Class: DiscourseConnect
Defined Under Namespace
Classes: BannedExternalId, BlankExternalId
Constant Summary
collapse
- BANNED_EXTERNAL_IDS =
%w[none nil blank null]
DiscourseConnectBase::ACCESSORS, DiscourseConnectBase::BOOLS, DiscourseConnectBase::FIXNUMS
Instance Attribute Summary
#sso_secret, #sso_url
Class Method Summary
collapse
Instance Method Summary
collapse
#custom_fields, #diagnostics, nonce_expiry_time, nonce_expiry_time=, parse, #payload, sign, #sign, #to_h, #to_json, #to_url, #unsigned_payload, used_nonce_expiry_time
Constructor Details
Returns a new instance of DiscourseConnect.
30
31
32
|
# File 'app/models/discourse_connect.rb', line 30
def initialize(secure_session:)
@secure_session = secure_session
end
|
Class Method Details
.generate_sso(return_path = "/", secure_session:) ⇒ Object
18
19
20
21
22
23
24
|
# File 'app/models/discourse_connect.rb', line 18
def self.generate_sso(return_path = "/", secure_session:)
sso = new(secure_session: secure_session)
sso.nonce = SecureRandom.hex
sso.register_nonce(return_path)
sso.return_sso_url = Discourse.base_url + "/session/sso_login"
sso
end
|
.generate_url(return_path = "/", secure_session:) ⇒ Object
26
27
28
|
# File 'app/models/discourse_connect.rb', line 26
def self.generate_url(return_path = "/", secure_session:)
generate_sso(return_path, secure_session: secure_session).to_url
end
|
.sso_secret ⇒ Object
14
15
16
|
# File 'app/models/discourse_connect.rb', line 14
def self.sso_secret
SiteSetting.discourse_connect_secret
end
|
.sso_url ⇒ Object
10
11
12
|
# File 'app/models/discourse_connect.rb', line 10
def self.sso_url
SiteSetting.discourse_connect_url
end
|
Instance Method Details
#lookup_or_create_user(ip_address = nil) ⇒ Object
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
|
# File 'app/models/discourse_connect.rb', line 100
def lookup_or_create_user(ip_address = nil)
external_id = self.external_id.to_s
raise BlankExternalId if external_id.blank?
raise BannedExternalId, external_id if BANNED_EXTERNAL_IDS.include?(external_id.downcase)
DistributedMutex.synchronize("sso_lookup_or_create_user_#{external_id}") do
lookup_or_create_user_unsafe(ip_address)
end
end
|
#nonce_error ⇒ Object
56
57
58
59
60
61
62
63
64
|
# File 'app/models/discourse_connect.rb', line 56
def nonce_error
if Discourse.cache.read(used_nonce_key).present?
"Nonce has already been used"
elsif SiteSetting.discourse_connect_csrf_protection
"Nonce is incorrect, was generated in a different browser session, or has expired"
else
"Nonce is incorrect, or has expired"
end
end
|
#nonce_key ⇒ Object
90
91
92
|
# File 'app/models/discourse_connect.rb', line 90
def nonce_key
"SSO_NONCE_#{nonce}"
end
|
#nonce_valid? ⇒ Boolean
48
49
50
51
52
53
54
|
# File 'app/models/discourse_connect.rb', line 48
def nonce_valid?
if SiteSetting.discourse_connect_csrf_protection
nonce && @secure_session[nonce_key].present?
else
nonce && Discourse.cache.read(nonce_key).present?
end
end
|
#register_nonce(return_path) ⇒ Object
#return_path ⇒ Object
66
67
68
69
70
71
72
|
# File 'app/models/discourse_connect.rb', line 66
def return_path
if SiteSetting.discourse_connect_csrf_protection
@secure_session[nonce_key] || "/"
else
Discourse.cache.read(nonce_key) || "/"
end
end
|
#used_nonce_key ⇒ Object
94
95
96
|
# File 'app/models/discourse_connect.rb', line 94
def used_nonce_key
"USED_SSO_NONCE_#{nonce}"
end
|