Add Discourse SSO to allow login into Discourse via Foodsoft

2017-09-24 17:27:23 +02:00 · 2017-09-24 17:27:23 +02:00 · 01950b48a1
commit 01950b48a1
parent b5e5d7d246
8 changed files with 110 additions and 54 deletions
--- a/plugins/discourse/app/controllers/discourse_login_controller.rb
+++ b/plugins/discourse/app/controllers/discourse_login_controller.rb
@ -0,0 +1,43 @@
+class DiscourseLoginController < DiscourseController
+
+  before_filter -> { require_config_disabled :discourse_sso }
+  skip_before_filter :authenticate
+
+  def initiate
+    discourse_url = FoodsoftConfig[:discourse_url]
+
+    nonce = SecureRandom.hex()
+    return_sso_url = url_for(action: :callback, only_path: false)
+
+    session[:discourse_sso_nonce] = nonce
+    redirect_to_with_payload "#{discourse_url}/session/sso_provider",
+      nonce: nonce,
+      return_sso_url: return_sso_url
+  end
+
+  def callback
+    raise I18n.t('discourse.callback.invalid_signature') unless valid_signature?
+
+    payload = parse_payload
+
+    raise I18n.t('discourse.callback.invalid_nonce') if payload[:nonce] != session[:discourse_sso_nonce]
+    session[:discourse_sso_nonce] = nil
+
+    id = payload[:external_id].to_i
+    user = User.find_or_initialize_by(id: id) do |user|
+      user.id = id
+      user.password = SecureRandom.random_bytes(25)
+    end
+    user.nick = payload[:username]
+    user.email = payload[:email]
+    user.first_name = payload[:name]
+    user.last_name = ''
+    user.last_login = Time.now
+    user.save!
+
+    login_and_redirect_to_return_to user, notice: I18n.t('discourse.callback.logged_in')
+  rescue => error
+    redirect_to login_url, alert: error.to_s
+  end
+
+end