lib/decidim/suomifi.rb in decidim-suomifi-0.18.0 vs lib/decidim/suomifi.rb in decidim-suomifi-0.18.1

@@ -4,10 +4,11 @@
 require "omniauth-suomifi"
 require "henkilotunnus"
 
 require_relative "suomifi/version"
 require_relative "suomifi/engine"
+require_relative "suomifi/authentication"
 require_relative "suomifi/verification"
 require_relative "suomifi/mail_interceptors"
 
 module Decidim
   module Suomifi
@@ -44,10 +45,22 @@
     config_accessor :certificate_file
 
     # The private key file for the application
     config_accessor :private_key_file
 
+    # Defines how the session gets cleared when the OmniAuth strategy logs the
+    # user out. This has been customized to preserve the flash messages in the
+    # session after the session is destroyed.
+    config_accessor :idp_slo_session_destroy do
+      proc do |_env, session|
+        flash = session["flash"]
+        result = session.clear
+        session["flash"] = flash if flash
+        result
+      end
+    end
+
     # Extra configuration for the omniauth strategy
     config_accessor :extra do
       {}
     end
 
@@ -60,10 +73,16 @@
         # never expire.
         workflow.expires_in = 0.minutes
       end
     end
 
+    # Allows customizing parts of the authentication flow such as validating
+    # the authorization data before allowing the user to be authenticated.
+    config_accessor :authenticator_class do
+      Decidim::Suomifi::Authentication::Authenticator
+    end
+
     # Allows customizing how the authorization metadata gets collected from
     # the SAML attributes passed from the authorization endpoint.
     config_accessor :metadata_collector_class do
       Decidim::Suomifi::Verification::MetadataCollector
     end
@@ -75,10 +94,14 @@
     def self.configure
       @configured = true
       super
     end
 
+    def self.authenticator_for(organization, oauth_hash)
+      authenticator_class.new(organization, oauth_hash)
+    end
+
     def self.mode
       return config.mode if config.mode
       return :production unless Rails.application.secrets.omniauth
       return :production unless Rails.application.secrets.omniauth[:suomifi]
 
@@ -109,10 +132,11 @@
       settings = {
         mode: mode,
         scope_of_data: scope_of_data,
         sp_entity_id: sp_entity_id,
         certificate: certificate,
-        private_key: private_key
+        private_key: private_key,
+        idp_slo_session_destroy: idp_slo_session_destroy
       }
       settings.merge!(config.extra) if config.extra.is_a?(Hash)
       settings
     end