class WelcomeController < ApplicationController # GET / def index end # GET /authenticate(/:token) # Discourse SSO Authentication def authenticate # Ensure nobody tries silly things with our session if params[:token].present? && !params[:token].match?(/[a-z0-9]{32}/) raise(ArgumentError, "Token invalid") end # Try an ongoing SSO or create a new one @sso = SSO::FromDiscourse.new(token: params[:token], nonce: session[params[:token]]) # Remove any current session Rails.logger.info("Removing current session (#{session[:current_user]})") session.destroy @current_user = nil if params[:token].nil? # Send to authenticate # Record this token and nonce in the session session[@sso.token] = @sso.nonce # Send to authorization redirect_to @sso.request_uri and return end # Validate authentication begin @sso.parse(params) rescue ArgumentError => e return 403, e.message end case @sso.status when :unauthorized Rails.logger.info("Authentication failed!") return 403 when :ok Rails.logger.info("Authentication succeeded!") @current_user = User.find_by(external_id: @sso.user_info[:external_id]) || begin Rails.logger.info('new user...') u = User.create( external_id: @sso.user_info[:external_id], avatar_url: @sso.user_info[:avatar_url], email: @sso.user_info[:email], name: @sso.user_info[:name], username: @sso.user_info[:username]) Rails.logger.info('created user %s' % u.inspect) u rescue Exception => e raise end # Update user agents if @current_user.present? AgencyWatcherJob.perform_later(@current_user, @sso.user_info[:groups].split(',')) end # Save User ID in session session[:current_user] = @current_user[:external_id] end redirect_to '/my/dashboard' end # GET /dashboard def dashboard redirect_to '/authenticate' and return unless current_user.present? end # GET /logout def logout session.destroy render :index end end