discourse/lib/validators/enable_sso_validator.rb

# frozen_string_literal: true

class EnableSsoValidator
  def initialize(opts = {})
    @opts = opts
  end

  def valid_value?(val)
    return true if val == "f"
    return false if SiteSetting.discourse_connect_url.blank? || is_2fa_enforced?
    true
  end

  def error_message
    if SiteSetting.discourse_connect_url.blank?
      return I18n.t("site_settings.errors.discourse_connect_url_is_empty")
    end

    if is_2fa_enforced?
      I18n.t("site_settings.errors.discourse_connect_cannot_be_enabled_if_second_factor_enforced")
    end
  end

  def is_2fa_enforced?
    SiteSetting.enforce_second_factor? != "no"
  end
end
DEV: enable frozen string literal on all files This reduces chances of errors where consumers of strings mutate inputs and reduces memory usage of the app. Test suite passes now, but there may be some stuff left, so we will run a few sites on a branch prior to merging 2019-05-02 18:17:27 -04:00			`# frozen_string_literal: true`

FIX: verify presence of 'sso url' before enabling 'enable sso' 2017-12-23 03:00:49 -05:00			`class EnableSsoValidator`
			`def initialize(opts = {})`
			`@opts = opts`
			`end`

			`def valid_value?(val)`
			`return true if val == "f"`
FEATURE: Allow invite only and Discourse connect (#20961) Invite only and Discourse connect could not be enabled at the same time because of some legacy reason. This is a follow up commit to ce04db8, 355d51a and 40f6ceb. 2023-04-04 12:52:11 -04:00			`return false if SiteSetting.discourse_connect_url.blank? \|\| is_2fa_enforced?`
FIX: Do not allow `invite_only` and `enable_sso` at the same time This functionality was never supported but before the new review queue it didn't have any errors. Now the combination of settings is prevented and existing sites with sso enabled will be migrated to remove invite only. 2019-04-02 10:26:27 -04:00			`true`
FIX: verify presence of 'sso url' before enabling 'enable sso' 2017-12-23 03:00:49 -05:00			`end`

			`def error_message`
FEATURE: Rename 'Discourse SSO' to DiscourseConnect (#11978) The 'Discourse SSO' protocol is being rebranded to DiscourseConnect. This should help to reduce confusion when 'SSO' is used in the generic sense. This commit aims to: - Rename `sso_` site settings. DiscourseConnect specific ones are prefixed `discourse_connect_`. Generic settings are prefixed `auth_` - Add (server-side-only) backwards compatibility for the old setting names, with deprecation notices - Copy `site_settings` database records to the new names - Rename relevant translation keys - Update relevant translations This commit does not aim to: - Rename any Ruby classes or methods. This might be done in a future commit - Change any URLs. This would break existing integrations - Make any changes to the protocol. This would break existing integrations - Change any functionality. Further normalization across DiscourseConnect and other auth methods will be done separately The risks are: - There is no backwards compatibility for site settings on the client-side. Accessing auth-related site settings in Javascript is fairly rare, and an error on the client side would not be security-critical. - If a plugin is monkey-patching parts of the auth process, changes to locale keys could cause broken error messages. This should also be unlikely. The old site setting names remain functional, so security-related overrides will remain working. A follow-up commit will be made with a post-deploy migration to delete the old `site_settings` rows. 2021-02-08 05:04:33 -05:00			`if SiteSetting.discourse_connect_url.blank?`
			`return I18n.t("site_settings.errors.discourse_connect_url_is_empty")`
DEV: Apply syntax_tree formatting to `lib/*` 2023-01-09 07:10:19 -05:00			`end`
FEATURE: Allow invite only and Discourse connect (#20961) Invite only and Discourse connect could not be enabled at the same time because of some legacy reason. This is a follow up commit to ce04db8, 355d51a and 40f6ceb. 2023-04-04 12:52:11 -04:00
FIX: Check 2FA is disabled before enabling DiscourseConnect. (#16542) Both settings are incompatible. We validated that DiscourseConnect is disabled before enabling 2FA but were missing the other way around. 2022-04-25 13:49:36 -04:00			`if is_2fa_enforced?`
			`I18n.t("site_settings.errors.discourse_connect_cannot_be_enabled_if_second_factor_enforced")`
DEV: Apply syntax_tree formatting to `lib/*` 2023-01-09 07:10:19 -05:00			`end`
FIX: Check 2FA is disabled before enabling DiscourseConnect. (#16542) Both settings are incompatible. We validated that DiscourseConnect is disabled before enabling 2FA but were missing the other way around. 2022-04-25 13:49:36 -04:00			`end`

			`def is_2fa_enforced?`
			`SiteSetting.enforce_second_factor? != "no"`
FIX: verify presence of 'sso url' before enabling 'enable sso' 2017-12-23 03:00:49 -05:00			`end`
			`end`