Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

improve error handling massage for bad sso requests

This commit is contained in:
Sam 2014-12-30 09:23:21 +11:00
parent 7bcecb54fd
commit 2754b45fff
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lib/single_sign_on.rb
View File

@ -22,7 +22,12 @@ class SingleSignOn
parsed = Rack::Utils.parse_query(payload)
if sso.sign(parsed["sso"]) != parsed["sig"]
raise RuntimeError, "Bad signature for payload"
diags = "\n\nsso: #{parsed["sso"]}\n\nsig: #{parsed["sig"]}\n\nexpected sig: #{sso.sign(parsed["sso"])}"
if parsed["sso"] =~ /[^a-zA-Z0-9=\r\n]/m
raise RuntimeError, "The SSO field should be Base64 encoded, using only A-Z, a-z, 0-9 and = characters. Your input contains characters we don't understand as Base64, see http://en.wikipedia.org/wiki/Base64 #{diags}"
else
raise RuntimeError, "Bad signature for payload #{diags}"
end
end
decoded = Base64.decode64(parsed["sso"])