discourse/app/models/discourse_single_sign_on.rb

require_dependency 'single_sign_on'
class DiscourseSingleSignOn < SingleSignOn
  def self.sso_url
    SiteSetting.sso_url
  end

  def self.sso_secret
    SiteSetting.sso_secret
  end

  def self.generate_url(return_path="/")
    sso = new
    sso.nonce = SecureRandom.hex
    sso.register_nonce(return_path)
    sso.to_url
  end

  def register_nonce(return_path)
    if nonce
      $redis.setex(nonce_key, NONCE_EXPIRY_TIME, return_path)
    end
  end

  def nonce_valid?
    nonce && $redis.get(nonce_key).present?
  end

  def return_path
    $redis.get(nonce_key) || "/"
  end

  def expire_nonce!
    if nonce
      $redis.del nonce_key
    end
  end

  def nonce_key
    "SSO_NONCE_#{nonce}"
  end


  def lookup_or_create_user
    sso_record = SingleSignOnRecord.where(external_id: external_id).first
    if sso_record && sso_record.user
      sso_record.last_payload = unsigned_payload
      sso_record.save
    else
      user = User.where(email: Email.downcase(email)).first

      user_params = {
          email: email,
          name:  User.suggest_name(name || username || email),
          username: UserNameSuggester.suggest(username || name || email),
      }

      if user || user = User.create(user_params)
        if sso_record = user.single_sign_on_record
          sso_record.last_payload = unsigned_payload
          sso_record.external_id = external_id
          sso_record.save!
        else
          sso_record = user.create_single_sign_on_record(last_payload: unsigned_payload,
                                            external_id: external_id)
        end
      end
    end

    if sso_record && (user = sso_record.user) && !user.active
      user.active = true
      user.save
      user.enqueue_welcome_message('welcome_user')
    end

    sso_record && sso_record.user
  end
end
FEATURE: single sign on support Added support for outsourcing auth to a different website, documentation on meta 2014-02-24 22:30:49 -05:00			`require_dependency 'single_sign_on'`
			`class DiscourseSingleSignOn < SingleSignOn`
			`def self.sso_url`
			`SiteSetting.sso_url`
			`end`

			`def self.sso_secret`
			`SiteSetting.sso_secret`
			`end`

FEATURE: SSO to handle return_path automatically 2014-02-25 17:58:30 -05:00			`def self.generate_url(return_path="/")`
FEATURE: single sign on support Added support for outsourcing auth to a different website, documentation on meta 2014-02-24 22:30:49 -05:00			`sso = new`
			`sso.nonce = SecureRandom.hex`
FEATURE: SSO to handle return_path automatically 2014-02-25 17:58:30 -05:00			`sso.register_nonce(return_path)`
FEATURE: single sign on support Added support for outsourcing auth to a different website, documentation on meta 2014-02-24 22:30:49 -05:00			`sso.to_url`
			`end`

FEATURE: SSO to handle return_path automatically 2014-02-25 17:58:30 -05:00			`def register_nonce(return_path)`
FEATURE: single sign on support Added support for outsourcing auth to a different website, documentation on meta 2014-02-24 22:30:49 -05:00			`if nonce`
FEATURE: SSO to handle return_path automatically 2014-02-25 17:58:30 -05:00			`$redis.setex(nonce_key, NONCE_EXPIRY_TIME, return_path)`
FEATURE: single sign on support Added support for outsourcing auth to a different website, documentation on meta 2014-02-24 22:30:49 -05:00			`end`
			`end`

			`def nonce_valid?`
			`nonce && $redis.get(nonce_key).present?`
			`end`

FEATURE: SSO to handle return_path automatically 2014-02-25 17:58:30 -05:00			`def return_path`
			`$redis.get(nonce_key) \|\| "/"`
			`end`

FEATURE: single sign on support Added support for outsourcing auth to a different website, documentation on meta 2014-02-24 22:30:49 -05:00			`def expire_nonce!`
			`if nonce`
			`$redis.del nonce_key`
			`end`
			`end`

			`def nonce_key`
			`"SSO_NONCE_#{nonce}"`
			`end`


			`def lookup_or_create_user`
			`sso_record = SingleSignOnRecord.where(external_id: external_id).first`
			`if sso_record && sso_record.user`
			`sso_record.last_payload = unsigned_payload`
			`sso_record.save`
			`else`
			`user = User.where(email: Email.downcase(email)).first`

			`user_params = {`
			`email: email,`
			`name: User.suggest_name(name \|\| username \|\| email),`
			`username: UserNameSuggester.suggest(username \|\| name \|\| email),`
			`}`

			`if user \|\| user = User.create(user_params)`
			`if sso_record = user.single_sign_on_record`
			`sso_record.last_payload = unsigned_payload`
			`sso_record.external_id = external_id`
			`sso_record.save!`
			`else`
			`sso_record = user.create_single_sign_on_record(last_payload: unsigned_payload,`
			`external_id: external_id)`
			`end`
			`end`
			`end`

BUGFIX: sso to send welcome emails 2014-02-25 18:28:03 -05:00			`if sso_record && (user = sso_record.user) && !user.active`
			`user.active = true`
			`user.save`
			`user.enqueue_welcome_message('welcome_user')`
			`end`

FEATURE: single sign on support Added support for outsourcing auth to a different website, documentation on meta 2014-02-24 22:30:49 -05:00			`sso_record && sso_record.user`
			`end`
			`end`