FEATURE: Rename 'Discourse SSO' to DiscourseConnect (#11978)

The 'Discourse SSO' protocol is being rebranded to DiscourseConnect. This should help to reduce confusion when 'SSO' is used in the generic sense. This commit aims to: - Rename `sso_` site settings. DiscourseConnect specific ones are prefixed `discourse_connect_`. Generic settings are prefixed `auth_` - Add (server-side-only) backwards compatibility for the old setting names, with deprecation notices - Copy `site_settings` database records to the new names - Rename relevant translation keys - Update relevant translations This commit does **not** aim to: - Rename any Ruby classes or methods. This might be done in a future commit - Change any URLs. This would break existing integrations - Make any changes to the protocol. This would break existing integrations - Change any functionality. Further normalization across DiscourseConnect and other auth methods will be done separately The risks are: - There is no backwards compatibility for site settings on the client-side. Accessing auth-related site settings in Javascript is fairly rare, and an error on the client side would not be security-critical. - If a plugin is monkey-patching parts of the auth process, changes to locale keys could cause broken error messages. This should also be unlikely. The old site setting names remain functional, so security-related overrides will remain working. A follow-up commit will be made with a post-deploy migration to delete the old `site_settings` rows.
2025-06-01 05:53:52 +08:00 · 2021-02-08 10:04:33 +00:00
parent 205db66864
commit 821bb1e8cb
71 changed files with 421 additions and 355 deletions
--- a/spec/requests/session_controller_spec.rb
+++ b/spec/requests/session_controller_spec.rb
@ -35,8 +35,8 @@ RSpec.describe SessionController do

    context "when SSO enabled" do
      before do
-        SiteSetting.sso_url = "https://www.example.com/sso"
-        SiteSetting.enable_sso = true
+        SiteSetting.discourse_connect_url = "https://www.example.com/sso"
+        SiteSetting.enable_discourse_connect = true
      end

      it "only works for admins" do
@ -508,9 +508,9 @@ RSpec.describe SessionController do
      @sso_url = "http://example.com/discourse_sso"
      @sso_secret = "shjkfdhsfkjh"

-      SiteSetting.sso_url = @sso_url
-      SiteSetting.enable_sso = true
-      SiteSetting.sso_secret = @sso_secret
+      SiteSetting.discourse_connect_url = @sso_url
+      SiteSetting.enable_discourse_connect = true
+      SiteSetting.discourse_connect_secret = @sso_secret

      Fabricate(:admin)
    end
@ -577,7 +577,7 @@ RSpec.describe SessionController do

      expect(messages.length).to eq(0)
      expect(response.status).to eq(500)
-      expect(response.body).to include(I18n.t('sso.blank_id_error'))
+      expect(response.body).to include(I18n.t('discourse_connect.blank_id_error'))
    end

    it 'can handle invalid sso email validation errors' do
@ -593,7 +593,7 @@ RSpec.describe SessionController do

      expect(messages.length).to eq(0)
      expect(response.status).to eq(500)
-      expect(response.body).to include(I18n.t("sso.email_error", email: ERB::Util.html_escape("test@test.com")))
+      expect(response.body).to include(I18n.t("discourse_connect.email_error", email: ERB::Util.html_escape("test@test.com")))
    end

    it 'can handle invalid sso external ids due to banned word' do
@ -628,7 +628,7 @@ RSpec.describe SessionController do
      sign_out

      SiteSetting.email_editable = false
-      SiteSetting.sso_overrides_email = true
+      SiteSetting.auth_overrides_email = true

      group = Fabricate(:group, name: :bob, automatic_membership_email_domains: 'jane.com')
      sso = get_sso("/")
@ -731,7 +731,7 @@ RSpec.describe SessionController do
    end

    it 'redirects to random url if it is allowed' do
-      SiteSetting.sso_allows_all_return_paths = true
+      SiteSetting.discourse_connect_allows_all_return_paths = true

      sso = get_sso('https://gusundtrout.com')
      sso.external_id = '666' # the number of the beast
@ -879,8 +879,8 @@ RSpec.describe SessionController do

    context "when sso provider is enabled" do
      before do
-        SiteSetting.enable_sso_provider = true
-        SiteSetting.sso_provider_secrets = [
+        SiteSetting.enable_discourse_connect_provider = true
+        SiteSetting.discourse_connect_provider_secrets = [
          "*|secret,forAll",
          "*.rainbow|wrongSecretForOverRainbow",
          "www.random.site|secretForRandomSite",
@ -932,9 +932,9 @@ RSpec.describe SessionController do
    describe 'local attribute override from SSO payload' do
      before do
        SiteSetting.email_editable = false
-        SiteSetting.sso_overrides_email = true
-        SiteSetting.sso_overrides_username = true
-        SiteSetting.sso_overrides_name = true
+        SiteSetting.auth_overrides_email = true
+        SiteSetting.auth_overrides_username = true
+        SiteSetting.auth_overrides_name = true

        @user = Fabricate(:user)

@ -994,10 +994,10 @@ RSpec.describe SessionController do
          body: lambda { |request| file_from_fixtures("logo.png") }
        )

-        SiteSetting.enable_sso_provider = true
-        SiteSetting.enable_sso = false
+        SiteSetting.enable_discourse_connect_provider = true
+        SiteSetting.enable_discourse_connect = false
        SiteSetting.enable_local_logins = true
-        SiteSetting.sso_provider_secrets = [
+        SiteSetting.discourse_connect_provider_secrets = [
          "*|secret,forAll",
          "*.rainbow|wrongSecretForOverRainbow",
          "www.random.site|secretForRandomSite",
@ -1062,17 +1062,17 @@ RSpec.describe SessionController do
      end

      it "fails with a nice error message if secret is blank" do
-        SiteSetting.sso_provider_secrets = ""
+        SiteSetting.discourse_connect_provider_secrets = ""
        sso = SingleSignOnProvider.new
        sso.nonce = "mynonce"
        sso.return_sso_url = "http://website.without.secret.com/sso"
        get "/session/sso_provider", params: Rack::Utils.parse_query(sso.payload("aasdasdasd"))
        expect(response.status).to eq(400)
-        expect(response.body).to eq(I18n.t("sso.missing_secret"))
+        expect(response.body).to eq(I18n.t("discourse_connect.missing_secret"))
      end

      it "returns a 422 if no return_sso_url" do
-        SiteSetting.sso_provider_secrets = "abcdefghij"
+        SiteSetting.discourse_connect_provider_secrets = "abcdefghij"
        sso = SingleSignOnProvider.new
        get "/session/sso_provider?sso=asdf&sig=abcdefghij"
        expect(response.status).to eq(422)
@ -1206,8 +1206,8 @@ RSpec.describe SessionController do

    context 'SSO is enabled' do
      before do
-        SiteSetting.sso_url = "https://www.example.com/sso"
-        SiteSetting.enable_sso = true
+        SiteSetting.discourse_connect_url = "https://www.example.com/sso"
+        SiteSetting.enable_discourse_connect = true

        post "/session.json", params: {
          login: user.username, password: 'myawesomepassword'
@ -1810,8 +1810,8 @@ RSpec.describe SessionController do
    end

    it 'redirects to /login when SSO and login_required' do
-      SiteSetting.sso_url = "https://example.com/sso"
-      SiteSetting.enable_sso = true
+      SiteSetting.discourse_connect_url = "https://example.com/sso"
+      SiteSetting.enable_discourse_connect = true

      user = sign_in(Fabricate(:user))
      delete "/session/#{user.username}.json", xhr: true
@ -1987,8 +1987,8 @@ RSpec.describe SessionController do

      context 'SSO is enabled' do
        before do
-          SiteSetting.sso_url = "https://www.example.com/sso"
-          SiteSetting.enable_sso = true
+          SiteSetting.discourse_connect_url = "https://www.example.com/sso"
+          SiteSetting.enable_discourse_connect = true

          post "/session.json", params: {
            login: user.username, password: 'myawesomepassword'