class DiscourseLoginController < DiscourseController before_filter -> { require_config_disabled :discourse_sso } skip_before_filter :authenticate def initiate discourse_url = FoodsoftConfig[:discourse_url] nonce = SecureRandom.hex() return_sso_url = url_for(action: :callback, only_path: false) session[:discourse_sso_nonce] = nonce redirect_to_with_payload "#{discourse_url}/session/sso_provider", nonce: nonce, return_sso_url: return_sso_url end def callback raise I18n.t('discourse.callback.invalid_signature') unless valid_signature? payload = parse_payload raise I18n.t('discourse.callback.invalid_nonce') if payload[:nonce] != session[:discourse_sso_nonce] session[:discourse_sso_nonce] = nil id = payload[:external_id].to_i user = User.find_or_initialize_by(id: id) do |user| user.id = id user.password = SecureRandom.random_bytes(25) end user.nick = payload[:username] user.email = payload[:email] user.first_name = payload[:name] user.last_name = '' user.last_login = Time.now user.save! login_and_redirect_to_return_to user, notice: I18n.t('discourse.callback.logged_in') rescue => error redirect_to login_url, alert: error.to_s end end