Class: DiscourseApi::SingleSignOn
- Inherits:
-
Object
- Object
- DiscourseApi::SingleSignOn
- Defined in:
- lib/discourse_api/single_sign_on.rb
Defined Under Namespace
Classes: MissingConfigError, ParseError
Constant Summary collapse
- ACCESSORS =
[ :add_groups, :admin, :avatar_force_update, :avatar_url, :bio, :card_background_url, :confirmed_2fa, :email, :external_id, :groups, :locale, :locale_force_update, :moderator, :name, :no_2fa_methods, :nonce, :profile_background_url, :remove_groups, :require_2fa, :require_activation, :return_sso_url, :suppress_welcome_message, :title, :username, ]
- FIXNUMS =
[]
- BOOLS =
[ :admin, :avatar_force_update, :confirmed_2fa, :locale_force_update, :moderator, :no_2fa_methods, :require_2fa, :require_activation, :suppress_welcome_message, ]
- ARRAYS =
[:groups]
Instance Attribute Summary collapse
Class Method Summary collapse
- .parse(payload, sso_secret = nil) ⇒ Object
- .parse_hash(payload) ⇒ Object
- .sso_secret ⇒ Object
- .sso_url ⇒ Object
Instance Method Summary collapse
- #diagnostics ⇒ Object
- #payload ⇒ Object
- #sign(payload) ⇒ Object
- #to_url(base_url = nil) ⇒ Object
- #unsigned_payload ⇒ Object
Instance Attribute Details
#custom_fields ⇒ Object
144 145 146 |
# File 'lib/discourse_api/single_sign_on.rb', line 144 def custom_fields @custom_fields ||= {} end |
#sso_secret ⇒ Object
136 137 138 |
# File 'lib/discourse_api/single_sign_on.rb', line 136 def sso_secret @sso_secret || self.class.sso_secret end |
#sso_url ⇒ Object
140 141 142 |
# File 'lib/discourse_api/single_sign_on.rb', line 140 def sso_url @sso_url || self.class.sso_url end |
Class Method Details
.parse(payload, sso_secret = nil) ⇒ Object
96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 |
# File 'lib/discourse_api/single_sign_on.rb', line 96 def self.parse(payload, sso_secret = nil) sso = new sso.sso_secret = sso_secret if sso_secret parsed = Rack::Utils.parse_query(payload) if sso.sign(parsed["sso"]) != parsed["sig"] diags = "\n\nsso: #{parsed["sso"]}\n\nsig: #{parsed["sig"]}\n\nexpected sig: #{sso.sign(parsed["sso"])}" if parsed["sso"] =~ /[^a-zA-Z0-9=\r\n\/+]/m raise ParseError, "The SSO field should be Base64 encoded, using only A-Z, a-z, 0-9, +, /, and = characters. Your input contains characters we don't understand as Base64, see http://en.wikipedia.org/wiki/Base64 #{diags}" else raise ParseError, "Bad signature for payload #{diags}" end end decoded = Base64.decode64(parsed["sso"]) decoded_hash = Rack::Utils.parse_query(decoded) ACCESSORS.each do |k| val = decoded_hash[k.to_s] val = val.to_i if FIXNUMS.include? k if BOOLS.include? k val = ["true", "false"].include?(val) ? val == "true" : nil end val = val.split(",") if ARRAYS.include?(k) && !val.nil? sso.send("#{k}=", val) end decoded_hash.each do |k, v| if field = k[/^custom\.(.+)$/, 1] sso.custom_fields[field] = v end end sso end |
.parse_hash(payload) ⇒ Object
65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 |
# File 'lib/discourse_api/single_sign_on.rb', line 65 def self.parse_hash(payload) sso = new sso.sso_secret = payload.delete(:sso_secret) sso.sso_url = payload.delete(:sso_url) ACCESSORS.each do |k| val = payload[k] val = val.to_i if FIXNUMS.include? k if BOOLS.include? k val = ["true", "false"].include?(val) ? val == "true" : nil end val = val.split(",") if ARRAYS.include?(k) && !val.nil? sso.send("#{k}=", val) end # Set custom_fields sso.custom_fields = payload[:custom_fields] # Add custom_fields (old format) payload.each do |k, v| if field = k[/^custom\.(.+)$/, 1] # Maintain adding of .custom bug sso.custom_fields["custom.#{field}"] = v end end sso end |
.sso_secret ⇒ Object
57 58 59 |
# File 'lib/discourse_api/single_sign_on.rb', line 57 def self.sso_secret raise MissingConfigError, "sso_secret not implemented on class, be sure to set it on instance" end |
.sso_url ⇒ Object
61 62 63 |
# File 'lib/discourse_api/single_sign_on.rb', line 61 def self.sso_url raise MissingConfigError, "sso_url not implemented on class, be sure to set it on instance" end |
Instance Method Details
#diagnostics ⇒ Object
132 133 134 |
# File 'lib/discourse_api/single_sign_on.rb', line 132 def diagnostics DiscourseApi::SingleSignOn::ACCESSORS.map { |a| "#{a}: #{send(a)}" }.join("\n") end |
#payload ⇒ Object
157 158 159 160 |
# File 'lib/discourse_api/single_sign_on.rb', line 157 def payload payload = Base64.strict_encode64(unsigned_payload) "sso=#{CGI::escape(payload)}&sig=#{sign(payload)}" end |
#sign(payload) ⇒ Object
148 149 150 |
# File 'lib/discourse_api/single_sign_on.rb', line 148 def sign(payload) OpenSSL::HMAC.hexdigest("sha256", sso_secret, payload) end |
#to_url(base_url = nil) ⇒ Object
152 153 154 155 |
# File 'lib/discourse_api/single_sign_on.rb', line 152 def to_url(base_url = nil) base = "#{base_url || sso_url}" "#{base}#{base.include?('?') ? '&' : '?'}#{payload}" end |
#unsigned_payload ⇒ Object
162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 |
# File 'lib/discourse_api/single_sign_on.rb', line 162 def unsigned_payload payload = {} ACCESSORS.each do |k| next if (val = send k) == nil payload[k] = val end if @custom_fields @custom_fields.each do |k, v| payload["custom.#{k}"] = v.to_s end end Rack::Utils.build_query(payload) end |