foodsoft/plugins/discourse/app/controllers/discourse_controller.rb

29 lines
849 B
Ruby
Raw Normal View History

2017-09-22 01:14:48 +02:00
class DiscourseController < ApplicationController
before_action -> { require_plugin_enabled FoodsoftDiscourse }
2017-09-22 01:14:48 +02:00
protected
2017-09-22 01:14:48 +02:00
def valid_signature?
return false if params[:sso].blank? || params[:sig].blank?
get_hmac_hex_string(params[:sso]) == params[:sig]
2017-09-22 01:14:48 +02:00
end
def redirect_to_with_payload(url, payload)
base64_payload = Base64.strict_encode64 payload.to_query
sso = CGI.escape base64_payload
sig = get_hmac_hex_string base64_payload
redirect_to "#{url}#{url.include?('?') ? '&' : '?'}sso=#{sso}&sig=#{sig}"
2017-09-22 01:14:48 +02:00
end
def parse_payload
payload = Rack::Utils.parse_query Base64.decode64(params[:sso])
payload.symbolize_keys!
end
2017-09-22 01:14:48 +02:00
def get_hmac_hex_string(payload)
2017-09-22 01:14:48 +02:00
discourse_sso_secret = FoodsoftConfig[:discourse_sso_secret]
OpenSSL::HMAC.hexdigest 'sha256', discourse_sso_secret, payload
end
end