patch" +require "#{File.dirname(__FILE__)}/lib/redmine_openid_connect/hooks" Redmine::Plugin.register :redmine_openid_connect do name 'Redmine Openid Connect plugin' @@ -13,8 +13,3 @@ settings :default => { 'empty' => true }, partial: 'settings/redmine_openid_connect_settings' end - - -ApplicationController.prepend(RedmineOpenidConnect::ApplicationControllerPatch) -AccountController.prepend(RedmineOpenidConnect::AccountControllerPatch) - diff --git a/lib/redmine_openid_connect/account_controller_patch.rb b/lib/redmine_openid_connect/account_controller_patch.rb index 1cc2eab..9731a0b 100644 --- a/lib/redmine_openid_connect/account_controller_patch.rb +++ b/lib/redmine_openid_connect/account_controller_patch.rb @@ -231,26 +231,40 @@ def authorize_params end def update_groups(user, groups) - groups.each do |group| - begin - rm_g = Group.find_by(:lastname => group.to_s.downcase) - logger.error("group found") - if not rm_g.user_ids.include? user.id + # Normalize group names + group_names = groups.map(&:to_s).map(&:downcase) + + # Load existing groups in one query + existing_groups = Group.where('LOWER(lastname) IN (?)', group_names).index_by { |g| g.lastname.downcase } + + group_names.each do |gname| + rm_g = existing_groups[gname] + + if rm_g + # Only add the user if not already in the group + unless rm_g.users.exists?(user.id) rm_g.users << user - logger.error("user added to group") + logger.info("[OIDC] Added user #{user.login} to group #{rm_g.name}") + else + logger.info("[OIDC] User #{user.login} already in group #{rm_g.name}") end - rescue ActiveRecord::RecordNotFound - logger.error("no group " + group) - g = Group.new() - g.name = group - g.user_ids = [user.id] - if g.save() - logger.error("group added") + else + # Group doesn’t exist → create and add user + g = Group.new(lastname: gname, name: gname) + g.users << user + if g.save + logger.info("[OIDC] Created group #{gname} and added user #{user.login}") + existing_groups[gname] = g + else + logger.error("[OIDC] Failed to create group #{gname}: #{g.errors.full_messages.join(', ')}") end - rescue => e - logger.error(e) end + rescue => e + logger.error("[OIDC] Error updating group #{gname} for user #{user.login}: #{e.message}") end end + end # AccountControllerPatch end + +AccountController.prepend RedmineOpenidConnect::AccountControllerPatch diff --git a/lib/redmine_openid_connect/application_controller_patch.rb b/lib/redmine_openid_connect/application_controller_patch.rb index db2b576..c60c781 100644 --- a/lib/redmine_openid_connect/application_controller_patch.rb +++ b/lib/redmine_openid_connect/application_controller_patch.rb @@ -29,3 +29,5 @@ def logged_user=(user) end end # ApplicationControllerPatch end + +ApplicationController.prepend RedmineOpenidConnect::ApplicationControllerPatch From 49933bef97793dd459d23339b2400dfe1a7da969 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kaz=C4=B1m=20SARIKAYA?= Date: Mon, 18 Aug 2025 07:08:30 +0000 Subject: [PATCH 12/13] fix: httparty MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Kazım SARIKAYA --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 65a3230..3de85a0 100644 --- a/Gemfile +++ b/Gemfile @@ -1,2 +1,2 @@ source 'https://rubygems.org' -gem 'httparty', '~> 0.14.0' +gem 'httparty', '~> 0.21.0' From 2b44172b7ba1f95da0f42d1bb2086edee280093d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kaz=C4=B1m=20SARIKAYA?= Date: Mon, 18 Aug 2025 08:09:16 +0000 Subject: [PATCH 13/13] add: logout flow MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit if not checked oic logout in settings don't logout from oic Signed-off-by: Kazım SARIKAYA --- app/models/oic_session.rb | 4 ++++ .../settings/_redmine_openid_connect_settings.html.erb | 5 +++++ config/locales/de.yml | 3 ++- config/locales/en.yml | 3 ++- config/locales/pt.yml | 3 ++- lib/redmine_openid_connect/account_controller_patch.rb | 7 ++++++- 6 files changed, 21 insertions(+), 4 deletions(-) diff --git a/app/models/oic_session.rb b/app/models/oic_session.rb index 2525358..c6b6faf 100644 --- a/app/models/oic_session.rb +++ b/app/models/oic_session.rb @@ -44,6 +44,10 @@ def self.openid_configuration_url client_config['openid_connect_server_url'] + '/.well-known/openid-configuration' end + def self.also_logout_from_oic_server? + client_config['also_logout_from_oic_server'] + end + def self.get_dynamic_config hash = Digest::SHA1.hexdigest client_config.to_json expiry = (client_config['dynamic_config_expiry'] || 86400).to_i diff --git a/app/views/settings/_redmine_openid_connect_settings.html.erb b/app/views/settings/_redmine_openid_connect_settings.html.erb index bafac74..af83888 100644 --- a/app/views/settings/_redmine_openid_connect_settings.html.erb +++ b/app/views/settings/_redmine_openid_connect_settings.html.erb @@ -64,3 +64,8 @@ <%= check_box_tag 'settings[override_user_attributes]', true, @settings['override_user_attributes'] %>

+ +

+ + <%= check_box_tag 'settings[also_logout_from_oic_server]', false, @settings['also_logout_from_oic_server'] %> +

diff --git a/config/locales/de.yml b/config/locales/de.yml index b0e41b5..98ec91d 100644 --- a/config/locales/de.yml +++ b/config/locales/de.yml @@ -13,7 +13,8 @@ de: create_user_if_not_exists: "Benutzer erstellen, falls nicht vorhanden" disallowed_auth_sources_login: "Benutzer aus den folgenden Authentifizierungsquellen müssen sich mit SSO anmelden" override_user_attributes: "Benutzerattribute bei jedem Login überschreiben" - oic_logout_success: 'Sie wurden ausgeloggt. Klicken Sie hier, um sich erneut einzuloggen.' + also_logout_from_oic_server: "Auch vom OpenID Connect Server abmelden" + oic_logout_success: 'Sie wurden ausgeloggt. Klicken Sie hier, um sich erneut einzuloggen.' oic_cannot_create_user: "Der Benutzer %{value} konnte nicht angelegt werden: " oic_try_another_account: "Mit einem anderen Account einloggen." oic_cannot_login_user: "Benutzer %{value} konnte sich nicht anmelden: Bitte melden Sie sich mit der SSO-Option an" diff --git a/config/locales/en.yml b/config/locales/en.yml index 9200d68..f8cc32a 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -14,7 +14,8 @@ en: create_user_if_not_exists: Create user if not exists disallowed_auth_sources_login: Users from the following auth sources will be required to login with SSO override_user_attributes: Override user attributes at each login - oic_logout_success: 'You have been logged out. Click here to log in again.' + also_logout_from_oic_server: Also logout from OpenID Connect server + oic_logout_success: 'You have been logged out. Click here to log in again.' oic_cannot_create_user: "Could not create the user %{value}: " oic_try_another_account: "Try logging in with another account" oic_cannot_login_user: "User %{value} could not login: Please login using the SSO option" diff --git a/config/locales/pt.yml b/config/locales/pt.yml index 3df40f6..cd9c433 100644 --- a/config/locales/pt.yml +++ b/config/locales/pt.yml @@ -14,7 +14,8 @@ pt: create_user_if_not_exists: "Criar utilizador caso não exista" disallowed_auth_sources_login: "Utilizadores das fontes selecionadas deverão fazer login SSO" override_user_attributes: "Sobrescrever atributos do utilizador em cada login" - oic_logout_success: 'Saiu com sucesso. Clique aqui para voltar a entrar.' + also_logout_from_oic_server: "Também sair do servidor OpenID Connect" + oic_logout_success: 'Saiu com sucesso. Clique aqui para voltar a entrar.' oic_cannot_create_user: "Não foi possível criar o utilizador %{value}: " oic_try_another_account: "Tente entrar com uma conta diferente" oic_cannot_login_user: "Não foi possível autenticar o utilizador %{value}: Por favor use o login SSO" diff --git a/lib/redmine_openid_connect/account_controller_patch.rb b/lib/redmine_openid_connect/account_controller_patch.rb index 9731a0b..be2beb0 100644 --- a/lib/redmine_openid_connect/account_controller_patch.rb +++ b/lib/redmine_openid_connect/account_controller_patch.rb @@ -18,7 +18,12 @@ def logout oic_session.destroy logout_user reset_session - redirect_to oic_session.end_session_url if oic_session.end_session_url + + if OicSession.also_logout_from_oic_server? + redirect_to oic_session.end_session_url if oic_session.end_session_url + else + redirect_to oic_local_logout_url + end rescue ActiveRecord::RecordNotFound => e redirect_to oic_local_logout_url end