diff --git a/app/controllers/session_controller.rb b/app/controllers/session_controller.rb index 2bf3965d2e9..5a54591a0b0 100644 --- a/app/controllers/session_controller.rb +++ b/app/controllers/session_controller.rb @@ -44,8 +44,15 @@ class SessionController < ApplicationController def sso_provider(payload = nil) payload ||= request.query_string + if SiteSetting.enable_sso_provider sso = SingleSignOn.parse(payload, SiteSetting.sso_secret) + + if sso.return_sso_url.blank? + render plain: "return_sso_url is blank, it must be provided", status: 400 + return + end + if current_user sso.name = current_user.name sso.username = current_user.username @@ -55,19 +62,17 @@ class SessionController < ApplicationController sso.moderator = current_user.moderator? sso.groups = current_user.groups.pluck(:name).join(",") - sso.avatar_url = Discourse.store.cdn_url UrlHelper.absolute( - "#{Discourse.store.absolute_base_url}/#{Discourse.store.get_path_for_upload(current_user.uploaded_avatar)}" - ) unless current_user.uploaded_avatar.nil? - sso.profile_background_url = UrlHelper.absolute upload_cdn_path( - current_user.user_profile.profile_background - ) if current_user.user_profile.profile_background.present? - sso.card_background_url = UrlHelper.absolute upload_cdn_path( - current_user.user_profile.card_background - ) if current_user.user_profile.card_background.present? + if current_user.uploaded_avatar.present? + avatar_url = "#{Discourse.store.absolute_base_url}/#{Discourse.store.get_path_for_upload(current_user.uploaded_avatar)}" + sso.avatar_url = UrlHelper.absolute Discourse.store.cdn_url(avatar_url) + end - if sso.return_sso_url.blank? - render plain: "return_sso_url is blank, it must be provided", status: 400 - return + if current_user.user_profile.profile_background.present? + sso.profile_background_url = UrlHelper.absolute upload_cdn_path(current_user.user_profile.profile_background) + end + + if current_user.user_profile.card_background.present? + sso.card_background_url = UrlHelper.absolute upload_cdn_path(current_user.user_profile.card_background) end if request.xhr? @@ -76,7 +81,7 @@ class SessionController < ApplicationController redirect_to sso.to_url(sso.return_sso_url) end else - session[:sso_payload] = request.query_string + cookies[:sso_payload] = request.query_string redirect_to path('/login') end else @@ -399,7 +404,7 @@ class SessionController < ApplicationController session.delete(ACTIVATE_USER_KEY) log_on_user(user) - if payload = session.delete(:sso_payload) + if payload = cookies.delete(:sso_payload) sso_provider(payload) else render_serialized(user, UserSerializer) diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index dfae9f3bdd9..cca0a636588 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -696,8 +696,8 @@ class UsersController < ApplicationController def perform_account_activation raise Discourse::InvalidAccess.new if honeypot_or_challenge_fails?(params) - if @user = EmailToken.confirm(params[:token]) + if @user = EmailToken.confirm(params[:token]) # Log in the user unless they need to be approved if Guardian.new(@user).can_access_forum? @user.enqueue_welcome_message('welcome_user') if @user.send_welcome_message @@ -708,14 +708,16 @@ class UsersController < ApplicationController elsif destination_url = cookies[:destination_url] cookies[:destination_url] = nil return redirect_to(destination_url) + elsif SiteSetting.enable_sso_provider && payload = cookies.delete(:sso_payload) + return redirect_to(session_sso_provider_url + "?" + payload) end else @needs_approval = true end - else flash.now[:error] = I18n.t('activation.already_done') end + render layout: 'no_ember' end @@ -736,7 +738,6 @@ class UsersController < ApplicationController User.transaction do primary_email = @user.primary_email - primary_email.email = params[:email] primary_email.skip_validate_email = false