From 02283fe4979ad055a20131166628a32b3c152897 Mon Sep 17 00:00:00 2001
From: IN COMMON Collective <collective@incommon.cc>
Date: Fri, 26 Mar 2021 15:24:16 +0100
Subject: [DEV] WIP: explore sso login alternative

---
 app/lib/sso/from_discourse.rb | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

(limited to 'app/lib/sso/from_discourse.rb')

diff --git a/app/lib/sso/from_discourse.rb b/app/lib/sso/from_discourse.rb
index 94969c9..8c5eea7 100644
--- a/app/lib/sso/from_discourse.rb
+++ b/app/lib/sso/from_discourse.rb
@@ -14,12 +14,12 @@ module SSO
       # This is a hash:
       # SSO::FromDiscourse.config = {
       #   sso_url: 'https://talk.incommon.cc/session/sso_provider',
-      #   return_url: "#{API_ROOT_URL}/my/account",
+      #   return_url: 'https://incommon-map.example/authenticate',
       #   sso_secret: Rails.application.credentials.sso_secret,
       # }
       # In config/routes.rb:
       # ...
-      # get 'my/account/:token' => 'authentications#sso_login'
+      # get 'authenticate/(:token)' => 'authentications#sso_login'
       attr_accessor :config
     end
 
@@ -93,5 +93,15 @@ module SSO
     def mac_signature(payload = b64_payload)
       OpenSSL::HMAC.hexdigest('SHA256', self.class.config[:sso_secret], payload)
     end
+
+    def sso_secret
+      @sso_secret = begin
+                      self.class.config[:sso_secret].presence ||
+                        Rails.application.credentials.sso_secret ||
+                        raise
+                    rescue MissingConstant
+                      raise("Missing SSO Secret! Please set `SSO::FromDiscourse.config[:sso_secret]`")
+                    end
+    end
   end
 end
-- 
cgit v1.2.3


From 3c6561243b5f1abfad3292347c51aa1914f63b48 Mon Sep 17 00:00:00 2001
From: IN COMMON Collective <collective@incommon.cc>
Date: Fri, 9 Apr 2021 12:22:22 +0200
Subject: [DEV] Make SSO return_url dependent on Rails environment (fixes #1)

Previously the return_url was hardcoded for all environments.
It would create an issue where authentication outside of development
would redirect to the wrong site.

With the previous commit we introduced a staging environment and
an environment-specific configuration file allowing to hardcode
return_url for each environment.

This commit fixes the proper capture of the SSO secret in the
current configuration and introduces an SSO::MissingSecretError
class that is raised when there's no configured secret.

https://gitlab.com/incommon.cc/incommon-map/-/issues/1
---
 app/lib/sso/from_discourse.rb | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

(limited to 'app/lib/sso/from_discourse.rb')

diff --git a/app/lib/sso/from_discourse.rb b/app/lib/sso/from_discourse.rb
index 8c5eea7..7af7173 100644
--- a/app/lib/sso/from_discourse.rb
+++ b/app/lib/sso/from_discourse.rb
@@ -5,6 +5,8 @@
 # frozen_string_literal: true
 
 module SSO
+  class MissingSecretError < ArgumentError; end
+
   class FromDiscourse
     attr_accessor :nonce, :token
     attr_reader   :request_uri, :user_info, :status
@@ -91,17 +93,18 @@ module SSO
     end
 
     def mac_signature(payload = b64_payload)
-      OpenSSL::HMAC.hexdigest('SHA256', self.class.config[:sso_secret], payload)
+      OpenSSL::HMAC.hexdigest('SHA256', sso_secret, payload)
     end
 
     def sso_secret
       @sso_secret = begin
-                      self.class.config[:sso_secret].presence ||
-                        Rails.application.credentials.sso_secret ||
-                        raise
+                      self.class.config[:sso_secret] ||
+                        Rails.application.credentials.sso_secret
                     rescue MissingConstant
-                      raise("Missing SSO Secret! Please set `SSO::FromDiscourse.config[:sso_secret]`")
+                      nil
                     end
+      raise SSO::MissingSecretError if @sso_secret.nil?
+      self.class.config[:sso_secret] ||= @sso_secret
     end
   end
 end
-- 
cgit v1.2.3