github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-30 07:11:34 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FEATURE: Rename 'Discourse SSO' to DiscourseConnect (#11978)

Browse Source 
The 'Discourse SSO' protocol is being rebranded to DiscourseConnect. This should help to reduce confusion when 'SSO' is used in the generic sense.

This commit aims to:
- Rename `sso_` site settings. DiscourseConnect specific ones are prefixed `discourse_connect_`. Generic settings are prefixed `auth_`
- Add (server-side-only) backwards compatibility for the old setting names, with deprecation notices
- Copy `site_settings` database records to the new names
- Rename relevant translation keys
- Update relevant translations

This commit does **not** aim to:
- Rename any Ruby classes or methods. This might be done in a future commit
- Change any URLs. This would break existing integrations
- Make any changes to the protocol. This would break existing integrations
- Change any functionality. Further normalization across DiscourseConnect and other auth methods will be done separately

The risks are:
- There is no backwards compatibility for site settings on the client-side. Accessing auth-related site settings in Javascript is fairly rare, and an error on the client side would not be security-critical.
- If a plugin is monkey-patching parts of the auth process, changes to locale keys could cause broken error messages. This should also be unlikely. The old site setting names remain functional, so security-related overrides will remain working.

A follow-up commit will be made with a post-deploy migration to delete the old `site_settings` rows.
This commit is contained in:
David Taylor
2021-02-08 10:04:33 +00:00
committed by GitHub
parent 205db66864
commit 821bb1e8cb
71 changed files with 421 additions and 355 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
spec/models/discourse_single_sign_on_spec.rb
View File

@ -4,12 +4,12 @@ require "rails_helper"
describe DiscourseSingleSignOn do
before do
@sso_url = "http://example.com/discourse_sso"
@sso_secret = "shjkfdhsfkjh"
@discourse_connect_url = "http://example.com/discourse_sso"
@discourse_connect_secret = "shjkfdhsfkjh"
SiteSetting.sso_url = @sso_url
SiteSetting.enable_sso = true
SiteSetting.sso_secret = @sso_secret
SiteSetting.discourse_connect_url = @discourse_connect_url
SiteSetting.enable_discourse_connect = true
SiteSetting.discourse_connect_secret = @discourse_connect_secret
Jobs.run_immediately!
end
@ -114,7 +114,7 @@ describe DiscourseSingleSignOn do
end
it "unstaged users" do
SiteSetting.sso_overrides_name = true
SiteSetting.auth_overrides_name = true
email = "staged@user.com"
Fabricate(:user, staged: true, email: email)
@ -195,7 +195,7 @@ describe DiscourseSingleSignOn do
sso.groups = "#{group2.name.capitalize},group4,badname,trust_level_4"
sso.lookup_or_create_user(ip_address)
SiteSetting.sso_overrides_groups = true
SiteSetting.discourse_connect_overrides_groups = true
group1.reload
expect(group1.usernames).to eq("")
@ -260,7 +260,7 @@ describe DiscourseSingleSignOn do
end
it 'can override username properly when only the case changes' do
SiteSetting.sso_overrides_username = true
SiteSetting.auth_overrides_username = true
sso = DiscourseSingleSignOn.new
sso.username = "testuser"
@ -280,8 +280,8 @@ describe DiscourseSingleSignOn do
expect(user.username).to eq "TestUser"
end
it 'behaves properly when sso_overrides_username is set but username is missing or blank' do
SiteSetting.sso_overrides_username = true
it 'behaves properly when auth_overrides_username is set but username is missing or blank' do
SiteSetting.auth_overrides_username = true
sso = DiscourseSingleSignOn.new
sso.username = "testuser"
@ -310,9 +310,9 @@ describe DiscourseSingleSignOn do
admin = Fabricate(:admin)
SiteSetting.email_editable = false
SiteSetting.sso_overrides_name = true
SiteSetting.sso_overrides_email = true
SiteSetting.sso_overrides_username = true
SiteSetting.auth_overrides_name = true
SiteSetting.auth_overrides_email = true
SiteSetting.auth_overrides_username = true
sso = DiscourseSingleSignOn.new
sso.username = "bob%the$admin"
@ -378,7 +378,7 @@ describe DiscourseSingleSignOn do
it "generates a correct sso url" do
url, payload = DiscourseSingleSignOn.generate_url.split("?")
expect(url).to eq @sso_url
expect(url).to eq @discourse_connect_url
sso = DiscourseSingleSignOn.parse(payload)
expect(sso.nonce).to_not be_nil
@ -447,7 +447,7 @@ describe DiscourseSingleSignOn do
it 'does not deactivate user if email provided is capitalized' do
SiteSetting.email_editable = false
SiteSetting.sso_overrides_email = true
SiteSetting.auth_overrides_email = true
sso.require_activation = true
user = sso.lookup_or_create_user(ip_address)
@ -465,7 +465,7 @@ describe DiscourseSingleSignOn do
it 'deactivates accounts that have updated email address' do
SiteSetting.email_editable = false
SiteSetting.sso_overrides_email = true
SiteSetting.auth_overrides_email = true
sso.require_activation = true
user = sso.lookup_or_create_user(ip_address)
@ -567,7 +567,7 @@ describe DiscourseSingleSignOn do
# yes override if site setting
sso.bio = "new profile 2"
SiteSetting.sso_overrides_bio = true
SiteSetting.discourse_connect_overrides_bio = true
user = sso.lookup_or_create_user(ip_address)
expect(user.user_profile.bio_cooked).to match_html("<p>new profile 2</p")
@ -575,7 +575,7 @@ describe DiscourseSingleSignOn do
end
context 'when sso_overrides_avatar is not enabled' do
context 'when discourse_connect_overrides_avatar is not enabled' do
it "correctly handles provided avatar_urls" do
sso = DiscourseSingleSignOn.new
@ -635,7 +635,7 @@ describe DiscourseSingleSignOn do
end
context 'when sso_overrides_avatar is enabled' do
context 'when discourse_connect_overrides_avatar is enabled' do
fab!(:sso_record) { Fabricate(:single_sign_on_record, external_avatar_url: "http://example.com/an_image.png") }
let!(:sso) {
@ -650,7 +650,7 @@ describe DiscourseSingleSignOn do
let(:logo) { file_from_fixtures("logo.png") }
before do
SiteSetting.sso_overrides_avatar = true
SiteSetting.discourse_connect_overrides_avatar = true
end
it "deal with no avatar url passed for an existing user with an avatar" do
@ -683,7 +683,7 @@ describe DiscourseSingleSignOn do
end
end
context 'when sso_overrides_profile_background is not enabled' do
context 'when discourse_connect_overrides_profile_background is not enabled' do
it "correctly handles provided profile_background_urls" do
sso = DiscourseSingleSignOn.new
@ -715,7 +715,7 @@ describe DiscourseSingleSignOn do
end
end
context 'when sso_overrides_profile_background is enabled' do
context 'when discourse_connect_overrides_profile_background is enabled' do
fab!(:sso_record) { Fabricate(:single_sign_on_record, external_profile_background_url: "http://example.com/an_image.png") }
let!(:sso) {
@ -730,7 +730,7 @@ describe DiscourseSingleSignOn do
let(:logo) { file_from_fixtures("logo.png") }
before do
SiteSetting.sso_overrides_profile_background = true
SiteSetting.discourse_connect_overrides_profile_background = true
end
it "deal with no profile_background_url passed for an existing user with a profile_background" do
@ -755,7 +755,7 @@ describe DiscourseSingleSignOn do
end
end
context 'when sso_overrides_card_background is not enabled' do
context 'when discourse_connect_overrides_card_background is not enabled' do
it "correctly handles provided card_background_urls" do
sso = DiscourseSingleSignOn.new
@ -787,7 +787,7 @@ describe DiscourseSingleSignOn do
end
end
context 'when sso_overrides_card_background is enabled' do
context 'when discourse_connect_overrides_card_background is enabled' do
fab!(:sso_record) { Fabricate(:single_sign_on_record, external_card_background_url: "http://example.com/an_image.png") }
let!(:sso) {
@ -802,7 +802,7 @@ describe DiscourseSingleSignOn do
let(:logo) { file_from_fixtures("logo.png") }
before do
SiteSetting.sso_overrides_card_background = true
SiteSetting.discourse_connect_overrides_card_background = true
end
it "deal with no card_background_url passed for an existing user with a card_background" do