sso for ntu mb all sites

Conflicts:
	app/assets/stylesheets/basic/global.css
	app/views/devise/sessions/new.html.erb
	app/views/layouts/devise.html.erb

app/assets/stylesheets/basic/global.css

@@ -682,8 +682,8 @@ legend {
   margin-bottom: 25px;
 }
 .sign-in .btn {
-  padding: 4px 0;
   display: block;
+  padding: 4px 0;
   width: 100%;
   margin-bottom: 10px;
 }
@@ -711,7 +711,7 @@ legend {
 .sign-in .checkbox {
   position: absolute;
   text-align: left;
-  bottom: 37px;
+  bottom: 47px;
 }
 .sign-in .switchboard {
   color: #08C;

app/assets/stylesheets/basic/orbit_bar.css.erb

@@ -2,16 +2,17 @@
 	top: 0px;
 	left: -10px;
 	right: -10px;
-	height: 40px;
 	z-index: 1041;
 	position: fixed;
 	margin-bottom: 0;
+	height: 40px;
 }
 #orbit-bar .orbitlogo {
-	width: 20px;
+	width: 50px;
-	height: 20px;
+	height: 40px;
+	padding: 0!important;
 	background-size: 70%;
-	display: inline-block;
+	display: block;
 	background-position: center;
 	background-repeat: no-repeat;
 	background-image: url(<%= asset_path 'orbit-logo.svg' %>);
@@ -19,8 +20,23 @@
 	/* For Suck IE */
 	background-image: url(<%= asset_path 'orbit-logo.png' %>)\9;
 }
+#orbit-bar .dropdown-menu li > a {
+	padding: 0 20px;
+	display: block;
+	height: 30px;
+	line-height: 30px;
+}
+#orbit-bar .dropdown-menu li i {
+	float: left;
+	display: inline-block;
+	margin-right: 5px;
+	line-height: 30px;
+	height: 100%;
+}
 #orbit-bar.navbar .nav > li > a {
 	color: #EEE;
+	padding: 0 15px;
+	display: block;
 	text-shadow: 0 -1px 0 #000;
 	border-right: 1px solid #363636;
 	box-shadow: 1px 0px 0px rgba(0, 0, 0, 0.3);
@@ -34,6 +50,11 @@
 	background-color: #0095CF;
 	text-shadow: 0 -1px 0 #014380;
 }
+#orbit-bar.navbar .nav > li > a > [class^="icon"],
+#orbit-bar.navbar .nav > li > a > [class*=" icon"] {
+	line-height: 40px;
+	display: block;
+}
 #orbit-bar.navbar .nav li.dropdown.open > .dropdown-toggle,
 #orbit-bar.navbar .nav li.dropdown.active > .dropdown-toggle,
 #orbit-bar.navbar .nav li.dropdown.open.active > .dropdown-toggle {
@@ -41,9 +62,7 @@
 	text-shadow: 0 -1px 0 #014380;
 }
 #orbit-bar .navbar-inner {
-	height: 40px;
 	border-width: 0;
-	min-height: 40px;
 	background-color: #333333;
 	-webkit-border-radius: 0px;
 	   -moz-border-radius: 0px;
@@ -66,6 +85,10 @@
 	right: auto;
 	bottom: auto;
 }
+#orbit-bar .nav > li {
+	display: block;
+	line-height: 40px;
+}
 #orbit-bar .nav [class^="icon"],
 #orbit-bar .nav [class*=" icon"] {
 	font-size: 1.5em;
@@ -92,17 +115,45 @@
 #orbit-bar .modal .input-prepend {
 	margin-bottom: 15px;
 }
+#orbit-bar .modal .other-sign-in {
+	position: relative;
+	text-align: center;
+	margin-top: 20px;
+	margin-bottom: 30px;
+	padding-bottom: 20px;
+	border-bottom: 1px solid #EDEDED;
+}
+#orbit-bar .modal .other-sign-in .btn {
+	padding: 4px 0;
+	display: block;
+	margin-bottom: 5px;
+	width: 100%;
+}
+#orbit-bar .modal .other-sign-in p {
+	position: absolute;
+	width: 30px;
+	height: 30px;
+	background-color: #FFF;
+	padding: 0 10px;
+	margin-bottom: 0;
+	margin-left: -25px;
+	line-height: 30px;
+	left: 50%;
+	bottom: -15px;
+	font-size: 1.3em;
+	color: #B1B1B1;
+}
 
 /*Search*/
 #orbit-bar #search {
 	margin-bottom: 0;
 	position: relative;
-	padding: 8px 10px 0;
+	padding: 0 10px;
 	border-right: 1px solid #363636;
 	box-shadow: 1px 0px 0px rgba(0, 0, 0, 0.3);
 }
 #orbit-bar #search form {
-	margin-bottom: 8px;
+	margin: 8px 0;
 }
 #orbit-bar #search input[type="text"] {
 	height: 14px;
@@ -110,6 +161,7 @@
 	font-size: 13px;
 	padding-left: 25px;
 	padding-right: 25px;
+	display: block;
 	-webkit-border-radius: 12px;
 	   -moz-border-radius: 12px;
 	     -o-border-radius: 12px;
@@ -122,15 +174,16 @@
 #orbit-bar #search .search-clear {
 	position: absolute;
 	color: #A3A3A3;
-	top: 14px;
+	top: 16px;
 }
 #orbit-bar #search .icon-search {
-	left: 13px;
+	left: 15px;
-	top: 15px;
 	font-size: 1.2em;
+	width: 1.25em;
+	margin-top: 0;
 }
 #orbit-bar #search .search-clear {
-	right: 14px;
+	right: 13px;
 	font-size: 1.3em;
 }
 #orbit-bar #search .search-clear:hover {

app/controllers/sessions_controller.rb

@@ -0,0 +1,40 @@
+# encoding: utf-8
+
+class SessionsController < Devise::SessionsController
+	prepend_before_filter :require_no_authentication, :only => [ :new, :create ]
+
+
+  def create 
+	  @site = Site.first
+
+      private_key = OpenSSL::PKey::RSA.new(@site.private_key)
+      wresult = private_key.private_decrypt(request.params['wresult'])
+
+  	  @ids = wresult.split("@")
+
+      login_uid = @ids[0]
+
+  	  resource = User.first(conditions:{user_id: login_uid})
+
+	  if !resource.blank?
+	     resource_name = resource.class.to_s.downcase
+	     sign_in(resource_name, resource)
+	     session[:user_id_type] = "myntumb"
+	     redirect_to after_sign_in_path_for(resource)
+	  else
+	     flash[:error] = "很抱歉,您無此權限或帳號登入本站,請洽本站管理員<br />Sorry, you don't have the account or authority to login. Please contact the website administrator."
+	     redirect_to :root
+	  end
+  end
+
+  def destroy
+  	@user_id_type = session[:user_id_type]
+    sign_out
+    if @user_id_type == "myntumb"
+      redirect_to "https://adfs.ntu.edu.tw/adfs/ls/?wa=wsignout1.0&wreply=https://management.ntu.edu.tw"
+    else
+      redirect_to root_path
+    end
+  end
+
+end

app/views/devise/sessions/new.html.erb

@@ -1,59 +1,62 @@
-    <section id="main-wrap">
+
+
       <div class="sign-in have-other-sign-in">
-<!--         <p class="alert alert-error in fade">You need to sign in.</p>
+
- -->    
 		<% flash.each do |key, msg| %>
-		    <%= content_tag :p, msg, :class => [key, "alert alert-error in fade"] %>
+			<%= content_tag :p, msg, :class => [key, "alert alert-error"] %>
 		<% end %>
 
+        
         <div class="form">
-          <h3 class="login-logo">Log In to Orbit</h3>
+          <h3 class="login-logo"><%= t(:login) %></h3>
-          <div>
+          <div class="other-sign-in">
-            <input name="utf8" type="hidden" value="" />
+            <% @request_hosts = request.host_with_port.split(".") %>
-            <input name="authenticity_token" type="hidden" value="" />
+              <a class="btn btn-primary" type="submit" href="https://adfs.ntu.edu.tw/adfs/ls/?wa=wsignin1.0&wtrealm=https://management.ntu.edu.tw/saml_login&wctx=<%= @request_hosts[0] %>">使用計中帳號登入</a>
-          </div>
-<!--           <div class="other-sign-in">
-            <a class="btn btn-primary" type="submit">Other Sign In</a>
             <p>or</p>
-          </div> -->
+          </div>
           <div class="form-block">
             <div class="form-list clearfix">
-              <form class="content" accept-charset="UTF-8" action="/users/sign_in" method="post">
               <%= form_for resource, :as => resource_name, :url => session_path(resource_name), :html => {:class => 'content'} do |f| %>
-
                 <div class="control-group clear">
                   <label for="user_email">
                     <i class="icon-user"></i>
                   </label>
-                 	<%= f.text_field :user_id, :placeholder => t("users.user_id"), :id=>"user_email" %>
+				  <%= f.text_field :user_id, :placeholder => t("users.user_id") %>
                 </div>
                 <div class="control-group clear">
                   <label for="user_password">
                     <i class="icon-lock"></i>
                   </label>
-                  <%= f.password_field :password, :placeholder => t(:dots), :id=>"user_password" %>
+                  <%= f.password_field :password, :placeholder => t(:dots) %>
                 </div>
-                <br/>
+                <!-- <label class="checkbox">
-                <label class="checkbox">
+                  <input type="checkbox" value="">
-                <% if devise_mapping.rememberable? -%>
+                  <small>Remember me</small>
-                  <%= f.check_box :remember_me %> <small><%= f.label :remember_me %></small>
+                </label> -->
-                <% end -%>
-                </label>
-                
                 <%= content_tag :button, t(:login), :type => :submit, :class => 'btn btn-primary' %>
-              </form>
+              <% end %>
 
+              <!-- <form class="content" accept-charset="UTF-8" action="/users/sign_in" method="post">
+                <div class="control-group clear">
+                  <label for="user_email">
+                    <i class="icon-user"></i>
+                  </label>
+                  <input type="text" id="user_id" name="user[id]" placeholder="帳號" />
                 </div>
+                <div class="control-group clear">
+                  <label for="user_password">
+                    <i class="icons-mail"></i>
+                  </label>
+                  <input type="text" id="user_email" name="user[email]" placeholder="電子郵件" />
                 </div>
-          <div class="pull-right">
+                <button class="btn btn-primary" type="submit">Submit</button>
-            <%= link_to content_tag(:small, t(:forgot_password)), new_user_password_path %>
+              </form> -->
+            </div>
+            <!-- <div class="switchboard"><span>Forgot Password ?</span> <i class="icons-arrow-left-2"></i></div> -->
           </div>
-          <br/>
           <!-- <div class="register">
             <button class="btn btn-inverse" type="submit">Register</button>
           </div> -->
-        <% end %>
 
         </div>
       </div>
-    </section>

app/views/layouts/_right_menu.html.erb

@@ -56,6 +56,11 @@
           </div>
           <div class="modal-body">
             <%= form_for :user, url: user_session_path, html: {class: 'container'} do |f| %>
+              <div class="other-sign-in">
+                <% @request_hosts = request.host_with_port.split(".") %>
+                <a class="btn btn-primary" type="submit" href="https://adfs.ntu.edu.tw/adfs/ls/?wa=wsignin1.0&wtrealm=https://management.ntu.edu.tw/saml_login&wctx=<%= @request_hosts[0] %>">使用計中帳號登入</a>
+                <p>or</p>
+              </div>
               <div class="input-prepend">
                 <span class="add-on">
                   <i class="icon-user"></i>

app/views/layouts/devise.html.erb

@@ -24,5 +24,9 @@
 <body>
 	<%= render 'layouts/orbit_bar' %>
 	<%= yield %>
+	<!--<div id="sign-footer">
+      <p>Rulingcom</p>
+    </div>
+    -->
 </body>
 </html>

config/routes.rb

@@ -8,6 +8,14 @@ Orbit::Application.routes.draw do
     match "/users_passwd" => "desktop/registrations#update", :as => :users_passwd, :via => :put
   end
 
+  devise_scope :user do
+    get 'user_login' => 'sessions#create'
+    match 'user_logout' => 'sessions#destroy'
+  end
+
+  match "saml_login" => 'saml_logins#index'
+
+
   mount Resque::Server, :at => "/admin/resque"
   mount Rack::GridFS::Endpoint.new(:db => Mongoid.database,:lookup=>:path), :at => "gridfs"