Implement Azure AD omniauth provider

To set up this up, you are required to create a new "App registration" within the Azure Active Directory service. Keep note of the Application ID, as this will be the Client ID required for the AAD_CLIENT_ID env variable. You will also be required to add the callback URL to the "reply URL" within the app registry properties, e.g. 'http://localhost:3000/auth/azureactivedirectory/callback'. Currently there is an issue with the omniauth-azure-activedirectory gem whereby we need to require the 'net/http' gem in order for the callback to be registered. See the following open issue for more details: AzureAD/omniauth-azure-activedirectory#21
LBHackney-IT · Jul 6, 2018 · 1707209 · 1707209
1 parent 0284c68
commit 1707209
Show file tree

Hide file tree

Showing 7 changed files with 23 additions and 6 deletions.
diff --git a/Gemfile b/Gemfile
@@ -38,6 +38,7 @@ gem 'bootsnap', '>= 1.1.0', require: false
 
 gem 'rspec-rails'
 gem 'omniauth'
+gem 'omniauth-azure-activedirectory'
 
 group :development, :test do
   # Call 'byebug' anywhere in the code to stop execution and get a debugger console

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -86,6 +86,7 @@ GEM
     jbuilder (2.7.0)
       activesupport (>= 4.2.0)
       multi_json (>= 1.2)
+    jwt (1.5.6)
     listen (3.1.5)
       rb-fsevent (~> 0.9, >= 0.9.4)
       rb-inotify (~> 0.9, >= 0.9.7)
@@ -110,6 +111,9 @@ GEM
     omniauth (1.8.1)
       hashie (>= 3.4.6, < 3.6.0)
       rack (>= 1.6.2, < 3)
+    omniauth-azure-activedirectory (1.0.0)
+      jwt (~> 1.5)
+      omniauth (~> 1.1)
     pg (1.0.0)
     public_suffix (3.0.2)
     puma (3.11.4)
@@ -222,6 +226,7 @@ DEPENDENCIES
   jbuilder (~> 2.5)
   listen (>= 3.0.5, < 3.2)
   omniauth
+  omniauth-azure-activedirectory
   pg (>= 0.18, < 2.0)
   puma (~> 3.11)
   rails (~> 5.2.0)

diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
@@ -2,11 +2,13 @@ class SessionsController < ApplicationController
   skip_before_action :verify_authenticity_token, only: :create
 
   def create
-    session[:current_user] = {
-      name: auth_hash.info.name,
-      email: auth_hash.info.email
-    }
+    logger.info auth_hash
+    session[:current_user] = { name: auth_hash.info.name }
+    redirect_to root_path
+  end
 
+  def destroy
+    session.delete(:current_user)
     redirect_to root_path
   end
 

diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb
@@ -13,8 +13,9 @@
     <p>
       <% if user_signed_in? %>
         You are logged in as <%= session[:current_user]['name'] %>
+        (<%= link_to 'Logout', logout_path, method: :delete %>)
       <% else %>
-        <%= link_to 'Login (developer)', '/auth/developer' %>
+        <%= link_to 'Login (AzureAD)', '/auth/azureactivedirectory' %>
       <% end %>
     </p>
 

diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb
@@ -1,5 +1,7 @@
+require './lib/omniauth/strategies/azure_activedirectory.rb'
+
 OmniAuth.config.logger = Rails.logger
 
 Rails.application.config.middleware.use OmniAuth::Builder do
-  provider :developer
+  provider :azure_activedirectory, ENV['AAD_CLIENT_ID'], ENV['AAD_TENANT']
 end
diff --git a/config/routes.rb b/config/routes.rb
@@ -3,5 +3,6 @@
 
   root 'stuffs#index'
 
+  delete '/logout', to: 'sessions#destroy'
   post '/auth/:provider/callback', to: 'sessions#create'
 end
diff --git a/lib/omniauth/strategies/azure_activedirectory.rb b/lib/omniauth/strategies/azure_activedirectory.rb
@@ -0,0 +1,5 @@
+# Until "Add missing require to azure_activedirectory.rb" PR [1] is added in, we
+# will manually have to include net/http for the Azure AD provider to be usable
+# [1] https://github.com/AzureAD/omniauth-azure-activedirectory/pull/31
+
+require 'net/http'