From 9c1a8b11764358e82bd8ccbc666606e978e4ab0e Mon Sep 17 00:00:00 2001
From: Tom Sabin <tom.sabin@unboxed.co>
Date: Mon, 2 Jul 2018 17:25:06 +0100
Subject: [PATCH] Implement Azure AD omniauth provider

To set up this up, you are required to create a new "App registration"
within the Azure Active Directory service. Keep note of the Application
ID, as this will be the Client ID required for the AAD_CLIENT_ID env
variable. You will also be required to add the callback URL to the
"reply URL" within the app registry properties, e.g.
'http://localhost:3000/auth/azureactivedirectory/callback'.

Currently there is an issue with the omniauth-azure-activedirectory gem
whereby we need to require the 'net/http' gem in order for the callback
to be registered. See the following open issue for more details:
https://github.com/AzureAD/omniauth-azure-activedirectory/issues/21
---
 Gemfile                                          | 1 +
 Gemfile.lock                                     | 5 +++++
 app/views/layouts/application.html.erb           | 2 +-
 config/initializers/omniauth.rb                  | 4 +++-
 lib/omniauth/strategies/azure_activedirectory.rb | 5 +++++
 5 files changed, 15 insertions(+), 2 deletions(-)
 create mode 100644 lib/omniauth/strategies/azure_activedirectory.rb

diff --git a/Gemfile b/Gemfile
index b7125830..68cd0cd0 100644
--- a/Gemfile
+++ b/Gemfile
@@ -38,6 +38,7 @@ gem 'bootsnap', '>= 1.1.0', require: false
 
 gem 'rspec-rails'
 gem 'omniauth'
+gem 'omniauth-azure-activedirectory'
 
 group :development, :test do
   # Call 'byebug' anywhere in the code to stop execution and get a debugger console
diff --git a/Gemfile.lock b/Gemfile.lock
index d902c6d0..fa57a649 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -86,6 +86,7 @@ GEM
     jbuilder (2.7.0)
       activesupport (>= 4.2.0)
       multi_json (>= 1.2)
+    jwt (1.5.6)
     listen (3.1.5)
       rb-fsevent (~> 0.9, >= 0.9.4)
       rb-inotify (~> 0.9, >= 0.9.7)
@@ -110,6 +111,9 @@ GEM
     omniauth (1.8.1)
       hashie (>= 3.4.6, < 3.6.0)
       rack (>= 1.6.2, < 3)
+    omniauth-azure-activedirectory (1.0.0)
+      jwt (~> 1.5)
+      omniauth (~> 1.1)
     pg (1.0.0)
     public_suffix (3.0.2)
     puma (3.11.4)
@@ -222,6 +226,7 @@ DEPENDENCIES
   jbuilder (~> 2.5)
   listen (>= 3.0.5, < 3.2)
   omniauth
+  omniauth-azure-activedirectory
   pg (>= 0.18, < 2.0)
   puma (~> 3.11)
   rails (~> 5.2.0)
diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb
index 63130f29..a51326cd 100644
--- a/app/views/layouts/application.html.erb
+++ b/app/views/layouts/application.html.erb
@@ -14,7 +14,7 @@
       <% if user_signed_in? %>
         You are logged in as <%= session[:current_user]['name'] %>
       <% else %>
-        <%= link_to 'Login (developer)', '/auth/developer' %>
+        <%= link_to 'Login (AzureAD)', '/auth/azureactivedirectory' %>
       <% end %>
     </p>
 
diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb
index b320bae3..17baa2f9 100644
--- a/config/initializers/omniauth.rb
+++ b/config/initializers/omniauth.rb
@@ -1,5 +1,7 @@
+require './lib/omniauth/strategies/azure_activedirectory.rb'
+
 OmniAuth.config.logger = Rails.logger
 
 Rails.application.config.middleware.use OmniAuth::Builder do
-  provider :developer
+  provider :azure_activedirectory, ENV['AAD_CLIENT_ID'], ENV['AAD_TENANT']
 end
diff --git a/lib/omniauth/strategies/azure_activedirectory.rb b/lib/omniauth/strategies/azure_activedirectory.rb
new file mode 100644
index 00000000..9d0b4805
--- /dev/null
+++ b/lib/omniauth/strategies/azure_activedirectory.rb
@@ -0,0 +1,5 @@
+# Until "Add missing require to azure_activedirectory.rb" PR [1] is added in, we
+# will manually have to include net/http for the Azure AD provider to be usable
+# [1] https://github.com/AzureAD/omniauth-azure-activedirectory/pull/31
+
+require 'net/http'