github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 22:43:33 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: move sso provider into its own class so it doesn't interfere with sso client (#6767)

Browse Source
This commit is contained in:
Maja Komel
2018-12-19 10:22:10 +01:00
committed by Régis Hanol
parent 2eefe6d5d6
commit 2fcbbead45
4 changed files with 76 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
lib/single_sign_on.rb
View File

@ -52,13 +52,13 @@ class SingleSignOn
def self.parse(payload, sso_secret = nil)
sso = new
sso.sso_secret = sso_secret if sso_secret
parsed = Rack::Utils.parse_query(payload)
decoded = Base64.decode64(parsed["sso"])
decoded_hash = Rack::Utils.parse_query(decoded)
return_sso_url = decoded_hash['return_sso_url']
sso.sso_secret = sso_secret || (provider_secret(return_sso_url) if return_sso_url)
if sso.sign(parsed["sso"]) != parsed["sig"]
diags = "\n\nsso: #{parsed["sso"]}\n\nsig: #{parsed["sig"]}\n\nexpected sig: #{sso.sign(parsed["sso"])}"
@ -69,9 +69,6 @@ class SingleSignOn
end
end
decoded = Base64.decode64(parsed["sso"])
decoded_hash = Rack::Utils.parse_query(decoded)
ACCESSORS.each do |k|
val = decoded_hash[k.to_s]
val = val.to_i if FIXNUMS.include? k
@ -90,19 +87,6 @@ class SingleSignOn
sso
end
def self.provider_secret(return_sso_url)
provider_secrets = SiteSetting.sso_provider_secrets.split(/[|\n]/)
provider_secrets_hash = Hash[*provider_secrets]
return_url_host = URI.parse(return_sso_url).host
# moves wildcard domains to the end of hash
sorted_secrets = provider_secrets_hash.sort_by { |k, _| k }.reverse.to_h
secret = sorted_secrets.select do |domain, _|
WildcardDomainChecker.check_domain(domain, return_url_host)
end
secret.present? ? secret.values.first : nil
end
def diagnostics
SingleSignOn::ACCESSORS.map { |a| "#{a}: #{send(a)}" }.join("\n")
end
@ -119,8 +103,8 @@ class SingleSignOn
@custom_fields ||= {}
end
def sign(payload, provider_secret = nil)
secret = provider_secret || sso_secret
def sign(payload, secret = nil)
secret = secret || sso_secret
OpenSSL::HMAC.hexdigest("sha256", secret, payload)
end
@ -129,9 +113,9 @@ class SingleSignOn
"#{base}#{base.include?('?') ? '&' : '?'}#{payload}"
end
def payload(provider_secret = nil)
def payload(secret = nil)
payload = Base64.strict_encode64(unsigned_payload)
"sso=#{CGI::escape(payload)}&sig=#{sign(payload, provider_secret)}"
"sso=#{CGI::escape(payload)}&sig=#{sign(payload, secret)}"
end
def unsigned_payload