app/controllers/welcome_controller.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76

class WelcomeController < ApplicationController
  # GET /
  def index
  end

  # GET /authenticate(/:token)
  # Discourse SSO Authentication
  def authenticate
    # Ensure nobody tries silly things with our session
    if params[:token].present? && !params[:token].match?(/[a-z0-9]{32}/)
      raise(ArgumentError, "Token invalid")
    end

    # Try an ongoing SSO or create a new one
    @sso = SSO::FromDiscourse.new(token: params[:token], nonce: session[params[:token]])
    # Remove any current session
    Rails.logger.info("Removing current session (#{session[:current_user]})")
    session.destroy
    @current_user = nil

    if params[:token].nil? # Send to authenticate
      # Record this token and nonce in the session
      session[@sso.token] = @sso.nonce
      # Send to authorization
      redirect_to @sso.request_uri and return
    end

    # Validate authentication
    begin
      @sso.parse(params)
    rescue ArgumentError => e
      return 403, e.message
    end

    case @sso.status
    when :unauthorized
      Rails.logger.info("Authentication failed!")
      return 403
    when :ok
      Rails.logger.info("Authentication succeeded!")
      @current_user = User.find_by(external_id: @sso.user_info[:external_id]) ||
                      begin
                        Rails.logger.info('new user...')
                        u = User.create(
                          external_id: @sso.user_info[:external_id],
                          avatar_url: @sso.user_info[:avatar_url],
                          email: @sso.user_info[:email],
                          name: @sso.user_info[:name],
                          username: @sso.user_info[:username])
                        Rails.logger.info('created user %s' % u.inspect)
                        u
                      rescue Exception => e
                        raise
                      end
      # Update user agents
      if @current_user.present?
        AgencyWatcherJob.perform_later(@current_user, @sso.user_info[:groups].split(','))
      end
      # Save User ID in session
      session[:current_user] = @current_user[:external_id]
    end

    redirect_to '/my/dashboard'
  end

  # GET /dashboard
  def dashboard
    redirect_to '/authenticate' and return unless current_user.present?
  end

  # GET /logout
  def logout
    session.destroy
    render :index
  end
end