github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-28 13:51:18 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: log proper error message when SSO nonce verification fails (#14077)

Browse Source
This commit is contained in:
Arpit Jalan
2021-08-18 18:44:12 +05:30
committed by GitHub
parent 4380ba34d5
commit 7db3888f17
4 changed files with 41 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
spec/models/discourse_single_sign_on_spec.rb
View File

@ -406,6 +406,28 @@ describe DiscourseSingleSignOn do
expect(sso.nonce).to_not be_nil
end
context 'nonce error' do
it "generates correct error message when nonce has already been used" do
_ , payload = DiscourseSingleSignOn.generate_url(secure_session: secure_session).split("?")
sso = DiscourseSingleSignOn.parse(payload, secure_session: secure_session)
expect(sso.nonce_valid?).to eq true
sso.expire_nonce!
expect(sso.nonce_error).to eq("Nonce has already been used")
end
it "generates correct error message when nonce is expired" do
_ , payload = DiscourseSingleSignOn.generate_url(secure_session: secure_session).split("?")
sso = DiscourseSingleSignOn.parse(payload, secure_session: secure_session)
expect(sso.nonce_valid?).to eq true
Discourse.cache.delete(sso.used_nonce_key)
expect(sso.nonce_error).to eq("Nonce has expired")
end
end
context 'user locale' do
it 'sets default user locale if specified' do
SiteSetting.allow_user_locale = true