Class: DiscourseApi::SingleSignOn
- Inherits:
-
Object
- Object
- DiscourseApi::SingleSignOn
- Defined in:
- lib/discourse_api/single_sign_on.rb
Constant Summary collapse
- ACCESSORS =
[:nonce, :name, :username, :email, :avatar_url, :profile_background_url, :card_background_url, :avatar_force_update, :require_activation, :bio, :external_id, :return_sso_url, :admin, :moderator, :suppress_welcome_message, :title, :add_groups, :remove_groups, :groups, :locale, :locale_force_update]
- FIXNUMS =
[]
- BOOLS =
[:avatar_force_update, :admin, :moderator, :require_activation, :suppress_welcome_message, :locale_force_update]
- ARRAYS =
[:groups]
Instance Attribute Summary collapse
-
#custom_fields ⇒ Object
Returns the value of attribute custom_fields.
- #sso_secret ⇒ Object
- #sso_url ⇒ Object
Class Method Summary collapse
- .parse(payload, sso_secret = nil) ⇒ Object
- .parse_hash(payload) ⇒ Object
- .sso_secret ⇒ Object
- .sso_url ⇒ Object
Instance Method Summary collapse
- #diagnostics ⇒ Object
- #payload ⇒ Object
- #sign(payload) ⇒ Object
- #to_url(base_url = nil) ⇒ Object
- #unsigned_payload ⇒ Object
Instance Attribute Details
#custom_fields ⇒ Object
Returns the value of attribute custom_fields.
18 19 20 |
# File 'lib/discourse_api/single_sign_on.rb', line 18 def custom_fields @custom_fields end |
#sso_secret ⇒ Object
99 100 101 |
# File 'lib/discourse_api/single_sign_on.rb', line 99 def sso_secret @sso_secret || self.class.sso_secret end |
#sso_url ⇒ Object
103 104 105 |
# File 'lib/discourse_api/single_sign_on.rb', line 103 def sso_url @sso_url || self.class.sso_url end |
Class Method Details
.parse(payload, sso_secret = nil) ⇒ Object
59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 |
# File 'lib/discourse_api/single_sign_on.rb', line 59 def self.parse(payload, sso_secret = nil) sso = new sso.sso_secret = sso_secret if sso_secret parsed = Rack::Utils.parse_query(payload) if sso.sign(parsed["sso"]) != parsed["sig"] diags = "\n\nsso: #{parsed["sso"]}\n\nsig: #{parsed["sig"]}\n\nexpected sig: #{sso.sign(parsed["sso"])}" if parsed["sso"] =~ /[^a-zA-Z0-9=\r\n\/+]/m raise RuntimeError, "The SSO field should be Base64 encoded, using only A-Z, a-z, 0-9, +, /, and = characters. Your input contains characters we don't understand as Base64, see http://en.wikipedia.org/wiki/Base64 #{diags}" else raise RuntimeError, "Bad signature for payload #{diags}" end end decoded = Base64.decode64(parsed["sso"]) decoded_hash = Rack::Utils.parse_query(decoded) ACCESSORS.each do |k| val = decoded_hash[k.to_s] val = val.to_i if FIXNUMS.include? k if BOOLS.include? k val = ["true", "false"].include?(val) ? val == "true" : nil end val = Array(val) if ARRAYS.include?(k) && !val.nil? sso.send("#{k}=", val) end decoded_hash.each do |k, v| if field = k[/^custom\.(.+)$/, 1] sso.custom_fields[field] = v end end sso end |
.parse_hash(payload) ⇒ Object
29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 |
# File 'lib/discourse_api/single_sign_on.rb', line 29 def self.parse_hash(payload) payload sso = new sso.sso_secret = payload.delete(:sso_secret) sso.sso_url = payload.delete(:sso_url) ACCESSORS.each do |k| val = payload[k] val = val.to_i if FIXNUMS.include? k if BOOLS.include? k val = ["true", "false"].include?(val) ? val == "true" : nil end val = Array(val) if ARRAYS.include?(k) && !val.nil? sso.send("#{k}=", val) end # Set custom_fields sso.custom_fields = payload[:custom_fields] # Add custom_fields (old format) payload.each do |k, v| if field = k[/^custom\.(.+)$/, 1] # Maintain adding of .custom bug sso.custom_fields["custom.#{field}"] = v end end sso end |
.sso_secret ⇒ Object
21 22 23 |
# File 'lib/discourse_api/single_sign_on.rb', line 21 def self.sso_secret raise RuntimeError, "sso_secret not implemented on class, be sure to set it on instance" end |
.sso_url ⇒ Object
25 26 27 |
# File 'lib/discourse_api/single_sign_on.rb', line 25 def self.sso_url raise RuntimeError, "sso_url not implemented on class, be sure to set it on instance" end |
Instance Method Details
#diagnostics ⇒ Object
95 96 97 |
# File 'lib/discourse_api/single_sign_on.rb', line 95 def diagnostics DiscourseApi::SingleSignOn::ACCESSORS.map { |a| "#{a}: #{send(a)}" }.join("\n") end |
#payload ⇒ Object
120 121 122 123 |
# File 'lib/discourse_api/single_sign_on.rb', line 120 def payload payload = Base64.strict_encode64(unsigned_payload) "sso=#{CGI::escape(payload)}&sig=#{sign(payload)}" end |
#sign(payload) ⇒ Object
111 112 113 |
# File 'lib/discourse_api/single_sign_on.rb', line 111 def sign(payload) OpenSSL::HMAC.hexdigest("sha256", sso_secret, payload) end |
#to_url(base_url = nil) ⇒ Object
115 116 117 118 |
# File 'lib/discourse_api/single_sign_on.rb', line 115 def to_url(base_url = nil) base = "#{base_url || sso_url}" "#{base}#{base.include?('?') ? '&' : '?'}#{payload}" end |
#unsigned_payload ⇒ Object
125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 |
# File 'lib/discourse_api/single_sign_on.rb', line 125 def unsigned_payload payload = {} ACCESSORS.each do |k| next if (val = send k) == nil payload[k] = val end if @custom_fields @custom_fields.each do |k, v| payload["custom.#{k}"] = v.to_s end end Rack::Utils.build_query(payload) end |