sso同步登录功能完成

9 years ago · dfdd301f2f
parent df41f7328f
commit dfdd301f2f
6 changed files with 185 additions and 48 deletions
--- a/2
+++ b/2
@ -49,7 +49,7 @@ gem 'elasticsearch-rails'
 group :development do
  gem 'grape-swagger'
  gem 'better_errors', '~> 1.1.0'
-  gem "query_reviewer"
+  # gem "query_reviewer"
  # gem 'rack-mini-profiler', '~> 0.9.3'
  if RUBY_PLATFORM =~ /w32/
    gem  'win32console'
--- a/app/controllers/sso_controller.rb
+++ b/app/controllers/sso_controller.rb
@ -1,45 +0,0 @@
 #coding=utf-8
 require 'base64'
 require 'json'
 require 'openssl'
 ## 单点登录 <=> 北斗
 class SsoController < ApplicationController
  skip_before_filter :check_if_login_required
  def index
    options = parse(params[:auth])
    logger.debug options
    ## 认证
    login(options[:id])
    ## 选择性跳转
    redirect_to Organization.find(82)
  end
  private
  def base64_safe(content)
    content = content.gsub('-', '+')
    content.gsub('_', '/')
  end
  def parse(auth)
    crypted_str = Base64.decode64(base64_safe(auth))
    pkey = OpenSSL::PKey::RSA.new(File.new(File.join(Rails.root,"config/private.key")))
    content = pkey.private_decrypt(crypted_str,OpenSSL::PKey::RSA::PKCS1_PADDING)
    # content = pkey.private_decrypt(crypted_str)
    ActiveSupport::JSON.decode(content)
  end
  def login(id)
    sso = Sso.find(id)
    start_user_session(sso.user)
  end
 end
--- a/app/controllers/ssos_controller.rb
+++ b/app/controllers/ssos_controller.rb
@ -0,0 +1,66 @@
 #coding=utf-8
 require 'base64'
 require 'json'
 require 'openssl'
 ## 单点登录 <=> 北斗
 class SsosController < ApplicationController
  skip_before_filter :check_if_login_required
  layout false
  def show
    begin
      # suRh2nFEJd0Ai_TFbqZ-1yQXnGfIB-YD_f4KTA3O4dQGSBMiXfOMt-0mzizgXekWTjHKfn62nJ60iHM3_eY_KS0Qn8SF8vANfa46GhzZRt4T0iC5ZOSs4cWeK43OU0RoekQLZZAo5OyOVibxabmiPGzEFCnVVtdmRk9d7X_B0Is=
      @auth = params[:auth]
      @options = parse(params[:auth])
      if params[:login].present?
        @options["name"] = params[:login]
      end
      logger.debug @options
      ## 认证
      login(@options)
      logger.debug "login over"
      ## 选择性跳转
      redirect_to Organization.find(1)
    rescue => e
      logger.error e
      if e.message == "exist user"
        render 'ssos/show', :layout => false
      else
        raise e
      end
    end
  end
  ## 改用户名
  def create
    show and return
  end
  private
  def base64_safe(content)
    content = content.gsub('-', '+')
    content.gsub('_', '/')
  end
  def parse(auth)
    crypted_str = Base64.decode64(base64_safe(auth))
    pkey = OpenSSL::PKey::RSA.new(File.new(File.join(Rails.root,"config/private.key")))
    content = pkey.private_decrypt(crypted_str,OpenSSL::PKey::RSA::PKCS1_PADDING)
    # content = pkey.private_decrypt(crypted_str)
    ActiveSupport::JSON.decode(content)
  end
  def login(opt)
    sso = Sso.sync_user(opt)
    start_user_session(sso.user)
  end
 end
--- a/app/models/sso.rb
+++ b/app/models/sso.rb
@ -1,4 +1,56 @@
 class Sso < ActiveRecord::Base
  belongs_to :user
-  attr_accessible :email, :name, :openid, :password, :school, :sex
+  attr_accessible :email, :name, :openid, :password, :school, :sex, :user, :user_id
  validates :user_id, :user, :email, :openid, :presence => true
  def self.sync_user(opt)
    sso = Sso.where(openid: opt["openid"]).first
    return sso if sso
    sso = Sso.new
    sso.name     = opt["name"]
    sso.openid   = opt["openid"]
    sso.email    = opt["email"]
    sso.password = opt["password"]
    sso.school   = opt["school"]
    sso.sex      = opt["sex"]
    # 查邮箱
    user = User.where(mail: opt["email"]).first
    unless user
      # 查用户名
      user = User.where(login: opt["name"]).first
      if user
        # 跳到修改用户名
        raise "exist user"
      end
      password = opt["password"]
      if password.size < 8
        password = random_pwd
      end
      us = UsersService.new
      user = us.register(login: opt["name"], mail: opt["email"],
                         password: password,
                         :should_confirmation_password => false)
      if user.new_record?
        raise user.errors.full_messages.first
      end
    end
    sso.user = user
    sso.save!
    return sso
  end
  private
  def self.random_pwd
    ('a'..'z').to_a.shuffle[0..7].join
  end
 end
--- a/app/views/ssos/show.html.erb
+++ b/app/views/ssos/show.html.erb
@ -0,0 +1,64 @@
 <!doctype html>
 <html>
 <head>
  <meta charset="utf-8">
  <title>跳转页面</title>
  <style>
    body,h1,h2,h3,h4,h5,h6,hr,p,blockquote,dl,dt,dd,ul,ol,li,pre,form,fieldset,legend,button,input,textarea,th,td{ margin:0; padding:0;}
    body,table,input,textarea,select,button { font-family: "微软雅黑","宋体"; font-size:12px;line-height:1.5; background:#eaebec;}
    div,img,tr,td,table{ border:0;}
    table,tr,td{border:0;cellspacing:0; cellpadding:0;}
    ol,ul,li{ list-style-type:none}
    a:link,a:visited{color:#7f7f7f;text-decoration:none;}
    a:hover,a:active{color:#000;}
    /*跳转页面*/
    .goto-cont{ width:1000px; margin: 10px auto; padding:100px 0 500px;  line-height:1.9; background:#fff;color:#636363;}
    .goto-cont h2{ text-align:center; font-weight:normal; font-size:20px; margin-bottom:15px; color:#636363; }
    .goto-table{ width:382px; margin:0 auto; }
    .goto-table tr td{ line-height:40px; background-color:#fff; }
    .goto-tableft{ width:80px; text-align:right; font-size:16px;}
    .goto-input{    border: 1px solid #c2c2c2; padding: 2px 5px;vertical-align: middle;line-height: 35px;height: 35px; background-color:#fff; width:300px; font-size:16px;}
    .goto-submit{ width:312px; height:40px; margin:0 auto;line-height:40px; background-color:#269ac9; color:#fff; text-align:center; border:none; margin-top:20px; font-size:16px; }
    .goto-submit:hover{background-color: #1f82aa;}
    .goto-red{  color:#D71215;}
  </style>
 </head>
 <body>
 <div class="" style="height:54px; background:#269ac9;"></div>
 <%= form_tag('/sso') do -%>
 <div class="goto-cont">
  <h2>请修改您的资料，以确保Trustie为您提供更便捷的服务</h2>
  <table  cellSpacing="0" cellPadding="0" class="goto-table">
    <tr>
      <td class="goto-tableft">  用户名：</td>
      <td >
        <input type="text" class="goto-input" value="<%= @options["name"] %>" name="login"/>
      </td>
    </tr>
    <tr>
      <td></td>
      <td class="goto-red">已存在相同用户名，请选择更合适的用户名</td>
    </tr>
    <tr>
      <td  class="goto-tableft" >  邮箱：</td>
      <td  >
        <input  type="email" class="goto-input" value="<%= @options["email"] %>" disabled="disabled" />
      </td>
    </tr>
    <tr>
      <td></td>
      <td ><input type="submit" value="确定" class="goto-submit"/></td>
    </tr>
  </table>
 </div>
 <%= hidden_field_tag 'auth', @auth %>
 <% end -%>
 </body>
 </html>
--- a/config/routes.rb
+++ b/config/routes.rb
@ -1197,7 +1197,7 @@ RedmineApp::Application.routes.draw do
    end
  end
-  get '/sso', to: 'sso#index'
+  resource :sso, only: [:show, :create]
  get '/:sub_dir_name', :to => 'org_subfields#show', :as => 'show_subfield_without_id'