add option to override user attributes from SSO payload

add an external_username attribute for username from SSO payload repair the field name in SingleSignOnRecord migration move setting of external_username for sso to controller add settings toggle to override username/email from SSO payload fix changing of external username after override toggle complete tests and logic for sso override add some extra context to username override option add external_email and external_name to single sign on record add setting for name override from SSO payload complete override with stored external_email and external_name add missing checks to tests remove an unneeded describe block break up a monster method for single sign on fixes for sso attribute override after failed tests
2025-05-22 22:43:33 +08:00 · 2014-02-27 16:48:46 -08:00
parent 5e6764e9c9
commit c3eb2025d8
7 changed files with 166 additions and 28 deletions
--- a/spec/controllers/session_controller_spec.rb
+++ b/spec/controllers/session_controller_spec.rb
@ -35,15 +35,17 @@ describe SessionController do
      sso = get_sso("/")
      user = Fabricate(:user)
      sso.email = user.email
-      sso.external_id = "abc"
+      sso.external_id = 'abc'
+      sso.username = 'sam'

      get :sso_login, Rack::Utils.parse_query(sso.payload)

      response.should redirect_to('/')
      logged_on_user = Discourse.current_user_provider.new(request.env).current_user
      logged_on_user.email.should == user.email
-
+      
      logged_on_user.single_sign_on_record.external_id.should == "abc"
+      logged_on_user.single_sign_on_record.external_username.should == 'sam'
    end

    it 'allows you to create an account' do
@ -63,11 +65,11 @@ describe SessionController do
      logged_on_user.username.should == 'sam'

      logged_on_user.single_sign_on_record.external_id.should == "666"
+      logged_on_user.single_sign_on_record.external_username.should == 'sam'
      logged_on_user.active.should == true
    end
-
+    
    it 'allows login to existing account with valid nonce' do
-
      sso = get_sso('/hello/world')
      sso.external_id = '997'

@ -87,8 +89,79 @@ describe SessionController do
      # nonce is bad now
      get :sso_login, Rack::Utils.parse_query(sso.payload)
      response.code.should == '500'
-
    end
+    
+    describe 'local attribute ovveride from SSO payload' do
+      before do
+        SiteSetting.stubs("sso_overrides_email").returns(true)
+        SiteSetting.stubs("sso_overrides_username").returns(true)
+        SiteSetting.stubs("sso_overrides_name").returns(true)
+        
+        @user = Fabricate(:user)
+        
+        @sso = get_sso('/hello/world')
+        @sso.external_id = '997'
+        
+        @reversed_username = @user.username.reverse
+        @sso.username = @reversed_username
+        
+        @sso.email = "#{@reversed_username}@garbage.org"
+        @reversed_name = @user.name.reverse
+        
+        @sso.name = @reversed_name
+        
+        @suggested_username = UserNameSuggester.suggest(@sso.username || @sso.name || @sso.email)
+        @suggested_name = User.suggest_name(@sso.name || @sso.username || @sso.email) 
+        
+        @user.create_single_sign_on_record(external_id: '997', last_payload: '')
+      end
+      
+      it 'stores the external attributes' do
+        get :sso_login, Rack::Utils.parse_query(@sso.payload)
+        
+        @user.single_sign_on_record.reload
+        @user.single_sign_on_record.external_username.should == @sso.username
+        @user.single_sign_on_record.external_email.should == @sso.email
+        @user.single_sign_on_record.external_name.should == @sso.name
+      end
+      
+      it 'overrides attributes' do
+        get :sso_login, Rack::Utils.parse_query(@sso.payload)
+        
+        logged_on_user = Discourse.current_user_provider.new(request.env).current_user
+      
+        logged_on_user.username.should == @suggested_username
+        logged_on_user.email.should == "#{@reversed_username}@garbage.org"
+        logged_on_user.name.should == @suggested_name
+      end
+    
+      it 'does not change matching attributes for an existing account' do
+        @sso.username = @user.username
+        @sso.name = @user.name
+        @sso.email = @user.email
+        
+        get :sso_login, Rack::Utils.parse_query(@sso.payload)
+        
+        logged_on_user = Discourse.current_user_provider.new(request.env).current_user
+        logged_on_user.username.should == @user.username
+        logged_on_user.name.should == @user.name
+        logged_on_user.email.should == @user.email
+      end
+      
+      it 'does not change attributes for unchanged external attributes' do
+        @user.single_sign_on_record.external_username = @sso.username
+        @user.single_sign_on_record.external_email = @sso.email
+        @user.single_sign_on_record.external_name = @sso.name
+        @user.single_sign_on_record.save
+        
+        get :sso_login, Rack::Utils.parse_query(@sso.payload)
+    
+        logged_on_user = Discourse.current_user_provider.new(request.env).current_user
+        logged_on_user.username.should == @user.username
+        logged_on_user.email.should == @user.email
+        logged_on_user.name.should == @user.name
+      end
+    end  
  end

  describe '.create' do