From 39b7e32848eb514203001c39f83550f3e48ff96b Mon Sep 17 00:00:00 2001
From: Vinoth Kannan <vinothkannan@vinkas.com>
Date: Fri, 12 Oct 2018 05:03:30 +0530
Subject: [PATCH] DEV: Require sso and sig query string params for sso_login

---
 app/controllers/session_controller.rb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/app/controllers/session_controller.rb b/app/controllers/session_controller.rb
index 4d6e9b9e62e..b523943e8d9 100644
--- a/app/controllers/session_controller.rb
+++ b/app/controllers/session_controller.rb
@@ -108,6 +108,9 @@ class SessionController < ApplicationController
   def sso_login
     raise Discourse::NotFound.new unless SiteSetting.enable_sso
 
+    params.require(:sso)
+    params.require(:sig)
+
     sso = DiscourseSingleSignOn.parse(request.query_string)
     if !sso.nonce_valid?
       if SiteSetting.verbose_sso_logging