From 02283fe4979ad055a20131166628a32b3c152897 Mon Sep 17 00:00:00 2001 From: IN COMMON Collective Date: Fri, 26 Mar 2021 15:24:16 +0100 Subject: [DEV] WIP: explore sso login alternative --- app/lib/sso/from_discourse.rb | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) (limited to 'app/lib/sso') diff --git a/app/lib/sso/from_discourse.rb b/app/lib/sso/from_discourse.rb index 94969c9..8c5eea7 100644 --- a/app/lib/sso/from_discourse.rb +++ b/app/lib/sso/from_discourse.rb @@ -14,12 +14,12 @@ module SSO # This is a hash: # SSO::FromDiscourse.config = { # sso_url: 'https://talk.incommon.cc/session/sso_provider', - # return_url: "#{API_ROOT_URL}/my/account", + # return_url: 'https://incommon-map.example/authenticate', # sso_secret: Rails.application.credentials.sso_secret, # } # In config/routes.rb: # ... - # get 'my/account/:token' => 'authentications#sso_login' + # get 'authenticate/(:token)' => 'authentications#sso_login' attr_accessor :config end @@ -93,5 +93,15 @@ module SSO def mac_signature(payload = b64_payload) OpenSSL::HMAC.hexdigest('SHA256', self.class.config[:sso_secret], payload) end + + def sso_secret + @sso_secret = begin + self.class.config[:sso_secret].presence || + Rails.application.credentials.sso_secret || + raise + rescue MissingConstant + raise("Missing SSO Secret! Please set `SSO::FromDiscourse.config[:sso_secret]`") + end + end end end -- cgit v1.2.3 From 3c6561243b5f1abfad3292347c51aa1914f63b48 Mon Sep 17 00:00:00 2001 From: IN COMMON Collective Date: Fri, 9 Apr 2021 12:22:22 +0200 Subject: [DEV] Make SSO return_url dependent on Rails environment (fixes #1) Previously the return_url was hardcoded for all environments. It would create an issue where authentication outside of development would redirect to the wrong site. With the previous commit we introduced a staging environment and an environment-specific configuration file allowing to hardcode return_url for each environment. This commit fixes the proper capture of the SSO secret in the current configuration and introduces an SSO::MissingSecretError class that is raised when there's no configured secret. https://gitlab.com/incommon.cc/incommon-map/-/issues/1 --- app/lib/sso/from_discourse.rb | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) (limited to 'app/lib/sso') diff --git a/app/lib/sso/from_discourse.rb b/app/lib/sso/from_discourse.rb index 8c5eea7..7af7173 100644 --- a/app/lib/sso/from_discourse.rb +++ b/app/lib/sso/from_discourse.rb @@ -5,6 +5,8 @@ # frozen_string_literal: true module SSO + class MissingSecretError < ArgumentError; end + class FromDiscourse attr_accessor :nonce, :token attr_reader :request_uri, :user_info, :status @@ -91,17 +93,18 @@ module SSO end def mac_signature(payload = b64_payload) - OpenSSL::HMAC.hexdigest('SHA256', self.class.config[:sso_secret], payload) + OpenSSL::HMAC.hexdigest('SHA256', sso_secret, payload) end def sso_secret @sso_secret = begin - self.class.config[:sso_secret].presence || - Rails.application.credentials.sso_secret || - raise + self.class.config[:sso_secret] || + Rails.application.credentials.sso_secret rescue MissingConstant - raise("Missing SSO Secret! Please set `SSO::FromDiscourse.config[:sso_secret]`") + nil end + raise SSO::MissingSecretError if @sso_secret.nil? + self.class.config[:sso_secret] ||= @sso_secret end end end -- cgit v1.2.3