github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-06-06 13:06:56 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Add a SiteSetting to not trust sso emails by default

Browse Source
This commit is contained in:
Paul Kaplan
2015-05-15 12:00:34 -05:00
parent 94ca9ed11f
commit 4c26c4d9bc
4 changed files with 26 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/models/discourse_single_sign_on.rb
View File

@ -57,7 +57,7 @@ class DiscourseSingleSignOn < SingleSignOn
change_external_attributes_and_override(sso_record, user) change_external_attributes_and_override(sso_record, user)
end end
if sso_record && (user = sso_record.user) && !user.active if sso_record && (user = sso_record.user) && !user.active && SiteSetting.sso_trusts_email
user.active = true user.active = true
user.save! user.save!
user.enqueue_welcome_message('welcome_user') unless suppress_welcome_message user.enqueue_welcome_message('welcome_user') unless suppress_welcome_message

1
config/locales/server.en.yml
View File

@ -885,6 +885,7 @@ en:
enable_sso_provider: "Implement Discourse SSO provider protocol at the /session/sso_provider endpoint, requires sso_secret to be set" enable_sso_provider: "Implement Discourse SSO provider protocol at the /session/sso_provider endpoint, requires sso_secret to be set"
sso_url: "URL of single sign on endpoint" sso_url: "URL of single sign on endpoint"
sso_secret: "Secret string used to cryptographically authenticate SSO information, be sure it is 10 characters or longer" sso_secret: "Secret string used to cryptographically authenticate SSO information, be sure it is 10 characters or longer"
sso_trusts_email: "Allow SSO accounts to skip email verification"
sso_overrides_email: "Overrides local email with external site email from SSO payload (WARNING: discrepancies can occur due to normalization of local emails)" sso_overrides_email: "Overrides local email with external site email from SSO payload (WARNING: discrepancies can occur due to normalization of local emails)"
sso_overrides_username: "Overrides local username with external site username from SSO payload (WARNING: discrepancies can occur due to differences in username length/requirements)" sso_overrides_username: "Overrides local username with external site username from SSO payload (WARNING: discrepancies can occur due to differences in username length/requirements)"
sso_overrides_name: "Overrides local full name with external site full name from SSO payload" sso_overrides_name: "Overrides local full name with external site full name from SSO payload"

1
config/site_settings.yml
View File

@ -234,6 +234,7 @@ login:
enable_sso_provider: false enable_sso_provider: false
sso_url: '' sso_url: ''
sso_secret: '' sso_secret: ''
sso_trusts_email: true
sso_overrides_email: false sso_overrides_email: false
sso_overrides_username: false sso_overrides_username: false
sso_overrides_name: false sso_overrides_name: false

23
spec/models/discourse_single_sign_on_spec.rb
View File

@ -140,6 +140,29 @@ describe DiscourseSingleSignOn do
expect(sso.nonce).to_not be_nil expect(sso.nonce).to_not be_nil
end end
context 'trusting emails' do
let(:sso) {
sso = DiscourseSingleSignOn.new
sso.username = "test"
sso.name = "test"
sso.email = "test@example.com"
sso.external_id = "A"
sso
}
it 'activates users by default' do
user = sso.lookup_or_create_user(ip_address)
expect(user.active).to eq(true)
end
it 'does not activate user when asked to' do
SiteSetting.sso_trusts_email = false
user = sso.lookup_or_create_user(ip_address)
expect(user.active).to eq(false)
end
end
context 'welcome emails' do context 'welcome emails' do
let(:sso) { let(:sso) {
sso = DiscourseSingleSignOn.new sso = DiscourseSingleSignOn.new