discourse/lib/single_sign_on.rb

class SingleSignOn

  class ParseError < RuntimeError; end

  ACCESSORS = %i{
    add_groups
    admin moderator
    avatar_force_update
    avatar_url
    bio
    card_background_url
    email
    external_id
    groups
    locale
    locale_force_update
    name
    nonce
    profile_background_url
    remove_groups
    require_activation
    return_sso_url
    suppress_welcome_message
    title
    username
    website
  }

  FIXNUMS = []

  BOOLS = %i{
    admin
    avatar_force_update
    locale_force_update
    moderator
    require_activation
    suppress_welcome_message
  }

  NONCE_EXPIRY_TIME = 10.minutes

  attr_accessor(*ACCESSORS)
  attr_writer :sso_secret, :sso_url

  def self.sso_secret
    raise RuntimeError, "sso_secret not implemented on class, be sure to set it on instance"
  end

  def self.sso_url
    raise RuntimeError, "sso_url not implemented on class, be sure to set it on instance"
  end

  def self.parse(payload, sso_secret = nil)
    sso = new
    sso.sso_secret = sso_secret if sso_secret

    parsed = Rack::Utils.parse_query(payload)
    decoded = Base64.decode64(parsed["sso"])
    decoded_hash = Rack::Utils.parse_query(decoded)

    return_sso_url = decoded_hash['return_sso_url']

    if sso.sign(parsed["sso"]) != parsed["sig"]
      diags = "\n\nsso: #{parsed["sso"]}\n\nsig: #{parsed["sig"]}\n\nexpected sig: #{sso.sign(parsed["sso"])}"
      if parsed["sso"] =~ /[^a-zA-Z0-9=\r\n\/+]/m
        raise ParseError, "The SSO field should be Base64 encoded, using only A-Z, a-z, 0-9, +, /, and = characters. Your input contains characters we don't understand as Base64, see http://en.wikipedia.org/wiki/Base64 #{diags}"
      else
        raise ParseError, "Bad signature for payload #{diags}"
      end
    end

    ACCESSORS.each do |k|
      val = decoded_hash[k.to_s]
      val = val.to_i if FIXNUMS.include? k
      if BOOLS.include? k
        val = ["true", "false"].include?(val) ? val == "true" : nil
      end
      sso.send("#{k}=", val)
    end

    decoded_hash.each do |k, v|
      if field = k[/^custom\.(.+)$/, 1]
        sso.custom_fields[field] = v
      end
    end

    sso
  end

  def diagnostics
    SingleSignOn::ACCESSORS.map { |a| "#{a}: #{send(a)}" }.join("\n")
  end

  def sso_secret
    @sso_secret || self.class.sso_secret
  end

  def sso_url
    @sso_url || self.class.sso_url
  end

  def custom_fields
    @custom_fields ||= {}
  end

  def sign(payload, secret = nil)
    secret = secret || sso_secret
    OpenSSL::HMAC.hexdigest("sha256", secret, payload)
  end

  def to_url(base_url = nil)
    base = "#{base_url || sso_url}"
    "#{base}#{base.include?('?') ? '&' : '?'}#{payload}"
  end

  def payload(secret = nil)
    payload = Base64.strict_encode64(unsigned_payload)
    "sso=#{CGI::escape(payload)}&sig=#{sign(payload, secret)}"
  end

  def unsigned_payload
    payload = {}

    ACCESSORS.each do |k|
      next if (val = send k) == nil
     payload[k] = val
    end

    @custom_fields&.each do |k, v|
      payload["custom.#{k}"] = v.to_s
    end

    Rack::Utils.build_query(payload)
  end

end
FEATURE: single sign on support Added support for outsourcing auth to a different website, documentation on meta 2014-02-24 22:30:49 -05:00			`class SingleSignOn`
FEATURE: allow specifying locale via SSO Use: locale locale_force_update To force user locale on users where SiteSetting.allow_user_locale is enabled Note: If an invalid locale is specified no action will occur 2018-08-29 19:57:53 -04:00
FIX: Return 422 instead of 500 for invalid SSO signature (#6738) 2018-12-07 10:01:44 -05:00			`class ParseError < RuntimeError; end`

FEATURE: allow specifying locale via SSO Use: locale locale_force_update To force user locale on users where SiteSetting.allow_user_locale is enabled Note: If an invalid locale is specified no action will occur 2018-08-29 19:57:53 -04:00			`ACCESSORS = %i{`
			`add_groups`
			`admin moderator`
			`avatar_force_update`
			`avatar_url`
			`bio`
			`card_background_url`
			`email`
			`external_id`
			`groups`
			`locale`
			`locale_force_update`
			`name`
			`nonce`
			`profile_background_url`
			`remove_groups`
			`require_activation`
			`return_sso_url`
			`suppress_welcome_message`
			`title`
			`username`
			`website`
			`}`

FEATURE: single sign on support Added support for outsourcing auth to a different website, documentation on meta 2014-02-24 22:30:49 -05:00			`FIXNUMS = []`
FEATURE: allow specifying locale via SSO Use: locale locale_force_update To force user locale on users where SiteSetting.allow_user_locale is enabled Note: If an invalid locale is specified no action will occur 2018-08-29 19:57:53 -04:00
			`BOOLS = %i{`
			`admin`
			`avatar_force_update`
			`locale_force_update`
			`moderator`
			`require_activation`
			`suppress_welcome_message`
			`}`

FEATURE: single sign on support Added support for outsourcing auth to a different website, documentation on meta 2014-02-24 22:30:49 -05:00			`NONCE_EXPIRY_TIME = 10.minutes`

			`attr_accessor(*ACCESSORS)`
Fix "duplicate method" issue Fixing http://www.rubydoc.info/gems/rubocop/RuboCop/Cop/Lint/DuplicateMethods Readers are defined (https://github.com/discourse/discourse/blob/master/lib/single_sign_on.rb#L61), so only writers have to be generated. 2017-11-02 07:33:35 -04:00			`attr_writer :sso_secret, :sso_url`
FEATURE: single sign on support Added support for outsourcing auth to a different website, documentation on meta 2014-02-24 22:30:49 -05:00
			`def self.sso_secret`
			`raise RuntimeError, "sso_secret not implemented on class, be sure to set it on instance"`
			`end`

			`def self.sso_url`
			`raise RuntimeError, "sso_url not implemented on class, be sure to set it on instance"`
			`end`

			`def self.parse(payload, sso_secret = nil)`
			`sso = new`
FIX: move sso provider into its own class so it doesn't interfere with sso client (#6767) 2018-12-19 04:22:10 -05:00			`sso.sso_secret = sso_secret if sso_secret`
FEATURE: single sign on support Added support for outsourcing auth to a different website, documentation on meta 2014-02-24 22:30:49 -05:00
			`parsed = Rack::Utils.parse_query(payload)`
FEATURE: allow multiple secrets for Discourse SSO provider This splits off the logic between SSO keys used incoming vs outgoing, it allows to far better restrict who is allowed to log in using a site. This allows for better auditing of the SSO provider feature 2018-10-15 01:03:53 -04:00			`decoded = Base64.decode64(parsed["sso"])`
			`decoded_hash = Rack::Utils.parse_query(decoded)`

			`return_sso_url = decoded_hash['return_sso_url']`

FEATURE: single sign on support Added support for outsourcing auth to a different website, documentation on meta 2014-02-24 22:30:49 -05:00			`if sso.sign(parsed["sso"]) != parsed["sig"]`
improve error handling massage for bad sso requests 2014-12-29 17:23:21 -05:00			`diags = "\n\nsso: #{parsed["sso"]}\n\nsig: #{parsed["sig"]}\n\nexpected sig: #{sso.sign(parsed["sso"])}"`
missing chars 2014-12-29 17:28:44 -05:00			`if parsed["sso"] =~ /[^a-zA-Z0-9=\r\n\/+]/m`
FIX: Return 422 instead of 500 for invalid SSO signature (#6738) 2018-12-07 10:01:44 -05:00			`raise ParseError, "The SSO field should be Base64 encoded, using only A-Z, a-z, 0-9, +, /, and = characters. Your input contains characters we don't understand as Base64, see http://en.wikipedia.org/wiki/Base64 #{diags}"`
improve error handling massage for bad sso requests 2014-12-29 17:23:21 -05:00			`else`
FIX: Return 422 instead of 500 for invalid SSO signature (#6738) 2018-12-07 10:01:44 -05:00			`raise ParseError, "Bad signature for payload #{diags}"`
improve error handling massage for bad sso requests 2014-12-29 17:23:21 -05:00			`end`
FEATURE: single sign on support Added support for outsourcing auth to a different website, documentation on meta 2014-02-24 22:30:49 -05:00			`end`

			`ACCESSORS.each do \|k\|`
			`val = decoded_hash[k.to_s]`
			`val = val.to_i if FIXNUMS.include? k`
FEATURE: allow creating admin and moderator accounts via SSO 2014-11-26 20:39:00 -05:00			`if BOOLS.include? k`
			`val = ["true", "false"].include?(val) ? val == "true" : nil`
			`end`
FEATURE: single sign on support Added support for outsourcing auth to a different website, documentation on meta 2014-02-24 22:30:49 -05:00			`sso.send("#{k}=", val)`
			`end`
FEATURE: custom fields on User 2014-04-21 23:52:13 -04:00
Add rubocop to our build. (#5004) 2017-07-27 21:20:09 -04:00			`decoded_hash.each do \|k, v\|`
tiny refactor 2017-03-27 10:21:38 -04:00			`if field = k[/^custom\.(.+)$/, 1]`
FEATURE: custom fields on User 2014-04-21 23:52:13 -04:00			`sso.custom_fields[field] = v`
			`end`
			`end`

FEATURE: single sign on support Added support for outsourcing auth to a different website, documentation on meta 2014-02-24 22:30:49 -05:00			`sso`
			`end`

FEATURE: verbose SSO logging By enabling the site setting verbose_sso_logging you can log information every time a user tries initiates SSO and during SSO failures 2016-04-07 21:20:01 -04:00			`def diagnostics`
tiny refactor 2017-03-27 10:21:38 -04:00			`SingleSignOn::ACCESSORS.map { \|a\| "#{a}: #{send(a)}" }.join("\n")`
FEATURE: verbose SSO logging By enabling the site setting verbose_sso_logging you can log information every time a user tries initiates SSO and during SSO failures 2016-04-07 21:20:01 -04:00			`end`

FEATURE: custom fields on User 2014-04-21 23:52:13 -04:00			`def sso_secret`
			`@sso_secret \|\| self.class.sso_secret`
			`end`

			`def sso_url`
			`@sso_url \|\| self.class.sso_url`
			`end`

			`def custom_fields`
			`@custom_fields \|\|= {}`
			`end`

FIX: move sso provider into its own class so it doesn't interfere with sso client (#6767) 2018-12-19 04:22:10 -05:00			`def sign(payload, secret = nil)`
			`secret = secret \|\| sso_secret`
FEATURE: allow multiple secrets for Discourse SSO provider This splits off the logic between SSO keys used incoming vs outgoing, it allows to far better restrict who is allowed to log in using a site. This allows for better auditing of the SSO provider feature 2018-10-15 01:03:53 -04:00			`OpenSSL::HMAC.hexdigest("sha256", secret, payload)`
FEATURE: single sign on support Added support for outsourcing auth to a different website, documentation on meta 2014-02-24 22:30:49 -05:00			`end`

Add rubocop to our build. (#5004) 2017-07-27 21:20:09 -04:00			`def to_url(base_url = nil)`
FIX: support sso_url that has query params 2014-03-19 17:14:09 -04:00			`base = "#{base_url \|\| sso_url}"`
			`"#{base}#{base.include?('?') ? '&' : '?'}#{payload}"`
FEATURE: single sign on support Added support for outsourcing auth to a different website, documentation on meta 2014-02-24 22:30:49 -05:00			`end`

FIX: move sso provider into its own class so it doesn't interfere with sso client (#6767) 2018-12-19 04:22:10 -05:00			`def payload(secret = nil)`
single_sign_on: encode the payload with strict_encode64 which doesn't add extraneous newlines 2017-10-17 13:41:52 -04:00			`payload = Base64.strict_encode64(unsigned_payload)`
FIX: move sso provider into its own class so it doesn't interfere with sso client (#6767) 2018-12-19 04:22:10 -05:00			`"sso=#{CGI::escape(payload)}&sig=#{sign(payload, secret)}"`
FEATURE: single sign on support Added support for outsourcing auth to a different website, documentation on meta 2014-02-24 22:30:49 -05:00			`end`

			`def unsigned_payload`
			`payload = {}`
tiny refactor 2017-03-27 10:21:38 -04:00
FEATURE: single sign on support Added support for outsourcing auth to a different website, documentation on meta 2014-02-24 22:30:49 -05:00			`ACCESSORS.each do \|k\|`
Add rubocop to our build. (#5004) 2017-07-27 21:20:09 -04:00			`next if (val = send k) == nil`
FEATURE: single sign on support Added support for outsourcing auth to a different website, documentation on meta 2014-02-24 22:30:49 -05:00			`payload[k] = val`
			`end`

tiny refactor 2017-03-27 10:21:38 -04:00			`@custom_fields&.each do \|k, v\|`
			`payload["custom.#{k}"] = v.to_s`
FEATURE: custom fields on User 2014-04-21 23:52:13 -04:00			`end`

FEATURE: single sign on support Added support for outsourcing auth to a different website, documentation on meta 2014-02-24 22:30:49 -05:00			`Rack::Utils.build_query(payload)`
			`end`

			`end`