FEATURE: allow creating admin and moderator accounts via SSO

2014-11-27 12:39:00 +11:00 · 2014-11-27 12:39:00 +11:00 · 013f1a6dd0
parent 800ae5265f
commit 013f1a6dd0
3 changed files with 30 additions and 3 deletions
--- a/app/models/discourse_single_sign_on.rb
+++ b/app/models/discourse_single_sign_on.rb
@ -67,6 +67,9 @@ class DiscourseSingleSignOn < SingleSignOn
      user.custom_fields[k] = v
    end

+    user.admin = admin unless admin.nil?
+    user.moderator = moderator unless moderator.nil?
+
    # optionally save the user and sso_record if they have changed
    user.save!
    sso_record.save!
--- a/lib/single_sign_on.rb
+++ b/lib/single_sign_on.rb
@ -2,6 +2,7 @@ class SingleSignOn
  ACCESSORS = [:nonce, :name, :username, :email, :avatar_url, :avatar_force_update,
               :about_me, :external_id, :return_sso_url, :admin, :moderator]
  FIXNUMS = []
+  BOOLS = [:avatar_force_update, :admin, :moderator]
  NONCE_EXPIRY_TIME = 10.minutes

  attr_accessor(*ACCESSORS)
@ -30,6 +31,9 @@ class SingleSignOn
    ACCESSORS.each do |k|
      val = decoded_hash[k.to_s]
      val = val.to_i if FIXNUMS.include? k
+      if BOOLS.include? k
+        val = ["true", "false"].include?(val) ? val == "true" : nil
+      end
      sso.send("#{k}=", val)
    end

@ -77,7 +81,7 @@ class SingleSignOn
  def unsigned_payload
    payload = {}
    ACCESSORS.each do |k|
-     next unless (val = send k)
+     next if (val = send k) == nil

     payload[k] = val
    end
--- a/spec/controllers/session_controller_spec.rb
+++ b/spec/controllers/session_controller_spec.rb
@ -65,6 +65,23 @@ describe SessionController do
      logged_on_user.single_sign_on_record.external_username.should == 'sam'
    end

+    it 'allows you to create an admin account' do
+      sso = get_sso('/a/')
+      sso.external_id = '666' # the number of the beast
+      sso.email = 'bob@bob.com'
+      sso.name = 'Sam Saffron'
+      sso.username = 'sam'
+      sso.custom_fields["shop_url"] = "http://my_shop.com"
+      sso.custom_fields["shop_name"] = "Sam"
+      sso.admin = true
+
+      get :sso_login, Rack::Utils.parse_query(sso.payload)
+
+      logged_on_user = Discourse.current_user_provider.new(request.env).current_user
+      logged_on_user.admin.should == true
+
+    end
+
    it 'allows you to create an account' do
      sso = get_sso('/a/')
      sso.external_id = '666' # the number of the beast
@ -82,6 +99,7 @@ describe SessionController do
      # ensure nothing is transient
      logged_on_user = User.find(logged_on_user.id)

+      logged_on_user.admin.should == false
      logged_on_user.email.should == 'bob@bob.com'
      logged_on_user.name.should == 'Sam Saffron'
      logged_on_user.username.should == 'sam'
@ -132,7 +150,7 @@ describe SessionController do

      response.should redirect_to("/login")

-      user = Fabricate(:user, password: "frogs", active: true)
+      user = Fabricate(:user, password: "frogs", active: true, admin: true)
      EmailToken.update_all(confirmed: true)

      xhr :post, :create, login: user.username, password: "frogs", format: :json
@ -147,7 +165,9 @@ describe SessionController do
      sso2.email.should == user.email
      sso2.name.should == user.name
      sso2.username.should == user.username
-      sso2.external_id == user.id.to_s
+      sso2.external_id.should == user.id.to_s
+      sso2.admin.should == true
+      sso2.moderator.should == false

    end