blob: ae24138190c413787991be194bcae9533339a89f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
|
class WelcomeController < ApplicationController
# GET /
def index
end
# GET /authenticate(/:token)
# Discourse SSO Authentication
def authenticate
# Ensure nobody tries silly things with our session
if params[:token].present? && !params[:token].match?(/[a-z0-9]{32}/)
raise(ArgumentError, "Token invalid")
end
# Try an ongoing SSO or create a new one
@sso = SSO::FromDiscourse.new(token: params[:token], nonce: session[params[:token]])
# Remove any current session
Rails.logger.info("Removing current session (#{session[:current_user]})")
session.destroy
@current_user = nil
if params[:token].nil? # Send to authenticate
# Record this token and nonce in the session
session[@sso.token] = @sso.nonce
# Send to authorization
redirect_to @sso.request_uri and return
end
# Validate authentication
begin
@sso.parse(params)
rescue ArgumentError => e
return 403, e.message
end
case @sso.status
when :unauthorized
Rails.logger.info("Authentication failed!")
return 403
when :ok
Rails.logger.info("Authentication succeeded!")
@current_user = User.find_by(external_id: @sso.user_info[:external_id]) ||
begin
Rails.logger.info('new user...')
u = User.create(
external_id: @sso.user_info[:external_id],
avatar_url: @sso.user_info[:avatar_url],
email: @sso.user_info[:email],
name: @sso.user_info[:name],
username: @sso.user_info[:username])
Rails.logger.info('created user %s' % u.inspect)
u
rescue Exception => e
raise
end
# Update user agents
# TODO: do it as a background job, it has nothing to do here.
@sso.user_info[:groups].split(',').each do |g|
a = Agent.find_by_name(g)
if a
# TODO: call Discourse and make :leader if group owner
# TODO: do not create the record if it exists
a.agencies.create(user: u, roles: 2) # make new user an editor
Rails.logger.info('User has Agent %s' % g)
end
end
session[:current_user] = @current_user[:external_id]
end
redirect_to '/my/dashboard'
end
# GET /dashboard
def dashboard
redirect_to '/authenticate' and return unless current_user.present?
end
# GET /logout
def logout
session.destroy
render :index
end
end
|