FIX: Return 422 instead of 500 for invalid SSO signature (#6738)

This commit is contained in:
David Taylor
2018-12-07 15:01:44 +00:00
committed by GitHub
parent 6c71395bf6
commit f7ce607e5d
5 changed files with 53 additions and 4 deletions

View File

@ -444,7 +444,11 @@ class Admin::UsersController < Admin::AdminController
def sync_sso
return render body: nil, status: 404 unless SiteSetting.enable_sso
sso = DiscourseSingleSignOn.parse("sso=#{params[:sso]}&sig=#{params[:sig]}")
begin
sso = DiscourseSingleSignOn.parse("sso=#{params[:sso]}&sig=#{params[:sig]}")
rescue DiscourseSingleSignOn::ParseError => e
return render json: failed_json.merge(message: I18n.t("sso.login_error")), status: 422
end
begin
user = sso.lookup_or_create_user