github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 05:51:08 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FEATURE: Delegated authentication via user api keys (#7272)

Browse Source
This commit is contained in:
Penar Musaraj
2019-04-01 13:18:53 -04:00
committed by GitHub
parent 25feb287b8
commit fdf4145d4b
13 changed files with 342 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
app/controllers/application_controller.rb
View File

@ -731,6 +731,26 @@ class ApplicationController < ActionController::Base
redirect_to path(redirect_path)
end
end
# Used by clients authenticated via user API.
# Redirects to provided URL scheme if
# - request uses a valid public key and auth_redirect scheme
# - one_time_password scope is allowed
if !current_user &&
params.has_key?(:user_api_public_key) &&
params.has_key?(:auth_redirect)
begin
OpenSSL::PKey::RSA.new(params[:user_api_public_key])
rescue OpenSSL::PKey::RSAError
return render plain: I18n.t("user_api_key.invalid_public_key")
end
if UserApiKey.invalid_auth_redirect?(params[:auth_redirect])
return render plain: I18n.t("user_api_key.invalid_auth_redirect")
end
redirect_to("#{params[:auth_redirect]}?otp=true") if UserApiKey.allowed_scopes.superset?(Set.new(["one_time_password"]))
end
end
def block_if_readonly_mode