Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

DEV: Require sso and sig query string params for sso_login

This commit is contained in:
Vinoth Kannan 2018-10-12 05:03:30 +05:30
parent 2502a3f780
commit 39b7e32848
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/controllers/session_controller.rb
View File

@ -108,6 +108,9 @@ class SessionController < ApplicationController
def sso_login def sso_login
raise Discourse::NotFound.new unless SiteSetting.enable_sso raise Discourse::NotFound.new unless SiteSetting.enable_sso
params.require(:sso)
params.require(:sig)
sso = DiscourseSingleSignOn.parse(request.query_string) sso = DiscourseSingleSignOn.parse(request.query_string)
if !sso.nonce_valid? if !sso.nonce_valid?
if SiteSetting.verbose_sso_logging if SiteSetting.verbose_sso_logging