Class: DiscourseConnect
Defined Under Namespace
Classes: BannedExternalId, BlankExternalId
Constant Summary
collapse
- BANNED_EXTERNAL_IDS =
%w[none nil blank null]
DiscourseConnectBase::ACCESSORS, DiscourseConnectBase::BOOLS, DiscourseConnectBase::FIXNUMS
Instance Attribute Summary
#sso_secret, #sso_url
Class Method Summary
collapse
Instance Method Summary
collapse
#custom_fields, #diagnostics, nonce_expiry_time, nonce_expiry_time=, parse, #payload, sign, #sign, #to_h, #to_json, #to_url, #unsigned_payload, used_nonce_expiry_time
Constructor Details
Returns a new instance of DiscourseConnect.
29
30
31
|
# File 'app/models/discourse_connect.rb', line 29
def initialize(secure_session:)
@secure_session = secure_session
end
|
Class Method Details
.generate_sso(return_path = "/", secure_session:) ⇒ Object
17
18
19
20
21
22
23
|
# File 'app/models/discourse_connect.rb', line 17
def self.generate_sso(return_path = "/", secure_session:)
sso = new(secure_session: secure_session)
sso.nonce = SecureRandom.hex
sso.register_nonce(return_path)
sso.return_sso_url = Discourse.base_url + "/session/sso_login"
sso
end
|
.generate_url(return_path = "/", secure_session:) ⇒ Object
25
26
27
|
# File 'app/models/discourse_connect.rb', line 25
def self.generate_url(return_path = "/", secure_session:)
generate_sso(return_path, secure_session: secure_session).to_url
end
|
.sso_secret ⇒ Object
13
14
15
|
# File 'app/models/discourse_connect.rb', line 13
def self.sso_secret
SiteSetting.discourse_connect_secret
end
|
.sso_url ⇒ Object
9
10
11
|
# File 'app/models/discourse_connect.rb', line 9
def self.sso_url
SiteSetting.discourse_connect_url
end
|
Instance Method Details
#lookup_or_create_user(ip_address = nil) ⇒ Object
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
# File 'app/models/discourse_connect.rb', line 99
def lookup_or_create_user(ip_address = nil)
external_id = self.external_id.to_s
raise BlankExternalId if external_id.blank?
raise BannedExternalId, external_id if BANNED_EXTERNAL_IDS.include?(external_id.downcase)
DistributedMutex.synchronize("sso_lookup_or_create_user_#{external_id}") do
lookup_or_create_user_unsafe(ip_address)
end
end
|
#nonce_error ⇒ Object
55
56
57
58
59
60
61
62
63
|
# File 'app/models/discourse_connect.rb', line 55
def nonce_error
if Discourse.cache.read(used_nonce_key).present?
"Nonce has already been used"
elsif SiteSetting.discourse_connect_csrf_protection
"Nonce is incorrect, was generated in a different browser session, or has expired"
else
"Nonce is incorrect, or has expired"
end
end
|
#nonce_key ⇒ Object
89
90
91
|
# File 'app/models/discourse_connect.rb', line 89
def nonce_key
"SSO_NONCE_#{nonce}"
end
|
#nonce_valid? ⇒ Boolean
47
48
49
50
51
52
53
|
# File 'app/models/discourse_connect.rb', line 47
def nonce_valid?
if SiteSetting.discourse_connect_csrf_protection
nonce && @secure_session[nonce_key].present?
else
nonce && Discourse.cache.read(nonce_key).present?
end
end
|
#register_nonce(return_path) ⇒ Object
#return_path ⇒ Object
65
66
67
68
69
70
71
|
# File 'app/models/discourse_connect.rb', line 65
def return_path
if SiteSetting.discourse_connect_csrf_protection
@secure_session[nonce_key] || "/"
else
Discourse.cache.read(nonce_key) || "/"
end
end
|
#used_nonce_key ⇒ Object
93
94
95
|
# File 'app/models/discourse_connect.rb', line 93
def used_nonce_key
"USED_SSO_NONCE_#{nonce}"
end
|