github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-21 18:12:32 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: Return 422 instead of 500 for invalid SSO signature (#6738)

Browse Source
This commit is contained in:
David Taylor
2018-12-07 15:01:44 +00:00
committed by GitHub
parent 6c71395bf6
commit f7ce607e5d
5 changed files with 53 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
app/controllers/session_controller.rb
View File

@ -111,7 +111,17 @@ class SessionController < ApplicationController
params.require(:sso)
params.require(:sig)
sso = DiscourseSingleSignOn.parse(request.query_string)
begin
sso = DiscourseSingleSignOn.parse(request.query_string)
rescue DiscourseSingleSignOn::ParseError => e
if SiteSetting.verbose_sso_logging
Rails.logger.warn("Verbose SSO log: Signature parse error\n\n#{e.message}\n\n#{sso.diagnostics}")
end
# Do NOT pass the error text to the client, it would give them the correct signature
return render_sso_error(text: I18n.t("sso.login_error"), status: 422)
end
if !sso.nonce_valid?
if SiteSetting.verbose_sso_logging
Rails.logger.warn("Verbose SSO log: Nonce has already expired\n\n#{sso.diagnostics}")