#32 Autologin

README.md

@@ -9,7 +9,8 @@ The user is identified by the email registered with the OAuth provider. The emai
 in Redmine. If such an email is not found, the user will be offered to register in Redmine, depending on Redmine's 
 setting **Self-registration**. OAuth logout is also supported, if it is set in the options.
 Access to Redmine can controlled by roles assigned in your OAuth provider.
-See [#36](https://github.com/kontron/redmine_oauth/issues/36#issuecomment-2348842432) for details.
+See [#36](https://github.com/kontron/redmine_oauth/issues/36#issuecomment-2348842432) for details; as well as OAuth 
+autologin.
 
 Inspired by Gucin's plugin https://github.com/Gucin/redmine_omniauth_azure.
 

app/controllers/redmine_oauth_controller.rb

@@ -28,6 +28,7 @@ class RedmineOauthController < AccountController
   def oauth
     session[:back_url] = params[:back_url]
     session[:autologin] = params[:autologin]
+    session[:oauth_autologin] = params[:oauth_autologin]
     oauth_csrf_token = generate_csrf_token
     session[:oauth_csrf_token] = oauth_csrf_token
     case Setting.plugin_redmine_oauth[:oauth_name]
@@ -154,20 +155,38 @@ def oauth_callback
     end
 
     # Try to log in
+    set_params
     try_to_login email, user_info
   rescue StandardError => e
     Rails.logger.error e.message
     flash['error'] = e.message
     redirect_to signin_path
   end
 
+  def set_oauth_autologin_cookie(value, request)
+    cookie_options = {
+      value: value,
+      expires: 1.year.from_now,
+      path: RedmineApp::Application.config.relative_url_root || '/',
+      same_site: :lax,
+      secure: request.ssl?,
+      httponly: true
+    }
+    cookies[:oauth_autologin] = cookie_options
+  end
+
   private
 
-  def try_to_login(email, info)
+  def set_params
     params['back_url'] = session[:back_url]
     session.delete :back_url
     params['autologin'] = session[:autologin]
     session.delete :autologin
+    params['oauth_autologin'] = session[:oauth_autologin]
+    session.delete :oauth_autologin
+  end
+
+  def try_to_login(email, info)
     user = User.joins(:email_addresses).where(email_addresses: { address: email }).first
     if user # Existing user
       if user.registered? # Registered

app/views/hooks/_view_account_login_bottom.html.erb → app/views/hooks/redmine_oauth/_view_account_login_bottom.html.erb

@@ -28,14 +28,25 @@
       <legend class="oauth_legend" onclick="oauth_toggle_fieldset(this)"><%= l(:button_login) %></legend>
     </fieldset>
   <% end %>
-  <%= form_tag(oauth_path(back_url: back_url), method: :get, id: 'oauth-login') do %>
-    <%= back_url_hidden_field_tag %>
-    <%= button_tag(name: 'login-oauth', tabindex: 6, id: 'login-oauth-submit', title: l(:oauth_login_with),
-          style: "background: #{Setting.plugin_redmine_oauth[:button_color]}") do %>
-      <i id="button_icon" class="<%= Setting.plugin_redmine_oauth[:button_icon] %>"></i>
-      <%= l(:oauth_login_via, oauth: Setting.plugin_redmine_oauth[:custom_name].blank? ? Setting.plugin_redmine_oauth[:oauth_name] : Setting.plugin_redmine_oauth[:custom_name]).html_safe %>
+  <div id="oauth-form">
+    <%= form_tag(oauth_path(back_url: back_url), method: :get, id: 'oauth-login') do %>
+      <%= back_url_hidden_field_tag %>
+      <%= button_tag(name: 'login-oauth', tabindex: 7, id: 'login-oauth-submit', title: l(:oauth_login_with),
+            style: "background: #{Setting.plugin_redmine_oauth[:button_color]}") do %>
+        <i id="button_icon" class="<%= Setting.plugin_redmine_oauth[:button_icon] %>"></i>
+        <%= l(:oauth_login_via,
+              oauth: Setting.plugin_redmine_oauth[:custom_name].blank? ? Setting.plugin_redmine_oauth[:oauth_name] : Setting.plugin_redmine_oauth[:custom_name]).html_safe %>
+      <% end %>
+      <% if Setting.plugin_redmine_oauth[:oauth_login] %>
+        <br>
+        <label for="oauth_autologin">
+          <%= check_box_tag 'oauth_autologin', 1, false, tabindex: 6 %>
+          <%= l(:oauth_autologin,
+                oauth: Setting.plugin_redmine_oauth[:custom_name].blank? ? Setting.plugin_redmine_oauth[:oauth_name] : Setting.plugin_redmine_oauth[:custom_name]) %>
+        </label>
+      <% end %>
     <% end %>
-  <% end %>
+  </div>
 <% end %>
 
 <%= javascript_tag do %>

app/views/settings/_oauth_settings.html.erb

@@ -146,6 +146,15 @@
         <%= l(:label_default) %>: <%= l(:general_text_No) %>
       </em>
     </p>
+    <p>
+      <label><%= l(:oauth_login) %></label>
+      <%= check_box_tag 'settings[oauth_login]', true, @settings[:oauth_login] %>
+      <em class="info">
+        <%= l(:oauth_login_info) %>
+        <br>
+        <%= l(:label_default) %>: <%= l(:general_text_No) %>
+      </em>
+    </p>
     <% style = %w(Custom).exclude?(@settings[:oauth_name]) ? 'display: none' : 'display: block' %>
     <div id="oauth_options_custom" style="<%= style %>">
       <p>

assets/stylesheets/redmine_oauth.css

@@ -25,6 +25,17 @@ button#login-oauth-submit {
   display:block;
 }
 
+label[for="oauth_autologin"] {
+  margin:auto;
+  display:block;
+  width: fit-content;
+}
+
+div#oauth-form {
+  margin: auto;
+  width: 340px;
+}
+
 input#button_color {
   padding: 0;
 }

config/locales/cs.yml

@@ -25,41 +25,44 @@ cs:
   oauth_invalid_provider: Neplatný poskytovatel OAuth
   oauth_none: Žádný
   oauth_provider: Poskytovatel
-  oauth_provider_info: Poskytovatel OAuth
+  oauth_provider_info: Poskytovatel OAuth.
   oauth_site: Stránka
-  oauth_site_info: Ověřovací URL poskytovatele OAuth
+  oauth_site_info: Ověřovací URL poskytovatele OAuth.
   oauth_client_id: ID klienta
-  oauth_client_id_info: ID aplikace (klienta)
+  oauth_client_id_info: ID aplikace (klienta).
   oauth_client_secret: Tajný kód
-  oauth_client_secret_info: Heslo aplikace
+  oauth_client_secret_info: Heslo aplikace.
   oauth_tenant_id: ID tenanta
-  oauth_tenant_id_info: ID adresáře (tenanta)
-  oauth_button_info: Barva a ikonka (třída Awesome fontu) přihlašovacího tlačítka OAuth (prázdné pro žádné tlačítko)
+  oauth_tenant_id_info: ID adresáře (tenanta).
+  oauth_button_info: Barva a ikonka (třída Awesome fontu) přihlašovacího tlačítka OAuth (prázdné pro žádné tlačítko).
   oauth_login_button: Přihlašovací tlačítko
   oauth_custom_name: Název poskytovatele
-  oauth_custom_name_info: Titulek zobrazený na přihlašovacím tlačítku OAuth
+  oauth_custom_name_info: Titulek zobrazený na přihlašovacím tlačítku OAuth.
   oauth_custom_auth_endpoint: Autorizační endpoint
-  oauth_custom_auth_endpoint_info: Autorizační endpoint aplikace
+  oauth_custom_auth_endpoint_info: Autorizační endpoint aplikace.
   oauth_custom_token_endpoint: Endpoint tokenu
-  oauth_custom_token_endpoint_info: Endpoint tokenu aplikace
+  oauth_custom_token_endpoint_info: Endpoint tokenu aplikace.
   oauth_custom_profile_endpoint: Endpoint profilu
-  oauth_custom_profile_endpoint_info: Endpoint profilu aplikace
+  oauth_custom_profile_endpoint_info: Endpoint profilu aplikace.
   oauth_custom_scope: OAuth scope
-  oauth_custom_scope_info: "OAuth scope (výchozí: 'openid profile email')"
+  oauth_custom_scope_info: "OAuth scope (výchozí: 'openid profile email')."
   oauth_custom_uid_field: UID
-  oauth_custom_uid_field_info: "Pole UID (výchozí: preferred_username)"
+  oauth_custom_uid_field_info: "Pole UID (výchozí: preferred_username)."
   oauth_custom_email_field: E-mail
-  oauth_custom_email_field_info: "Pole e-mail (výchozí: email)"
+  oauth_custom_email_field_info: "Pole e-mail (výchozí: email)."
   oauth_hide_login_form: Skrýt přihlašovací formulář
   oauth_custom_firstname_field: Pole jména u poskytovatele
   oauth_custom_lastname_field: Pole příjmení u poskytovatele
-  oauth_update_login: Aktualizovat login
-  oauth_update_login_info: Aktualizovat login uživatele po úspěšném přihlášení.
-  oauth_logout: OAuth odhlášení
-  oauth_logout_info: Odhlásit se také od poskytovatele OAuth po dohlášení z Redminu
+  oauth_update_login: Aktualizovat přihlašovací jméno
+  oauth_update_login_info: Aktualizovat přihlašovací jméno uživatele po úspěšném přihlášení.
+  oauth_login: Přihlášení OAuth
+  oauth_login_info: Umožní uživatelům přihlásit se automaticky pomocí poskytovatele OAuth bez přihlašovacího formuláře.
+  oauth_logout: Odhlášení OAuth
+  oauth_logout_info: Odhlásit se také od poskytovatele OAuth po dohlášení z Redminu.
   oauth_custom_logout_endpoint: Endpoint odhlášení
-  oauth_custom_logout_endpoint_info: Endpoint pro odhlášení od poskytovatele
+  oauth_custom_logout_endpoint_info: Endpoint pro odhlášení od poskytovatele.
   oauth_validate_user_roles_info: "Klíč, kde jsou definované role v tokenu. Pokud je nastaveno, tak 'user' role povolí
     přihlášení, 'admin' přidělí práva administrátora. Jestliže role 'user' není uvedena, přístup je odmítnut. Jestliže
     chybí role 'admin', práva administrátora jsou odebrána. př.: Zadejte 'resource_access.redmine.roles', když máte
     v tokenu nakonfigurováno toto: 'resource_access': { 'redmine': { 'roles': ['user', 'admin'] } }."
+  oauth_autologin: "Automatické přihlašování s %{oauth}"

config/locales/de.yml

@@ -21,45 +21,50 @@
 de:
   oauth_login_via: "Weiter mit <b>%{oauth}</b>"
   oauth_login_with: Anmelden mit with OAuth
-  oauth_no_verified_email: Keine verifizierte E-Mail zur Verfügung gestellt. Überprüfen Sie Ihre OAuth-Anbieter-Einstellung.
+  oauth_no_verified_email: "Keine verifizierte E-Mail zur Verfügung gestellt. Überprüfen Sie Ihre 
+    OAuth-Anbieter-Einstellung."
   oauth_invalid_provider: Ungültiger OAuth-Anbieter
   oauth_none: Keiner
   oauth_provider: Anbieter
-  oauth_provider_info: OAuth-Anbieter
+  oauth_provider_info: OAuth-Anbieter.
   oauth_site: Seite
-  oauth_site_info: URI des OAuth-Anbieter
+  oauth_site_info: URI des OAuth-Anbieter.
   oauth_client_id: Client-ID
-  oauth_client_id_info: Anwendungs-ID (Client)
+  oauth_client_id_info: Anwendungs-ID (Client).
   oauth_client_secret: Geheime Zeichenfolge
-  oauth_client_secret_info: Anwendungskennwort
+  oauth_client_secret_info: Anwendungskennwort.
   oauth_tenant_id: Mandant-ID
-  oauth_tenant_id_info: Verzeichnis-ID (Mandant)
-  oauth_button_info: Farbe und Symbol (Awesome-Schriftklasse) des OAuth-Anmeldebuttons (Leer für keinen Button)
+  oauth_tenant_id_info: Verzeichnis-ID (Mandant).
+  oauth_button_info: Farbe und Symbol (Awesome-Schriftklasse) des OAuth-Anmeldebuttons (Leer für keinen Button).
   oauth_login_button: Anmeldebutton
   oauth_custom_name: Name des Anbieters
-  oauth_custom_name_info: Titel auf dem OAuth-Login-Button
+  oauth_custom_name_info: Titel auf dem OAuth-Login-Button.
   oauth_custom_auth_endpoint: Auth endpoint
-  oauth_custom_auth_endpoint_info: Application Auth endpoint
+  oauth_custom_auth_endpoint_info: Application Auth endpoint.
   oauth_custom_token_endpoint: Token endpoint
-  oauth_custom_token_endpoint_info: Application Token endpoint
+  oauth_custom_token_endpoint_info: Application Token endpoint.
   oauth_custom_profile_endpoint: Profile endpoint
-  oauth_custom_profile_endpoint_info: Application Profile endpoint
+  oauth_custom_profile_endpoint_info: Application Profile endpoint.
   oauth_custom_scope: OAuth scope
-  oauth_custom_scope_info: "OAuth scope (Standard: 'openid profile email')"
+  oauth_custom_scope_info: "OAuth scope (Standard: 'openid profile email')."
   oauth_custom_uid_field: UID-Feld
-  oauth_custom_uid_field_info: "UID-Feld (Stadard: preferred_username)"
+  oauth_custom_uid_field_info: "UID-Feld (Stadard: preferred_username)."
   oauth_custom_email_field: E-Mail-Feld
-  oauth_custom_email_field_info: "E-Mail-Feld (Standard: email)"
+  oauth_custom_email_field_info: "E-Mail-Feld (Standard: email)."
   oauth_hide_login_form: Login-Formular ausblenden
   oauth_custom_firstname_field: Vorname-Feld des Anbieters
   oauth_custom_lastname_field: Nachname-Feld des Anbieters
   oauth_update_login: Login aktualizieren
   oauth_update_login_info: Aktualizieren Login des Benutzers nach einer erfolgreichen Anmeldung.
   oauth_logout: OAuth-Abmeldung
-  oauth_logout_info: Abmelden auch vom OAuth-Anbieter nach der Redmine-Abmeldung
+  oauth_logout_info: Abmelden auch vom OAuth-Anbieter nach der Redmine-Abmeldung.
+  oauth_login: OAuth login
+  oauth_login_info: Ermöglicht der Benutzer automatisches Anmelden über den OAuth-Anbieter ohne des Anmeldeformulars.
   oauth_custom_logout_endpoint: Abmeldung-Endpoint
-  oauth_custom_logout_endpoint_info: Abmeldung-Endpoint für Abmeldung vom OAuth-Anbieter
-  oauth_validate_user_roles_info: "A key, where user roles are present in the token. If set, 'user' role grants access, 
-      'admin' grants admin rights. If 'user' role is not present, access is denied. If 'admin role is missing, admin 
-      rights are revoked. E.g.: Enter 'resource_access.redmine.roles', if you have your token set as follows:
-      'resource_access': { 'redmine': { 'roles': ['user', 'admin'] } }"
+  oauth_custom_logout_endpoint_info: Abmeldung-Endpoint für Abmeldung vom OAuth-Anbieter.
+  oauth_validate_user_roles_info: "Ein Schlüssel, bei dem Benutzerrollen im Token vorhanden sind. Wenn gesetzt, 
+    die Rolle 'user' gewährt Zugriff, 'admin' gewährt Admin-Rechte. Wenn die Rolle 'user' nicht vorhanden ist, 
+    wird der Zugriff verweigert. Wenn die Rolle 'admin' fehlt, werden die Admin-Rechte widerrufen. z.B.: Geben Sie 
+    'resource_access.redmine.roles' ein, wenn Sie den Token als 
+    'resource_access': { 'redmine': { 'roles': ['user', 'admin'] } } eingestellt."
+  oauth_autologin: "Automatische Anmeldung mit %{oauth}"

config/locales/en.yml

@@ -25,42 +25,45 @@ en:
   oauth_invalid_provider: Invalid OAuth provider
   oauth_none: None
   oauth_provider: Provider
-  oauth_provider_info: OAuth provider
+  oauth_provider_info: OAuth provider.
   oauth_site: Site
-  oauth_site_info: OAuth provider's authentication URL
+  oauth_site_info: OAuth provider's authentication URL.
   oauth_client_id: Client ID
-  oauth_client_id_info: Application (client) ID
+  oauth_client_id_info: Application (client) ID.
   oauth_client_secret: Client secret
-  oauth_client_secret_info: Application password
+  oauth_client_secret_info: Application password.
   oauth_tenant_id: Tenant ID / Realm
-  oauth_tenant_id_info: Directory (tenant) ID
-  oauth_button_info: Colour and icon (Awesome font class) of the OAuth login button (Empty for no button)
+  oauth_tenant_id_info: Directory (tenant) ID.
+  oauth_button_info: Colour and icon (Awesome font class) of the OAuth login button (Empty for no button).
   oauth_login_button: Login button
   oauth_custom_name: Provider name
-  oauth_custom_name_info: Title to be shown on the OAuth login button
+  oauth_custom_name_info: Title to be shown on the OAuth login button.
   oauth_custom_auth_endpoint: Auth endpoint
-  oauth_custom_auth_endpoint_info: Application Auth endpoint
+  oauth_custom_auth_endpoint_info: Application Auth endpoint.
   oauth_custom_token_endpoint: Token endpoint
-  oauth_custom_token_endpoint_info: Application Token endpoint
+  oauth_custom_token_endpoint_info: Application Token endpoint.
   oauth_custom_profile_endpoint: Profile endpoint
-  oauth_custom_profile_endpoint_info: Application Profile endpoint
+  oauth_custom_profile_endpoint_info: Application Profile endpoint.
   oauth_custom_scope: OAuth scope
-  oauth_custom_scope_info: "OAuth scope (default: 'openid profile email')"
+  oauth_custom_scope_info: "OAuth scope (default: 'openid profile email')."
   oauth_custom_uid_field: UID field
-  oauth_custom_uid_field_info: "UID field (default: preferred_username)"
+  oauth_custom_uid_field_info: "UID field (default: preferred_username)."
   oauth_custom_email_field: Email field
-  oauth_custom_email_field_info: "Email field (default: email)"
+  oauth_custom_email_field_info: "Email field (default: email)."
   oauth_hide_login_form: Hide login form
   oauth_custom_firstname_field: Provider's firstname field
   oauth_custom_lastname_field: Provider's lastname field
   oauth_update_login: Update login
-  oauth_update_login_info: Update the user's login after a successful login
+  oauth_update_login_info: Update the user's login after a successful login.
   oauth_logout: OAuth logout
-  oauth_logout_info: Log out from the OAuth provider too after Redmine log out
+  oauth_logout_info: Log out from the OAuth provider too after Redmine logout.
+  oauth_login: OAuth login
+  oauth_login_info: Allow users to log in automatically via OAuth provider skipping the login form.
   oauth_custom_logout_endpoint: Logout endpoint
-  oauth_custom_logout_endpoint_info: Application Logout endpoint
+  oauth_custom_logout_endpoint_info: Application Logout endpoint.
   oauth_validate_user_roles: Validate user roles
   oauth_validate_user_roles_info: "A key, where user roles are present in the token. If set, 'user' role grants access, 
     'admin' grants admin rights. If 'user' role is not present, access is denied. If 'admin role is missing, admin 
     rights are revoked. E.g.: Enter 'resource_access.redmine.roles', if you have your token set as follows:
     'resource_access': { 'redmine': { 'roles': ['user', 'admin'] } }"
+  oauth_autologin: "Autologin with %{oauth}"