Class: DiscourseConnectBase

Inherits:

Object

• Object
• DiscourseConnectBase

Defined in:

lib/discourse_connect_base.rb

Direct Known Subclasses

DiscourseConnect, DiscourseConnectProvider

Defined Under Namespace

Classes: ParseError

Constant Summary

ACCESSORS =

%i[
  add_groups
  admin
  avatar_force_update
  avatar_url
  bio
  card_background_url
  confirmed_2fa
  email
  external_id
  failed
  groups
  locale
  locale_force_update
  location
  logout
  moderator
  name
  no_2fa_methods
  nonce
  prompt
  profile_background_url
  remove_groups
  require_2fa
  require_activation
  return_sso_url
  suppress_welcome_message
  title
  username
  website
]

FIXNUMS =

[]

BOOLS =

%i[
  admin
  avatar_force_update
  confirmed_2fa
  failed
  locale_force_update
  logout
  moderator
  no_2fa_methods
  require_2fa
  require_activation
  suppress_welcome_message
]

Instance Attribute Summary

• #sso_secret ⇒ Object
• #sso_url ⇒ Object

Class Method Summary

• .nonce_expiry_time ⇒ Object
• .nonce_expiry_time=(v) ⇒ Object
• .parse(payload, sso_secret = nil, **init_kwargs) ⇒ Object
• .sign(payload, secret) ⇒ Object
• .sso_secret ⇒ Object
• .sso_url ⇒ Object
• .used_nonce_expiry_time ⇒ Object

Instance Method Summary

• #custom_fields ⇒ Object
• #diagnostics ⇒ Object
• #payload(secret = nil) ⇒ Object
• #sign(payload, secret = nil) ⇒ Object
• #to_h ⇒ Object
• #to_json ⇒ Object
• #to_url(base_url = nil) ⇒ Object
• #unsigned_payload ⇒ Object

Instance Attribute Details

#sso_secret ⇒ Object

# File 'lib/discourse_connect_base.rb', line 117

def sso_secret
  @sso_secret || self.class.sso_secret
end

#sso_url ⇒ Object

# File 'lib/discourse_connect_base.rb', line 121

def sso_url
  @sso_url || self.class.sso_url
end

Class Method Details

.nonce_expiry_time ⇒ Object

# File 'lib/discourse_connect_base.rb', line 55

def self.nonce_expiry_time
  @nonce_expiry_time ||= 10.minutes
end

.nonce_expiry_time=(v) ⇒ Object

# File 'lib/discourse_connect_base.rb', line 59

def self.nonce_expiry_time=(v)
  @nonce_expiry_time = v
end

.parse(payload, sso_secret = nil, **init_kwargs) ⇒ Object

# File 'lib/discourse_connect_base.rb', line 78

def self.parse(payload, sso_secret = nil, **init_kwargs)
  sso = new(**init_kwargs)
  sso.sso_secret = sso_secret if sso_secret

  parsed = Rack::Utils.parse_query(payload)
  decoded = Base64.decode64(parsed["sso"])
  decoded_hash = Rack::Utils.parse_query(decoded)

  if sso.sign(parsed["sso"]) != parsed["sig"]
    diags =
      "\n\nsso: #{parsed["sso"]}\n\nsig: #{parsed["sig"]}\n\nexpected sig: #{sso.sign(parsed["sso"])}"
    if parsed["sso"] =~ %r{[^a-zA-Z0-9=\r\n/+]}m
      raise ParseError,
            "The SSO field should be Base64 encoded, using only A-Z, a-z, 0-9, +, /, and = characters. Your input contains characters we don't understand as Base64, see http://en.wikipedia.org/wiki/Base64 #{diags}"
    else
      raise ParseError, "Bad signature for payload #{diags}"
    end
  end

  ACCESSORS.each do |k|
    val = decoded_hash[k.to_s]
    val = val.to_i if FIXNUMS.include? k
    val = %w[true false].include?(val) ? val == "true" : nil if BOOLS.include? k
    sso.public_send("#{k}=", val)
  end

  decoded_hash.each do |k, v|
    if field = k[/\Acustom\.(.+)\z/, 1]
      sso.custom_fields[field] = v
    end
  end

  sso
end

.sign(payload, secret) ⇒ Object

# File 'lib/discourse_connect_base.rb', line 129

def self.sign(payload, secret)
  OpenSSL::HMAC.hexdigest("sha256", secret, payload)
end

.sso_secret ⇒ Object

Raises:

• (RuntimeError)

# File 'lib/discourse_connect_base.rb', line 70

def self.sso_secret
  raise RuntimeError, "sso_secret not implemented on class, be sure to set it on instance"
end

.sso_url ⇒ Object

Raises:

• (RuntimeError)

# File 'lib/discourse_connect_base.rb', line 74

def self.sso_url
  raise RuntimeError, "sso_url not implemented on class, be sure to set it on instance"
end

.used_nonce_expiry_time ⇒ Object

# File 'lib/discourse_connect_base.rb', line 63

def self.used_nonce_expiry_time
  24.hours
end

Instance Method Details

#custom_fields ⇒ Object

# File 'lib/discourse_connect_base.rb', line 125

def custom_fields
  @custom_fields ||= {}
end

#diagnostics ⇒ Object

# File 'lib/discourse_connect_base.rb', line 113

def diagnostics
  DiscourseConnectBase::ACCESSORS.map { |a| "#{a}: #{public_send(a)}" }.join("\n")
end

#payload(secret = nil) ⇒ Object

# File 'lib/discourse_connect_base.rb', line 147

def payload(secret = nil)
  payload = Base64.strict_encode64(unsigned_payload)
  "sso=#{CGI.escape(payload)}&sig=#{sign(payload, secret)}"
end

#sign(payload, secret = nil) ⇒ Object

# File 'lib/discourse_connect_base.rb', line 133

def sign(payload, secret = nil)
  secret = secret || sso_secret
  self.class.sign(payload, secret)
end

#to_h ⇒ Object

# File 'lib/discourse_connect_base.rb', line 156

def to_h
  payload = {}

  ACCESSORS.each do |k|
    next if (val = public_send(k)) == nil
    payload[k] = val
  end

  @custom_fields&.each { |k, v| payload["custom.#{k}"] = v.to_s }

  payload
end

#to_json ⇒ Object

# File 'lib/discourse_connect_base.rb', line 138

def to_json
  self.to_h.to_json
end

#to_url(base_url = nil) ⇒ Object

# File 'lib/discourse_connect_base.rb', line 142

def to_url(base_url = nil)
  base = "#{base_url || sso_url}"
  "#{base}#{base.include?("?") ? "&" : "?"}#{payload}"
end

#unsigned_payload ⇒ Object

# File 'lib/discourse_connect_base.rb', line 152

def unsigned_payload
  Rack::Utils.build_query(self.to_h)
end