Class: DiscourseApi::SingleSignOn
- Inherits:
-
Object
- Object
- DiscourseApi::SingleSignOn
- Defined in:
- lib/discourse_api/single_sign_on.rb
Constant Summary collapse
- ACCESSORS =
[:nonce, :name, :username, :email, :avatar_url, :avatar_force_update, :require_activation, :bio, :external_id, :return_sso_url, :admin, :moderator, :suppress_welcome_message, :title, :add_groups, :remove_groups, :groups]
- FIXNUMS =
[]
- BOOLS =
[:avatar_force_update, :admin, :moderator, :require_activation, :suppress_welcome_message]
- ARRAYS =
[:groups]
Instance Attribute Summary collapse
Class Method Summary collapse
Instance Method Summary collapse
- #custom_fields ⇒ Object
- #diagnostics ⇒ Object
- #payload ⇒ Object
- #sign(payload) ⇒ Object
- #to_url(base_url = nil) ⇒ Object
- #unsigned_payload ⇒ Object
Instance Attribute Details
#sso_secret ⇒ Object
66 67 68 |
# File 'lib/discourse_api/single_sign_on.rb', line 66 def sso_secret @sso_secret || self.class.sso_secret end |
#sso_url ⇒ Object
70 71 72 |
# File 'lib/discourse_api/single_sign_on.rb', line 70 def sso_url @sso_url || self.class.sso_url end |
Class Method Details
.parse(payload, sso_secret = nil) ⇒ Object
26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 |
# File 'lib/discourse_api/single_sign_on.rb', line 26 def self.parse(payload, sso_secret = nil) sso = new sso.sso_secret = sso_secret if sso_secret parsed = Rack::Utils.parse_query(payload) if sso.sign(parsed["sso"]) != parsed["sig"] diags = "\n\nsso: #{parsed["sso"]}\n\nsig: #{parsed["sig"]}\n\nexpected sig: #{sso.sign(parsed["sso"])}" if parsed["sso"] =~ /[^a-zA-Z0-9=\r\n\/+]/m raise RuntimeError, "The SSO field should be Base64 encoded, using only A-Z, a-z, 0-9, +, /, and = characters. Your input contains characters we don't understand as Base64, see http://en.wikipedia.org/wiki/Base64 #{diags}" else raise RuntimeError, "Bad signature for payload #{diags}" end end decoded = Base64.decode64(parsed["sso"]) decoded_hash = Rack::Utils.parse_query(decoded) ACCESSORS.each do |k| val = decoded_hash[k.to_s] val = val.to_i if FIXNUMS.include? k if BOOLS.include? k val = ["true", "false"].include?(val) ? val == "true" : nil end val = Array(val) if ARRAYS.include?(k) && !val.nil? sso.send("#{k}=", val) end decoded_hash.each do |k, v| if field = k[/^custom\.(.+)$/, 1] sso.custom_fields[field] = v end end sso end |
.sso_secret ⇒ Object
18 19 20 |
# File 'lib/discourse_api/single_sign_on.rb', line 18 def self.sso_secret raise RuntimeError, "sso_secret not implemented on class, be sure to set it on instance" end |
.sso_url ⇒ Object
22 23 24 |
# File 'lib/discourse_api/single_sign_on.rb', line 22 def self.sso_url raise RuntimeError, "sso_url not implemented on class, be sure to set it on instance" end |
Instance Method Details
#custom_fields ⇒ Object
74 75 76 |
# File 'lib/discourse_api/single_sign_on.rb', line 74 def custom_fields @custom_fields ||= {} end |
#diagnostics ⇒ Object
62 63 64 |
# File 'lib/discourse_api/single_sign_on.rb', line 62 def diagnostics DiscourseApi::SingleSignOn::ACCESSORS.map { |a| "#{a}: #{send(a)}" }.join("\n") end |
#payload ⇒ Object
87 88 89 90 |
# File 'lib/discourse_api/single_sign_on.rb', line 87 def payload payload = Base64.strict_encode64(unsigned_payload) "sso=#{CGI::escape(payload)}&sig=#{sign(payload)}" end |
#sign(payload) ⇒ Object
78 79 80 |
# File 'lib/discourse_api/single_sign_on.rb', line 78 def sign(payload) OpenSSL::HMAC.hexdigest("sha256", sso_secret, payload) end |
#to_url(base_url = nil) ⇒ Object
82 83 84 85 |
# File 'lib/discourse_api/single_sign_on.rb', line 82 def to_url(base_url = nil) base = "#{base_url || sso_url}" "#{base}#{base.include?('?') ? '&' : '?'}#{payload}" end |
#unsigned_payload ⇒ Object
92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 |
# File 'lib/discourse_api/single_sign_on.rb', line 92 def unsigned_payload payload = {} ACCESSORS.each do |k| next if (val = send k) == nil payload[k] = val end if @custom_fields @custom_fields.each do |k, v| payload["custom.#{k}"] = v.to_s end end Rack::Utils.build_query(payload) end |