Allow login through OpenID Connect (#16221)

* added OpenID Connect as an SSO option * minor fixes * added comments, removed an option that shouldn't be set * fixed Gemfile.lock * added newline to end of Gemfile.lock * removed tab from Gemfile.lock * remove chomp * codeclimate changes and small name change to make function's purpose clearer * codeclimate fix * added SSO buttons to /about page * minor refactor * minor style change * removed spurious change * removed unecessary conditional from ensure_valid_username and added support for auth.info.name in user_params_from_auth * minor changes
2022-03-09 06:07:35 -05:00 · 2022-03-09 06:07:35 -05:00 · a6ed6845c9
commit a6ed6845c9
parent d17fb70131
5 changed files with 97 additions and 15 deletions
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -68,6 +68,7 @@ GEM
      zeitwerk (~> 2.3)
    addressable (2.8.0)
      public_suffix (>= 2.0.2, < 5.0)
+    aes_key_wrap (1.1.0)
    airbrussh (1.4.0)
      sshkit (>= 1.6.1, != 1.7.0)
    android_key_attestation (0.3.0)
@ -77,6 +78,7 @@ GEM
    ast (2.4.2)
    attr_encrypted (3.1.0)
      encryptor (~> 3.0.0)
+    attr_required (1.0.1)
    awrence (1.1.1)
    aws-eventstream (1.2.0)
    aws-partitions (1.558.0)
@ -260,6 +262,10 @@ GEM
    fuubar (2.5.1)
      rspec-core (~> 3.0)
      ruby-progressbar (~> 1.4)
+    gitlab-omniauth-openid-connect (0.5.0)
+      addressable (~> 2.7)
+      omniauth (~> 1.9)
+      openid_connect (~> 1.2)
    globalid (1.0.0)
      activesupport (>= 5.0)
    hamlit (2.13.0)
@ -286,6 +292,7 @@ GEM
      domain_name (~> 0.5)
    http-form_data (2.3.0)
    http_accept_language (2.1.1)
+    httpclient (2.8.3)
    httplog (1.5.0)
      rack (>= 1.0)
      rainbow (>= 2.0.0)
@ -306,6 +313,10 @@ GEM
    jmespath (1.6.0)
    json (2.5.1)
    json-canonicalization (0.3.0)
+    json-jwt (1.13.0)
+      activesupport (>= 4.2)
+      aes_key_wrap
+      bindata
    json-ld (3.2.0)
      htmlentities (~> 4.3)
      json-canonicalization (~> 0.3)
@ -406,6 +417,16 @@ GEM
    omniauth-saml (1.10.3)
      omniauth (~> 1.3, >= 1.3.2)
      ruby-saml (~> 1.9)
+    openid_connect (1.2.0)
+      activemodel
+      attr_required (>= 1.0.0)
+      json-jwt (>= 1.5.0)
+      rack-oauth2 (>= 1.6.1)
+      swd (>= 1.0.0)
+      tzinfo
+      validate_email
+      validate_url
+      webfinger (>= 1.0.1)
    openssl (2.2.0)
    openssl-signature_algorithm (0.4.0)
    orm_adapter (0.5.0)
@ -449,6 +470,12 @@ GEM
      rack (>= 1.0, < 3)
    rack-cors (1.1.1)
      rack (>= 2.0.0)
+    rack-oauth2 (1.16.0)
+      activesupport
+      attr_required
+      httpclient
+      json-jwt (>= 1.11.0)
+      rack (>= 2.1.0)
    rack-proxy (0.7.0)
      rack
    rack-test (1.1.0)
@ -608,6 +635,10 @@ GEM
    stoplight (2.2.1)
    strong_migrations (0.7.9)
      activerecord (>= 5)
+    swd (1.2.0)
+      activesupport (>= 3)
+      attr_required (>= 0.0.5)
+      httpclient (>= 2.4)
    temple (0.8.2)
    terminal-table (3.0.2)
      unicode-display_width (>= 1.1.1, < 3)
@ -642,6 +673,12 @@ GEM
    unf_ext (0.0.8)
    unicode-display_width (2.1.0)
    uniform_notifier (1.14.2)
+    validate_email (0.1.6)
+      activemodel (>= 3.0)
+      mail (>= 2.2.5)
+    validate_url (1.0.13)
+      activemodel (>= 3.0.0)
+      public_suffix
    warden (1.2.9)
      rack (>= 2.0.9)
    webauthn (3.0.0.alpha1)
@ -654,6 +691,9 @@ GEM
      safety_net_attestation (~> 0.4.0)
      securecompare (~> 1.0)
      tpm-key_attestation (~> 0.9.0)
+    webfinger (1.1.0)
+      activesupport
+      httpclient (>= 2.4)
    webmock (3.14.0)
      addressable (>= 2.8.0)
      crack (>= 0.3.2)
@ -717,6 +757,7 @@ DEPENDENCIES
  fog-core (<= 2.1.0)
  fog-openstack (~> 0.3)
  fuubar (~> 2.5)
+  gitlab-omniauth-openid-connect (~> 0.5.0)
  hamlit-rails (~> 0.2)
  hiredis (~> 0.6)
  htmlentities (~> 4.3)