github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-06-02 04:08:41 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: log proper error message when SSO nonce verification fails (#14077)

Browse Source
This commit is contained in:
Arpit Jalan
2021-08-18 18:44:12 +05:30
committed by GitHub
parent 4380ba34d5
commit 7db3888f17
4 changed files with 41 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
app/models/discourse_single_sign_on.rb
View File

@ -47,6 +47,14 @@ class DiscourseSingleSignOn < SingleSignOn
end
end
def nonce_error
if Discourse.cache.read(used_nonce_key).present?
"Nonce has already been used"
else
"Nonce has expired"
end
end
def return_path
if SiteSetting.discourse_connect_csrf_protection
@secure_session[nonce_key] || "/"
@ -62,6 +70,8 @@ class DiscourseSingleSignOn < SingleSignOn
else
Discourse.cache.delete nonce_key
end
Discourse.cache.write(used_nonce_key, return_path, expires_in: SingleSignOn.used_nonce_expiry_time)
end
end
@ -69,6 +79,10 @@ class DiscourseSingleSignOn < SingleSignOn
"SSO_NONCE_#{nonce}"
end
def used_nonce_key
"USED_SSO_NONCE_#{nonce}"
end
BANNED_EXTERNAL_IDS = %w{none nil blank null}
def lookup_or_create_user(ip_address = nil)