github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 07:53:49 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: redirect users after signing up using SSO provider

Browse Source
This commit is contained in:
Régis Hanol
2018-05-12 00:41:27 +02:00
parent abda21a41f
commit 09cf35c760
2 changed files with 23 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
app/controllers/session_controller.rb
View File

@ -44,8 +44,15 @@ class SessionController < ApplicationController
def sso_provider(payload = nil) def sso_provider(payload = nil)
payload ||= request.query_string payload ||= request.query_string
if SiteSetting.enable_sso_provider if SiteSetting.enable_sso_provider
sso = SingleSignOn.parse(payload, SiteSetting.sso_secret) sso = SingleSignOn.parse(payload, SiteSetting.sso_secret)
if sso.return_sso_url.blank?
render plain: "return_sso_url is blank, it must be provided", status: 400
return
end
if current_user if current_user
sso.name = current_user.name sso.name = current_user.name
sso.username = current_user.username sso.username = current_user.username
@ -55,19 +62,17 @@ class SessionController < ApplicationController
sso.moderator = current_user.moderator? sso.moderator = current_user.moderator?
sso.groups = current_user.groups.pluck(:name).join(",") sso.groups = current_user.groups.pluck(:name).join(",")
sso.avatar_url = Discourse.store.cdn_url UrlHelper.absolute( if current_user.uploaded_avatar.present?
"#{Discourse.store.absolute_base_url}/#{Discourse.store.get_path_for_upload(current_user.uploaded_avatar)}" avatar_url = "#{Discourse.store.absolute_base_url}/#{Discourse.store.get_path_for_upload(current_user.uploaded_avatar)}"
) unless current_user.uploaded_avatar.nil? sso.avatar_url = UrlHelper.absolute Discourse.store.cdn_url(avatar_url)
sso.profile_background_url = UrlHelper.absolute upload_cdn_path( end
current_user.user_profile.profile_background
) if current_user.user_profile.profile_background.present?
sso.card_background_url = UrlHelper.absolute upload_cdn_path(
current_user.user_profile.card_background
) if current_user.user_profile.card_background.present?
if sso.return_sso_url.blank? if current_user.user_profile.profile_background.present?
render plain: "return_sso_url is blank, it must be provided", status: 400 sso.profile_background_url = UrlHelper.absolute upload_cdn_path(current_user.user_profile.profile_background)
return end
if current_user.user_profile.card_background.present?
sso.card_background_url = UrlHelper.absolute upload_cdn_path(current_user.user_profile.card_background)
end end
if request.xhr? if request.xhr?
@ -76,7 +81,7 @@ class SessionController < ApplicationController
redirect_to sso.to_url(sso.return_sso_url) redirect_to sso.to_url(sso.return_sso_url)
end end
else else
session[:sso_payload] = request.query_string cookies[:sso_payload] = request.query_string
redirect_to path('/login') redirect_to path('/login')
end end
else else
@ -399,7 +404,7 @@ class SessionController < ApplicationController
session.delete(ACTIVATE_USER_KEY) session.delete(ACTIVATE_USER_KEY)
log_on_user(user) log_on_user(user)
if payload = session.delete(:sso_payload) if payload = cookies.delete(:sso_payload)
sso_provider(payload) sso_provider(payload)
else else
render_serialized(user, UserSerializer) render_serialized(user, UserSerializer)

7
app/controllers/users_controller.rb
View File

@ -696,8 +696,8 @@ class UsersController < ApplicationController
def perform_account_activation def perform_account_activation
raise Discourse::InvalidAccess.new if honeypot_or_challenge_fails?(params) raise Discourse::InvalidAccess.new if honeypot_or_challenge_fails?(params)
if @user = EmailToken.confirm(params[:token])
if @user = EmailToken.confirm(params[:token])
# Log in the user unless they need to be approved # Log in the user unless they need to be approved
if Guardian.new(@user).can_access_forum? if Guardian.new(@user).can_access_forum?
@user.enqueue_welcome_message('welcome_user') if @user.send_welcome_message @user.enqueue_welcome_message('welcome_user') if @user.send_welcome_message
@ -708,14 +708,16 @@ class UsersController < ApplicationController
elsif destination_url = cookies[:destination_url] elsif destination_url = cookies[:destination_url]
cookies[:destination_url] = nil cookies[:destination_url] = nil
return redirect_to(destination_url) return redirect_to(destination_url)
elsif SiteSetting.enable_sso_provider && payload = cookies.delete(:sso_payload)
return redirect_to(session_sso_provider_url + "?" + payload)
end end
else else
@needs_approval = true @needs_approval = true
end end
else else
flash.now[:error] = I18n.t('activation.already_done') flash.now[:error] = I18n.t('activation.already_done')
end end
render layout: 'no_ember' render layout: 'no_ember'
end end
@ -736,7 +738,6 @@ class UsersController < ApplicationController
User.transaction do User.transaction do
primary_email = @user.primary_email primary_email = @user.primary_email
primary_email.email = params[:email] primary_email.email = params[:email]
primary_email.skip_validate_email = false primary_email.skip_validate_email = false