FEATURE: Rename 'Discourse SSO' to DiscourseConnect (#11978)

The 'Discourse SSO' protocol is being rebranded to DiscourseConnect. This should help to reduce confusion when 'SSO' is used in the generic sense.

This commit aims to:
- Rename `sso_` site settings. DiscourseConnect specific ones are prefixed `discourse_connect_`. Generic settings are prefixed `auth_`
- Add (server-side-only) backwards compatibility for the old setting names, with deprecation notices
- Copy `site_settings` database records to the new names
- Rename relevant translation keys
- Update relevant translations

This commit does **not** aim to:
- Rename any Ruby classes or methods. This might be done in a future commit
- Change any URLs. This would break existing integrations
- Make any changes to the protocol. This would break existing integrations
- Change any functionality. Further normalization across DiscourseConnect and other auth methods will be done separately

The risks are:
- There is no backwards compatibility for site settings on the client-side. Accessing auth-related site settings in Javascript is fairly rare, and an error on the client side would not be security-critical.
- If a plugin is monkey-patching parts of the auth process, changes to locale keys could cause broken error messages. This should also be unlikely. The old site setting names remain functional, so security-related overrides will remain working.

A follow-up commit will be made with a post-deploy migration to delete the old `site_settings` rows.
This commit is contained in:
David Taylor 2021-02-08 10:04:33 +00:00 committed by GitHub
parent 205db66864
commit 821bb1e8cb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
71 changed files with 421 additions and 355 deletions

View File

@ -590,7 +590,7 @@ export default Controller.extend(CanCheckEmails, {
deleteSSORecord() { deleteSSORecord() {
return bootbox.confirm( return bootbox.confirm(
I18n.t("admin.user.sso.confirm_delete"), I18n.t("admin.user.discourse_connect.confirm_delete"),
I18n.t("no_value"), I18n.t("no_value"),
I18n.t("yes_value"), I18n.t("yes_value"),
(confirmed) => { (confirmed) => {

View File

@ -70,8 +70,8 @@
{{/if}} {{/if}}
</div> </div>
<div class="controls"> <div class="controls">
{{#if siteSettings.sso_overrides_email}} {{#if siteSettings.auth_overrides_email}}
{{i18n "user.email.sso_override_instructions"}} {{i18n "user.email.auth_override_instructions"}}
{{else if model.email}} {{else if model.email}}
{{html-safe (i18n "admin.user.visit_profile" url=preferencesPath)}} {{html-safe (i18n "admin.user.visit_profile" url=preferencesPath)}}
{{/if}} {{/if}}
@ -105,8 +105,8 @@
<div class="controls"> <div class="controls">
{{#if model.email}} {{#if model.email}}
{{#if model.secondary_emails}} {{#if model.secondary_emails}}
{{#if siteSettings.sso_overrides_email}} {{#if siteSettings.auth_overrides_email}}
{{i18n "user.email.sso_override_instructions"}} {{i18n "user.email.auth_override_instructions"}}
{{else}} {{else}}
{{html-safe (i18n "admin.user.visit_profile" url=preferencesPath)}} {{html-safe (i18n "admin.user.visit_profile" url=preferencesPath)}}
{{/if}} {{/if}}
@ -646,11 +646,11 @@
{{#if model.single_sign_on_record}} {{#if model.single_sign_on_record}}
<section class="details"> <section class="details">
<h1>{{i18n "admin.user.sso.title"}}</h1> <h1>{{i18n "admin.user.discourse_connect.title"}}</h1>
{{#with model.single_sign_on_record as |sso|}} {{#with model.single_sign_on_record as |sso|}}
<div class="display-row"> <div class="display-row">
<div class="field">{{i18n "admin.user.sso.external_id"}}</div> <div class="field">{{i18n "admin.user.discourse_connect.external_id"}}</div>
<div class="value">{{sso.external_id}}</div> <div class="value">{{sso.external_id}}</div>
{{#if model.can_delete_sso_record}} {{#if model.can_delete_sso_record}}
<div class="controls"> <div class="controls">
@ -658,22 +658,22 @@
class="btn-danger" class="btn-danger"
action=(action "deleteSSORecord") action=(action "deleteSSORecord")
icon="far-trash-alt" icon="far-trash-alt"
label="admin.user.sso.delete_sso_record" label="admin.user.discourse_connect.delete_sso_record"
}} }}
</div> </div>
{{/if}} {{/if}}
</div> </div>
<div class="display-row"> <div class="display-row">
<div class="field">{{i18n "admin.user.sso.external_username"}}</div> <div class="field">{{i18n "admin.user.discourse_connect.external_username"}}</div>
<div class="value">{{sso.external_username}}</div> <div class="value">{{sso.external_username}}</div>
</div> </div>
<div class="display-row"> <div class="display-row">
<div class="field">{{i18n "admin.user.sso.external_name"}}</div> <div class="field">{{i18n "admin.user.discourse_connect.external_name"}}</div>
<div class="value">{{sso.external_name}}</div> <div class="value">{{sso.external_name}}</div>
</div> </div>
{{#if canAdminCheckEmails}} {{#if canAdminCheckEmails}}
<div class="display-row"> <div class="display-row">
<div class="field">{{i18n "admin.user.sso.external_email"}}</div> <div class="field">{{i18n "admin.user.discourse_connect.external_email"}}</div>
{{#if ssoExternalEmail}} {{#if ssoExternalEmail}}
<div class="value">{{ssoExternalEmail}}</div> <div class="value">{{ssoExternalEmail}}</div>
{{else}} {{else}}
@ -687,12 +687,12 @@
</div> </div>
{{/if}} {{/if}}
<div class="display-row"> <div class="display-row">
<div class="field">{{i18n "admin.user.sso.external_avatar_url"}}</div> <div class="field">{{i18n "admin.user.discourse_connect.external_avatar_url"}}</div>
<div class="value">{{sso.external_avatar_url}}</div> <div class="value">{{sso.external_avatar_url}}</div>
</div> </div>
{{#if sso.last_payload}} {{#if sso.last_payload}}
<div class="display-row"> <div class="display-row">
<div class="field">{{i18n "admin.user.sso.last_payload"}}</div> <div class="field">{{i18n "admin.user.discourse_connect.last_payload"}}</div>
<div class="value"> <div class="value">
{{#each ssoPayload as |line|}} {{#each ssoPayload as |line|}}
{{line}}<br> {{line}}<br>

View File

@ -221,7 +221,7 @@ export default Component.extend({
) { ) {
if (!canInviteViaEmail) { if (!canInviteViaEmail) {
// can't invite via email, only existing users // can't invite via email, only existing users
return I18n.t("topic.invite_reply.sso_enabled"); return I18n.t("topic.invite_reply.discourse_connect_enabled");
} else if (isPM) { } else if (isPM) {
// inviting to a message // inviting to a message
return I18n.t("topic.invite_private.email_or_username"); return I18n.t("topic.invite_private.email_or_username");

View File

@ -13,7 +13,7 @@ export default Controller.extend({
return ( return (
!this.siteSettings.invite_only && !this.siteSettings.invite_only &&
this.siteSettings.allow_new_registrations && this.siteSettings.allow_new_registrations &&
!this.siteSettings.enable_sso !this.siteSettings.enable_discourse_connect
); );
}, },

View File

@ -392,7 +392,7 @@ export default Controller.extend(ModalFunctionality, {
} }
const skipConfirmation = const skipConfirmation =
options && this.siteSettings.external_auth_skip_create_confirm; options && this.siteSettings.auth_skip_create_confirm;
const createAccountController = this.createAccount; const createAccountController = this.createAccount;
createAccountController.setProperties({ createAccountController.setProperties({

View File

@ -71,7 +71,8 @@ export default Controller.extend(CanCheckEmails, {
return false; return false;
} else { } else {
return ( return (
!this.siteSettings.enable_sso && this.siteSettings.enable_local_logins !this.siteSettings.enable_discourse_connect &&
this.siteSettings.enable_local_logins
); );
} }
}, },

View File

@ -755,7 +755,7 @@ const User = RestModel.extend({
@discourseComputed("can_delete_account") @discourseComputed("can_delete_account")
canDeleteAccount(canDeleteAccount) { canDeleteAccount(canDeleteAccount) {
return !this.siteSettings.enable_sso && canDeleteAccount; return !this.siteSettings.enable_discourse_connect && canDeleteAccount;
}, },
delete: function () { delete: function () {

View File

@ -243,7 +243,7 @@ const ApplicationRoute = DiscourseRoute.extend(OpenComposer, {
}, },
handleShowLogin() { handleShowLogin() {
if (this.siteSettings.enable_sso) { if (this.siteSettings.enable_discourse_connect) {
const returnPath = encodeURIComponent(window.location.pathname); const returnPath = encodeURIComponent(window.location.pathname);
window.location = getURL("/session/sso?return_path=" + returnPath); window.location = getURL("/session/sso?return_path=" + returnPath);
} else { } else {
@ -254,7 +254,7 @@ const ApplicationRoute = DiscourseRoute.extend(OpenComposer, {
}, },
handleShowCreateAccount() { handleShowCreateAccount() {
if (this.siteSettings.enable_sso) { if (this.siteSettings.enable_discourse_connect) {
const returnPath = encodeURIComponent(window.location.pathname); const returnPath = encodeURIComponent(window.location.pathname);
window.location = getURL("/session/sso?return_path=" + returnPath); window.location = getURL("/session/sso?return_path=" + returnPath);
} else { } else {

View File

@ -15,7 +15,7 @@
{{/if}} {{/if}}
</div> </div>
{{#unless siteSettings.sso_overrides_avatar}} {{#unless siteSettings.discourse_connect_overrides_avatar}}
<div class="control-group pref-avatar"> <div class="control-group pref-avatar">
<label class="control-label" id="profile-picture">{{i18n "user.avatar.title"}}</label> <label class="control-label" id="profile-picture">{{i18n "user.avatar.title"}}</label>
<div class="controls"> <div class="controls">
@ -94,8 +94,8 @@
{{/if}} {{/if}}
<div class="instructions"> <div class="instructions">
{{#if siteSettings.sso_overrides_email}} {{#if siteSettings.auth_overrides_email}}
{{i18n "user.email.sso_override_instructions"}} {{i18n "user.email.auth_override_instructions"}}
{{/if}} {{/if}}
{{i18n "user.email.instructions"}} {{i18n "user.email.instructions"}}
</div> </div>

View File

@ -32,7 +32,7 @@ acceptance("Create Account - external auth", function (needs) {
}); });
test("when skip is enabled", async function (assert) { test("when skip is enabled", async function (assert) {
this.siteSettings.external_auth_skip_create_confirm = true; this.siteSettings.auth_skip_create_confirm = true;
await visit("/"); await visit("/");
assert.ok( assert.ok(

View File

@ -29,7 +29,7 @@ const ORIGINAL_SETTINGS = {
enable_twitter_logins: true, enable_twitter_logins: true,
enable_facebook_logins: true, enable_facebook_logins: true,
enable_github_logins: true, enable_github_logins: true,
enable_sso: false, enable_discourse_connect: false,
min_username_length: 3, min_username_length: 3,
max_username_length: 20, max_username_length: 20,
min_password_length: 8, min_password_length: 8,

View File

@ -439,12 +439,12 @@ class Admin::UsersController < Admin::AdminController
end end
def sync_sso def sync_sso
return render body: nil, status: 404 unless SiteSetting.enable_sso return render body: nil, status: 404 unless SiteSetting.enable_discourse_connect
begin begin
sso = DiscourseSingleSignOn.parse("sso=#{params[:sso]}&sig=#{params[:sig]}") sso = DiscourseSingleSignOn.parse("sso=#{params[:sso]}&sig=#{params[:sig]}")
rescue DiscourseSingleSignOn::ParseError => e rescue DiscourseSingleSignOn::ParseError => e
return render json: failed_json.merge(message: I18n.t("sso.login_error")), status: 422 return render json: failed_json.merge(message: I18n.t("discourse_connect.login_error")), status: 422
end end
begin begin
@ -453,7 +453,7 @@ class Admin::UsersController < Admin::AdminController
rescue ActiveRecord::RecordInvalid => ex rescue ActiveRecord::RecordInvalid => ex
render json: failed_json.merge(message: ex.message), status: 403 render json: failed_json.merge(message: ex.message), status: 403
rescue DiscourseSingleSignOn::BlankExternalId => ex rescue DiscourseSingleSignOn::BlankExternalId => ex
render json: failed_json.merge(message: I18n.t('sso.blank_id_error')), status: 422 render json: failed_json.merge(message: I18n.t('discourse_connect.blank_id_error')), status: 422
end end
end end

View File

@ -739,11 +739,11 @@ class ApplicationController < ActionController::Base
def redirect_to_login def redirect_to_login
dont_cache_page dont_cache_page
if SiteSetting.external_auth_immediately && SiteSetting.enable_sso? if SiteSetting.auth_immediately && SiteSetting.enable_discourse_connect?
# save original URL in a session so we can redirect after login # save original URL in a session so we can redirect after login
session[:destination_url] = destination_url session[:destination_url] = destination_url
redirect_to path('/session/sso') redirect_to path('/session/sso')
elsif SiteSetting.external_auth_immediately && !SiteSetting.enable_local_logins && Discourse.enabled_authenticators.length == 1 && !cookies[:authentication_data] elsif SiteSetting.auth_immediately && !SiteSetting.enable_local_logins && Discourse.enabled_authenticators.length == 1 && !cookies[:authentication_data]
# Only one authentication provider, direct straight to it. # Only one authentication provider, direct straight to it.
# If authentication_data is present, then we are halfway though registration. Don't redirect offsite # If authentication_data is present, then we are halfway though registration. Don't redirect offsite
cookies[:destination_url] = destination_url cookies[:destination_url] = destination_url

View File

@ -338,7 +338,7 @@ class GroupsController < ApplicationController
if emails.any? if emails.any?
if SiteSetting.enable_sso? if SiteSetting.enable_sso?
raise Discourse::InvalidParameters.new(I18n.t("no_invites_with_sso")) raise Discourse::InvalidParameters.new(I18n.t("no_invites_with_discourse_connect"))
elsif !SiteSetting.enable_local_logins? elsif !SiteSetting.enable_local_logins?
raise Discourse::InvalidParameters.new(I18n.t("no_invites_without_local_logins")) raise Discourse::InvalidParameters.new(I18n.t("no_invites_without_local_logins"))
end end

View File

@ -268,7 +268,7 @@ class InvitesController < ApplicationController
if user.has_password? if user.has_password?
send_activation_email(user) unless user.active send_activation_email(user) unless user.active
elsif !SiteSetting.enable_sso && SiteSetting.enable_local_logins elsif !SiteSetting.enable_discourse_connect && SiteSetting.enable_local_logins
Jobs.enqueue(:invite_password_instructions_email, username: user.username) Jobs.enqueue(:invite_password_instructions_email, username: user.username)
end end
end end

View File

@ -24,19 +24,19 @@ class SessionController < ApplicationController
session.delete(:destination_url) session.delete(:destination_url)
cookies.delete(:destination_url) cookies.delete(:destination_url)
if SiteSetting.enable_sso? if SiteSetting.enable_discourse_connect?
sso = DiscourseSingleSignOn.generate_sso(return_path) sso = DiscourseSingleSignOn.generate_sso(return_path)
if SiteSetting.verbose_sso_logging if SiteSetting.verbose_discourse_connect_logging
Rails.logger.warn("Verbose SSO log: Started SSO process\n\n#{sso.diagnostics}") Rails.logger.warn("Verbose SSO log: Started SSO process\n\n#{sso.diagnostics}")
end end
redirect_to sso_url(sso) redirect_to discourse_connect_url(sso)
else else
render body: nil, status: 404 render body: nil, status: 404
end end
end end
def sso_provider(payload = nil) def sso_provider(payload = nil)
if SiteSetting.enable_sso_provider if SiteSetting.enable_discourse_connect_provider
begin begin
if !payload if !payload
params.require(:sso) params.require(:sso)
@ -44,15 +44,15 @@ class SessionController < ApplicationController
end end
sso = SingleSignOnProvider.parse(payload) sso = SingleSignOnProvider.parse(payload)
rescue SingleSignOnProvider::BlankSecret rescue SingleSignOnProvider::BlankSecret
render plain: I18n.t("sso.missing_secret"), status: 400 render plain: I18n.t("discourse_connect.missing_secret"), status: 400
return return
rescue SingleSignOnProvider::ParseError => e rescue SingleSignOnProvider::ParseError => e
if SiteSetting.verbose_sso_logging if SiteSetting.verbose_discourse_connect_logging
Rails.logger.warn("Verbose SSO log: Signature parse error\n\n#{e.message}\n\n#{sso&.diagnostics}") Rails.logger.warn("Verbose SSO log: Signature parse error\n\n#{e.message}\n\n#{sso&.diagnostics}")
end end
# Do NOT pass the error text to the client, it would give them the correct signature # Do NOT pass the error text to the client, it would give them the correct signature
render plain: I18n.t("sso.login_error"), status: 422 render plain: I18n.t("discourse_connect.login_error"), status: 422
return return
end end
@ -138,7 +138,7 @@ class SessionController < ApplicationController
end end
def sso_login def sso_login
raise Discourse::NotFound.new unless SiteSetting.enable_sso raise Discourse::NotFound.new unless SiteSetting.enable_discourse_connect
params.require(:sso) params.require(:sso)
params.require(:sig) params.require(:sig)
@ -146,26 +146,26 @@ class SessionController < ApplicationController
begin begin
sso = DiscourseSingleSignOn.parse(request.query_string) sso = DiscourseSingleSignOn.parse(request.query_string)
rescue DiscourseSingleSignOn::ParseError => e rescue DiscourseSingleSignOn::ParseError => e
if SiteSetting.verbose_sso_logging if SiteSetting.verbose_discourse_connect_logging
Rails.logger.warn("Verbose SSO log: Signature parse error\n\n#{e.message}\n\n#{sso&.diagnostics}") Rails.logger.warn("Verbose SSO log: Signature parse error\n\n#{e.message}\n\n#{sso&.diagnostics}")
end end
# Do NOT pass the error text to the client, it would give them the correct signature # Do NOT pass the error text to the client, it would give them the correct signature
return render_sso_error(text: I18n.t("sso.login_error"), status: 422) return render_sso_error(text: I18n.t("discourse_connect.login_error"), status: 422)
end end
if !sso.nonce_valid? if !sso.nonce_valid?
if SiteSetting.verbose_sso_logging if SiteSetting.verbose_discourse_connect_logging
Rails.logger.warn("Verbose SSO log: Nonce has already expired\n\n#{sso.diagnostics}") Rails.logger.warn("Verbose SSO log: Nonce has already expired\n\n#{sso.diagnostics}")
end end
return render_sso_error(text: I18n.t("sso.timeout_expired"), status: 419) return render_sso_error(text: I18n.t("discourse_connect.timeout_expired"), status: 419)
end end
if ScreenedIpAddress.should_block?(request.remote_ip) if ScreenedIpAddress.should_block?(request.remote_ip)
if SiteSetting.verbose_sso_logging if SiteSetting.verbose_discourse_connect_logging
Rails.logger.warn("Verbose SSO log: IP address is blocked #{request.remote_ip}\n\n#{sso.diagnostics}") Rails.logger.warn("Verbose SSO log: IP address is blocked #{request.remote_ip}\n\n#{sso.diagnostics}")
end end
return render_sso_error(text: I18n.t("sso.unknown_error"), status: 500) return render_sso_error(text: I18n.t("discourse_connect.unknown_error"), status: 500)
end end
return_path = sso.return_path return_path = sso.return_path
@ -180,10 +180,10 @@ class SessionController < ApplicationController
end end
if SiteSetting.must_approve_users? && !user.approved? if SiteSetting.must_approve_users? && !user.approved?
if SiteSetting.sso_not_approved_url.present? if SiteSetting.discourse_connect_not_approved_url.present?
redirect_to SiteSetting.sso_not_approved_url redirect_to SiteSetting.discourse_connect_not_approved_url
else else
render_sso_error(text: I18n.t("sso.account_not_approved"), status: 403) render_sso_error(text: I18n.t("discourse_connect.account_not_approved"), status: 403)
end end
return return
elsif !user.active? elsif !user.active?
@ -192,7 +192,7 @@ class SessionController < ApplicationController
session["user_created_message"] = activation.message session["user_created_message"] = activation.message
redirect_to(users_account_created_path) && (return) redirect_to(users_account_created_path) && (return)
else else
if SiteSetting.verbose_sso_logging if SiteSetting.verbose_discourse_connect_logging
Rails.logger.warn("Verbose SSO log: User was logged on #{user.username}\n\n#{sso.diagnostics}") Rails.logger.warn("Verbose SSO log: User was logged on #{user.username}\n\n#{sso.diagnostics}")
end end
if user.id != current_user&.id if user.id != current_user&.id
@ -206,7 +206,7 @@ class SessionController < ApplicationController
uri = URI(return_path) uri = URI(return_path)
if (uri.hostname == Discourse.current_hostname) if (uri.hostname == Discourse.current_hostname)
return_path = uri.to_s return_path = uri.to_s
elsif !SiteSetting.sso_allows_all_return_paths elsif !SiteSetting.discourse_connect_allows_all_return_paths
return_path = path("/") return_path = path("/")
end end
rescue rescue
@ -223,11 +223,11 @@ class SessionController < ApplicationController
redirect_to return_path redirect_to return_path
else else
render_sso_error(text: I18n.t("sso.not_found"), status: 500) render_sso_error(text: I18n.t("discourse_connect.not_found"), status: 500)
end end
rescue ActiveRecord::RecordInvalid => e rescue ActiveRecord::RecordInvalid => e
if SiteSetting.verbose_sso_logging if SiteSetting.verbose_discourse_connect_logging
Rails.logger.warn(<<~EOF) Rails.logger.warn(<<~EOF)
Verbose SSO log: Record was invalid: #{e.record.class.name} #{e.record.id} Verbose SSO log: Record was invalid: #{e.record.class.name} #{e.record.id}
#{e.record.errors.to_h} #{e.record.errors.to_h}
@ -245,17 +245,17 @@ class SessionController < ApplicationController
# If there's a problem with the email we can explain that # If there's a problem with the email we can explain that
if (e.record.is_a?(User) && e.record.errors[:primary_email].present?) if (e.record.is_a?(User) && e.record.errors[:primary_email].present?)
if e.record.email.blank? if e.record.email.blank?
text = I18n.t("sso.no_email") text = I18n.t("discourse_connect.no_email")
else else
text = I18n.t("sso.email_error", email: ERB::Util.html_escape(e.record.email)) text = I18n.t("discourse_connect.email_error", email: ERB::Util.html_escape(e.record.email))
end end
end end
render_sso_error(text: text || I18n.t("sso.unknown_error"), status: 500) render_sso_error(text: text || I18n.t("discourse_connect.unknown_error"), status: 500)
rescue DiscourseSingleSignOn::BlankExternalId rescue DiscourseSingleSignOn::BlankExternalId
render_sso_error(text: I18n.t("sso.blank_id_error"), status: 500) render_sso_error(text: I18n.t("discourse_connect.blank_id_error"), status: 500)
rescue => e rescue => e
message = +"Failed to create or lookup user: #{e}." message = +"Failed to create or lookup user: #{e}."
@ -266,7 +266,7 @@ class SessionController < ApplicationController
Rails.logger.error(message) Rails.logger.error(message)
render_sso_error(text: I18n.t("sso.unknown_error"), status: 500) render_sso_error(text: I18n.t("discourse_connect.unknown_error"), status: 500)
end end
end end
@ -445,7 +445,7 @@ class SessionController < ApplicationController
def destroy def destroy
redirect_url = params[:return_url].presence || SiteSetting.logout_redirect.presence redirect_url = params[:return_url].presence || SiteSetting.logout_redirect.presence
sso = SiteSetting.enable_sso sso = SiteSetting.enable_discourse_connect
only_one_authenticator = !SiteSetting.enable_local_logins && Discourse.enabled_authenticators.length == 1 only_one_authenticator = !SiteSetting.enable_local_logins && Discourse.enabled_authenticators.length == 1
if SiteSetting.login_required && (sso || only_one_authenticator) if SiteSetting.login_required && (sso || only_one_authenticator)
# In this situation visiting most URLs will start the auth process again # In this situation visiting most URLs will start the auth process again
@ -498,7 +498,7 @@ class SessionController < ApplicationController
return if user&.admin? return if user&.admin?
if (check_login_via_email && !SiteSetting.enable_local_logins_via_email) || if (check_login_via_email && !SiteSetting.enable_local_logins_via_email) ||
SiteSetting.enable_sso || SiteSetting.enable_discourse_connect ||
!SiteSetting.enable_local_logins !SiteSetting.enable_local_logins
raise Discourse::InvalidAccess, "SSO takes over local login or the local login is disallowed." raise Discourse::InvalidAccess, "SSO takes over local login or the local login is disallowed."
end end

View File

@ -19,7 +19,7 @@ class UploadsController < ApplicationController
# 50 characters ought to be enough for the upload type # 50 characters ought to be enough for the upload type
type = params.require(:type).parameterize(separator: "_")[0..50] type = params.require(:type).parameterize(separator: "_")[0..50]
if type == "avatar" && !me.admin? && (SiteSetting.sso_overrides_avatar || !SiteSetting.allow_uploaded_avatars) if type == "avatar" && !me.admin? && (SiteSetting.discourse_connect_overrides_avatar || !SiteSetting.allow_uploaded_avatars)
return render json: failed_json, status: 422 return render json: failed_json, status: 422
end end

View File

@ -23,7 +23,7 @@ class UserApiKeysController < ApplicationController
unless current_user unless current_user
cookies[:destination_url] = request.fullpath cookies[:destination_url] = request.fullpath
if SiteSetting.enable_sso? if SiteSetting.enable_discourse_connect?
redirect_to path('/session/sso') redirect_to path('/session/sso')
else else
redirect_to path('/login') redirect_to path('/login')
@ -115,7 +115,7 @@ class UserApiKeysController < ApplicationController
unless current_user unless current_user
cookies[:destination_url] = request.fullpath cookies[:destination_url] = request.fullpath
if SiteSetting.enable_sso? if SiteSetting.enable_discourse_connect?
redirect_to path('/session/sso') redirect_to path('/session/sso')
else else
redirect_to path('/login') redirect_to path('/login')

View File

@ -40,7 +40,7 @@ class Users::OmniauthCallbacksController < ApplicationController
preferred_origin = request.env['omniauth.origin'] preferred_origin = request.env['omniauth.origin']
if SiteSetting.enable_sso_provider && payload = cookies.delete(:sso_payload) if SiteSetting.enable_discourse_connect_provider && payload = cookies.delete(:sso_payload)
preferred_origin = session_sso_provider_url + "?" + payload preferred_origin = session_sso_provider_url + "?" + payload
elsif cookies[:destination_url].present? elsif cookies[:destination_url].present?
preferred_origin = cookies[:destination_url] preferred_origin = cookies[:destination_url]

View File

@ -179,7 +179,7 @@ class UsersController < ApplicationController
end end
rescue Discourse::InvalidAccess rescue Discourse::InvalidAccess
if current_user&.staff? if current_user&.staff?
render_json_error(I18n.t('errors.messages.sso_overrides_username')) render_json_error(I18n.t('errors.messages.auth_overrides_username'))
else else
render json: failed_json, status: 403 render json: failed_json, status: 403
end end
@ -412,8 +412,8 @@ class UsersController < ApplicationController
)) ))
else else
if current_user&.staff? if current_user&.staff?
message = if SiteSetting.enable_sso message = if SiteSetting.enable_discourse_connect
I18n.t("invite.disabled_errors.sso_enabled") I18n.t("invite.disabled_errors.discourse_connect_enabled")
elsif !SiteSetting.enable_local_logins elsif !SiteSetting.enable_local_logins
I18n.t("invite.disabled_errors.local_logins_disabled") I18n.t("invite.disabled_errors.local_logins_disabled")
end end
@ -436,8 +436,8 @@ class UsersController < ApplicationController
render json: MultiJson.dump(invites: serialize_data(invites.to_a, InviteLinkSerializer), can_see_invite_details: guardian.can_see_invite_details?(inviter)) render json: MultiJson.dump(invites: serialize_data(invites.to_a, InviteLinkSerializer), can_see_invite_details: guardian.can_see_invite_details?(inviter))
else else
if current_user&.staff? if current_user&.staff?
message = if SiteSetting.enable_sso message = if SiteSetting.enable_discourse_connect
I18n.t("invite.disabled_errors.sso_enabled") I18n.t("invite.disabled_errors.discourse_connect_enabled")
elsif !SiteSetting.enable_local_logins elsif !SiteSetting.enable_local_logins
I18n.t("invite.disabled_errors.local_logins_disabled") I18n.t("invite.disabled_errors.local_logins_disabled")
end end
@ -909,7 +909,7 @@ class UsersController < ApplicationController
def account_created def account_created
if current_user.present? if current_user.present?
if SiteSetting.enable_sso_provider && payload = cookies.delete(:sso_payload) if SiteSetting.enable_discourse_connect_provider && payload = cookies.delete(:sso_payload)
return redirect_to(session_sso_provider_url + "?" + payload) return redirect_to(session_sso_provider_url + "?" + payload)
elsif destination_url = cookies.delete(:destination_url) elsif destination_url = cookies.delete(:destination_url)
return redirect_to(destination_url) return redirect_to(destination_url)
@ -958,7 +958,7 @@ class UsersController < ApplicationController
elsif destination_url = cookies[:destination_url] elsif destination_url = cookies[:destination_url]
cookies[:destination_url] = nil cookies[:destination_url] = nil
return redirect_to(destination_url) return redirect_to(destination_url)
elsif SiteSetting.enable_sso_provider && payload = cookies.delete(:sso_payload) elsif SiteSetting.enable_discourse_connect_provider && payload = cookies.delete(:sso_payload)
return redirect_to(session_sso_provider_url + "?" + payload) return redirect_to(session_sso_provider_url + "?" + payload)
end end
else else
@ -1095,7 +1095,7 @@ class UsersController < ApplicationController
user = fetch_user_from_params user = fetch_user_from_params
guardian.ensure_can_edit!(user) guardian.ensure_can_edit!(user)
if SiteSetting.sso_overrides_avatar if SiteSetting.discourse_connect_overrides_avatar
return render json: failed_json, status: 422 return render json: failed_json, status: 422
end end
@ -1276,7 +1276,7 @@ class UsersController < ApplicationController
end end
def list_second_factors def list_second_factors
raise Discourse::NotFound if SiteSetting.enable_sso || !SiteSetting.enable_local_logins raise Discourse::NotFound if SiteSetting.enable_discourse_connect || !SiteSetting.enable_local_logins
unless params[:password].empty? unless params[:password].empty?
RateLimiter.new(nil, "login-hr-#{request.remote_ip}", SiteSetting.max_logins_per_ip_per_hour, 1.hour).performed! RateLimiter.new(nil, "login-hr-#{request.remote_ip}", SiteSetting.max_logins_per_ip_per_hour, 1.hour).performed!
@ -1448,7 +1448,7 @@ class UsersController < ApplicationController
end end
def second_factor_check_confirmed_password def second_factor_check_confirmed_password
raise Discourse::NotFound if SiteSetting.enable_sso || !SiteSetting.enable_local_logins raise Discourse::NotFound if SiteSetting.enable_discourse_connect || !SiteSetting.enable_local_logins
raise Discourse::InvalidAccess.new unless current_user && secure_session_confirmed? raise Discourse::InvalidAccess.new unless current_user && secure_session_confirmed?
end end

View File

@ -548,7 +548,7 @@ module ApplicationHelper
def can_sign_up? def can_sign_up?
SiteSetting.allow_new_registrations && SiteSetting.allow_new_registrations &&
!SiteSetting.invite_only && !SiteSetting.invite_only &&
!SiteSetting.enable_sso !SiteSetting.enable_discourse_connect
end end
def rss_creator(user) def rss_creator(user)

View File

@ -113,7 +113,7 @@ module Jobs
condition = { trust_level: trust_level } condition = { trust_level: trust_level }
end end
if SiteSetting.enable_sso if SiteSetting.enable_discourse_connect
# SSO enabled # SSO enabled
User.where(condition).includes(:user_profile, :user_stat, :user_emails, :single_sign_on_record, :groups).find_each do |user| User.where(condition).includes(:user_profile, :user_stat, :user_emails, :single_sign_on_record, :groups).find_each do |user|
user_info_array = get_base_user_array(user) user_info_array = get_base_user_array(user)
@ -232,7 +232,7 @@ module Jobs
def get_header(entity) def get_header(entity)
if entity == 'user_list' if entity == 'user_list'
header_array = HEADER_ATTRS_FOR['user_list'] + HEADER_ATTRS_FOR['user_stats'] + HEADER_ATTRS_FOR['user_profile'] header_array = HEADER_ATTRS_FOR['user_list'] + HEADER_ATTRS_FOR['user_stats'] + HEADER_ATTRS_FOR['user_profile']
header_array.concat(HEADER_ATTRS_FOR['user_sso']) if SiteSetting.enable_sso header_array.concat(HEADER_ATTRS_FOR['user_sso']) if SiteSetting.enable_discourse_connect
user_custom_fields = UserField.all user_custom_fields = UserField.all
if user_custom_fields.present? if user_custom_fields.present?
user_custom_fields.each do |custom_field| user_custom_fields.each do |custom_field|

View File

@ -384,7 +384,7 @@ module Jobs
def get_header(entity) def get_header(entity)
if entity == 'user_list' if entity == 'user_list'
header_array = HEADER_ATTRS_FOR['user_list'] + HEADER_ATTRS_FOR['user_stats'] + HEADER_ATTRS_FOR['user_profile'] header_array = HEADER_ATTRS_FOR['user_list'] + HEADER_ATTRS_FOR['user_stats'] + HEADER_ATTRS_FOR['user_profile']
header_array.concat(HEADER_ATTRS_FOR['user_sso']) if SiteSetting.enable_sso header_array.concat(HEADER_ATTRS_FOR['user_sso']) if SiteSetting.enable_discourse_connect
user_custom_fields = UserField.all user_custom_fields = UserField.all
if user_custom_fields.present? if user_custom_fields.present?
user_custom_fields.each do |custom_field| user_custom_fields.each do |custom_field|

View File

@ -54,19 +54,19 @@ module SecondFactorManager
end end
def totp_enabled? def totp_enabled?
!SiteSetting.enable_sso && !SiteSetting.enable_discourse_connect &&
SiteSetting.enable_local_logins && SiteSetting.enable_local_logins &&
self&.user_second_factors.totps.exists? self&.user_second_factors.totps.exists?
end end
def backup_codes_enabled? def backup_codes_enabled?
!SiteSetting.enable_sso && !SiteSetting.enable_discourse_connect &&
SiteSetting.enable_local_logins && SiteSetting.enable_local_logins &&
self&.user_second_factors.backup_codes.exists? self&.user_second_factors.backup_codes.exists?
end end
def security_keys_enabled? def security_keys_enabled?
!SiteSetting.enable_sso && !SiteSetting.enable_discourse_connect &&
SiteSetting.enable_local_logins && SiteSetting.enable_local_logins &&
self&.security_keys.where(factor_type: UserSecurityKey.factor_types[:second_factor], enabled: true).exists? self&.security_keys.where(factor_type: UserSecurityKey.factor_types[:second_factor], enabled: true).exists?
end end

View File

@ -6,11 +6,11 @@ class DiscourseSingleSignOn < SingleSignOn
class BannedExternalId < StandardError; end class BannedExternalId < StandardError; end
def self.sso_url def self.sso_url
SiteSetting.sso_url SiteSetting.discourse_connect_url
end end
def self.sso_secret def self.sso_secret
SiteSetting.sso_secret SiteSetting.discourse_connect_secret
end end
def self.generate_sso(return_path = "/") def self.generate_sso(return_path = "/")
@ -120,7 +120,7 @@ class DiscourseSingleSignOn < SingleSignOn
# The user might require approval # The user might require approval
user.create_reviewable user.create_reviewable
if bio && (user.user_profile.bio_raw.blank? || SiteSetting.sso_overrides_bio) if bio && (user.user_profile.bio_raw.blank? || SiteSetting.discourse_connect_overrides_bio)
user.user_profile.bio_raw = bio user.user_profile.bio_raw = bio
user.user_profile.save! user.user_profile.save!
end end
@ -170,7 +170,7 @@ class DiscourseSingleSignOn < SingleSignOn
end end
def apply_group_rules(user) def apply_group_rules(user)
if SiteSetting.sso_overrides_groups if SiteSetting.discourse_connect_overrides_groups
synchronize_groups(user) synchronize_groups(user)
return return
end end
@ -219,7 +219,7 @@ class DiscourseSingleSignOn < SingleSignOn
user = User.create!(user_params) user = User.create!(user_params)
if SiteSetting.verbose_sso_logging if SiteSetting.verbose_discourse_connect_logging
Rails.logger.warn("Verbose SSO log: New User (user_id: #{user.id}) Params: #{user_params} User Params: #{user.attributes} User Errors: #{user.errors.full_messages} Email: #{user.primary_email.attributes} Email Error: #{user.primary_email.errors.full_messages}") Rails.logger.warn("Verbose SSO log: New User (user_id: #{user.id}) Params: #{user_params} User Params: #{user.attributes} User Errors: #{user.errors.full_messages} Email: #{user.primary_email.attributes} Email Error: #{user.primary_email.errors.full_messages}")
end end
end end
@ -233,7 +233,7 @@ class DiscourseSingleSignOn < SingleSignOn
Jobs.enqueue(:download_avatar_from_url, Jobs.enqueue(:download_avatar_from_url,
url: avatar_url, url: avatar_url,
user_id: user.id, user_id: user.id,
override_gravatar: SiteSetting.sso_overrides_avatar override_gravatar: SiteSetting.discourse_connect_overrides_avatar
) )
end end
@ -273,13 +273,13 @@ class DiscourseSingleSignOn < SingleSignOn
def change_external_attributes_and_override(sso_record, user) def change_external_attributes_and_override(sso_record, user)
@email_changed = false @email_changed = false
if SiteSetting.sso_overrides_email && user.email != Email.downcase(email) if SiteSetting.auth_overrides_email && user.email != Email.downcase(email)
user.email = email user.email = email
user.active = false if require_activation user.active = false if require_activation
@email_changed = true @email_changed = true
end end
if SiteSetting.sso_overrides_username? && username.present? if SiteSetting.auth_overrides_username? && username.present?
if user.username.downcase == username.downcase if user.username.downcase == username.downcase
user.username = username # there may be a change of case user.username = username # there may be a change of case
elsif user.username != username elsif user.username != username
@ -287,7 +287,7 @@ class DiscourseSingleSignOn < SingleSignOn
end end
end end
if SiteSetting.sso_overrides_name && user.name != name && name.present? if SiteSetting.auth_overrides_name && user.name != name && name.present?
user.name = name || User.suggest_name(username.blank? ? email : username) user.name = name || User.suggest_name(username.blank? ? email : username)
end end
@ -297,18 +297,18 @@ class DiscourseSingleSignOn < SingleSignOn
avatar_missing = user.uploaded_avatar_id.nil? || !Upload.exists?(user.uploaded_avatar_id) avatar_missing = user.uploaded_avatar_id.nil? || !Upload.exists?(user.uploaded_avatar_id)
if (avatar_missing || avatar_force_update || SiteSetting.sso_overrides_avatar) && avatar_url.present? if (avatar_missing || avatar_force_update || SiteSetting.discourse_connect_overrides_avatar) && avatar_url.present?
avatar_changed = sso_record.external_avatar_url != avatar_url avatar_changed = sso_record.external_avatar_url != avatar_url
if avatar_force_update || avatar_changed || avatar_missing if avatar_force_update || avatar_changed || avatar_missing
Jobs.enqueue(:download_avatar_from_url, url: avatar_url, user_id: user.id, override_gravatar: SiteSetting.sso_overrides_avatar) Jobs.enqueue(:download_avatar_from_url, url: avatar_url, user_id: user.id, override_gravatar: SiteSetting.discourse_connect_overrides_avatar)
end end
end end
if profile_background_url.present? if profile_background_url.present?
profile_background_missing = user.user_profile.profile_background_upload.blank? || Upload.get_from_url(user.user_profile.profile_background_upload.url).blank? profile_background_missing = user.user_profile.profile_background_upload.blank? || Upload.get_from_url(user.user_profile.profile_background_upload.url).blank?
if profile_background_missing || SiteSetting.sso_overrides_profile_background if profile_background_missing || SiteSetting.discourse_connect_overrides_profile_background
profile_background_changed = sso_record.external_profile_background_url != profile_background_url profile_background_changed = sso_record.external_profile_background_url != profile_background_url
if profile_background_changed || profile_background_missing if profile_background_changed || profile_background_missing
Jobs.enqueue(:download_profile_background_from_url, Jobs.enqueue(:download_profile_background_from_url,
@ -322,7 +322,7 @@ class DiscourseSingleSignOn < SingleSignOn
if card_background_url.present? if card_background_url.present?
card_background_missing = user.user_profile.card_background_upload.blank? || Upload.get_from_url(user.user_profile.card_background_upload.url).blank? card_background_missing = user.user_profile.card_background_upload.blank? || Upload.get_from_url(user.user_profile.card_background_upload.url).blank?
if card_background_missing || SiteSetting.sso_overrides_profile_background if card_background_missing || SiteSetting.discourse_connect_overrides_profile_background
card_background_changed = sso_record.external_card_background_url != card_background_url card_background_changed = sso_record.external_card_background_url != card_background_url
if card_background_changed || card_background_missing if card_background_changed || card_background_missing
Jobs.enqueue(:download_profile_background_from_url, Jobs.enqueue(:download_profile_background_from_url,

View File

@ -361,7 +361,7 @@ class Invite < ActiveRecord::Base
return if email.blank? return if email.blank?
if SiteSetting.enable_sso? if SiteSetting.enable_sso?
errors.add(:email, I18n.t("invite.disabled_errors.sso_enabled")) errors.add(:email, I18n.t("invite.disabled_errors.discourse_connect_enabled"))
elsif !SiteSetting.enable_local_logins? elsif !SiteSetting.enable_local_logins?
errors.add(:email, I18n.t("invite.disabled_errors.local_logins_disabled")) errors.add(:email, I18n.t("invite.disabled_errors.local_logins_disabled"))
end end

View File

@ -106,7 +106,7 @@ class AdminUserListSerializer < BasicUserSerializer
end end
def include_second_factor_enabled? def include_second_factor_enabled?
!SiteSetting.enable_sso && !SiteSetting.enable_discourse_connect &&
SiteSetting.enable_local_logins && SiteSetting.enable_local_logins &&
object.has_any_second_factor_methods_enabled? object.has_any_second_factor_methods_enabled?
end end

View File

@ -228,7 +228,7 @@ class CurrentUserSerializer < BasicUserSerializer
end end
def include_external_id? def include_external_id?
SiteSetting.enable_sso SiteSetting.enable_discourse_connect
end end
def second_factor_enabled def second_factor_enabled

View File

@ -44,7 +44,7 @@ class NotificationSerializer < ApplicationSerializer
end end
def include_external_id? def include_external_id?
SiteSetting.enable_sso SiteSetting.enable_discourse_connect
end end
end end

View File

@ -120,15 +120,15 @@ class UserSerializer < UserCardSerializer
end end
def can_change_bio def can_change_bio
!(SiteSetting.enable_sso && SiteSetting.sso_overrides_bio) !(SiteSetting.enable_discourse_connect && SiteSetting.discourse_connect_overrides_bio)
end end
def can_change_location def can_change_location
!(SiteSetting.enable_sso && SiteSetting.sso_overrides_location) !(SiteSetting.enable_discourse_connect && SiteSetting.discourse_connect_overrides_location)
end end
def can_change_website def can_change_website
!(SiteSetting.enable_sso && SiteSetting.sso_overrides_website) !(SiteSetting.enable_discourse_connect && SiteSetting.discourse_connect_overrides_website)
end end
def user_api_keys def user_api_keys

View File

@ -67,15 +67,15 @@ class UserUpdater
def update(attributes = {}) def update(attributes = {})
user_profile = user.user_profile user_profile = user.user_profile
user_profile.dismissed_banner_key = attributes[:dismissed_banner_key] if attributes[:dismissed_banner_key].present? user_profile.dismissed_banner_key = attributes[:dismissed_banner_key] if attributes[:dismissed_banner_key].present?
unless SiteSetting.enable_sso && SiteSetting.sso_overrides_bio unless SiteSetting.enable_discourse_connect && SiteSetting.discourse_connect_overrides_bio
user_profile.bio_raw = attributes.fetch(:bio_raw) { user_profile.bio_raw } user_profile.bio_raw = attributes.fetch(:bio_raw) { user_profile.bio_raw }
end end
unless SiteSetting.enable_sso && SiteSetting.sso_overrides_location unless SiteSetting.enable_discourse_connect && SiteSetting.discourse_connect_overrides_location
user_profile.location = attributes.fetch(:location) { user_profile.location } user_profile.location = attributes.fetch(:location) { user_profile.location }
end end
unless SiteSetting.enable_sso && SiteSetting.sso_overrides_website unless SiteSetting.enable_discourse_connect && SiteSetting.discourse_connect_overrides_website
user_profile.website = format_url(attributes.fetch(:website) { user_profile.website }) user_profile.website = format_url(attributes.fetch(:website) { user_profile.website })
end end

View File

@ -1,4 +1,4 @@
<h1><%= t('sso.login_error') %></h1> <h1><%= t('discourse_connect.login_error') %></h1>
<br/> <br/>

View File

@ -1263,7 +1263,7 @@ en:
set_primary: "Set Primary Email" set_primary: "Set Primary Email"
destroy: "Remove Email" destroy: "Remove Email"
add_email: "Add Alternate Email" add_email: "Add Alternate Email"
sso_override_instructions: "Email can be updated from SSO provider." auth_override_instructions: "Email can be updated from authentication provider."
no_secondary: "No secondary emails" no_secondary: "No secondary emails"
instructions: "Never shown to the public." instructions: "Never shown to the public."
admin_note: "Note: An admin user changing another non-admin user's email indicates the user has lost access to their original email account, so a reset password email will be sent to their new address. The user's email will not change until they complete the reset password process." admin_note: "Note: An admin user changing another non-admin user's email indicates the user has lost access to their original email account, so a reset password email will be sent to their new address. The user's email will not change until they complete the reset password process."
@ -2648,7 +2648,7 @@ en:
action: "Send Invite" action: "Send Invite"
help: "invite others to this topic via email or notifications" help: "invite others to this topic via email or notifications"
to_forum: "We'll send a brief email allowing your friend to immediately join by clicking a link." to_forum: "We'll send a brief email allowing your friend to immediately join by clicking a link."
sso_enabled: "Enter the username of the person you'd like to invite to this topic." discourse_connect_enabled: "Enter the username of the person you'd like to invite to this topic."
to_topic_blank: "Enter the username or email address of the person you'd like to invite to this topic." to_topic_blank: "Enter the username or email address of the person you'd like to invite to this topic."
to_topic_email: "You've entered an email address. We'll email an invitation that allows your friend to immediately reply to this topic." to_topic_email: "You've entered an email address. We'll email an invitation that allows your friend to immediately reply to this topic."
to_topic_username: "You've entered a username. We'll send a notification with a link inviting them to this topic." to_topic_username: "You've entered a username. We'll send a notification with a link inviting them to this topic."
@ -3863,7 +3863,7 @@ en:
wordpress: Necessary for the WordPress wp-discourse plugin to work. wordpress: Necessary for the WordPress wp-discourse plugin to work.
users: users:
bookmarks: List user bookmarks. It returns bookmark reminders when using the ICS format. bookmarks: List user bookmarks. It returns bookmark reminders when using the ICS format.
sync_sso: Synchronize a user using SSO. sync_sso: Synchronize a user using DiscourseConnect.
show: Obtain information about an user. show: Obtain information about an user.
check_emails: List user emails. check_emails: List user emails.
update: Update user profile information. update: Update user profile information.
@ -4853,8 +4853,8 @@ en:
on_grace_period: "Currently in promotion grace period, will not be demoted." on_grace_period: "Currently in promotion grace period, will not be demoted."
locked_will_not_be_promoted: "Trust level locked. Will never be promoted." locked_will_not_be_promoted: "Trust level locked. Will never be promoted."
locked_will_not_be_demoted: "Trust level locked. Will never be demoted." locked_will_not_be_demoted: "Trust level locked. Will never be demoted."
sso: discourse_connect:
title: "Single Sign On" title: "DiscourseConnect Single Sign On"
external_id: "External ID" external_id: "External ID"
external_username: "Username" external_username: "Username"
external_name: "Name" external_name: "Name"
@ -4862,7 +4862,7 @@ en:
external_avatar_url: "Profile Picture URL" external_avatar_url: "Profile Picture URL"
last_payload: "Last Payload" last_payload: "Last Payload"
delete_sso_record: "Delete SSO Record" delete_sso_record: "Delete SSO Record"
confirm_delete: "Are you sure you would like to delete this single sign on (SSO) record?" confirm_delete: "Are you sure you would like to delete this DiscourseConnect record?"
user_fields: user_fields:
title: "User Fields" title: "User Fields"

View File

@ -180,7 +180,7 @@ en:
one: is the wrong length (should be %{count} character) one: is the wrong length (should be %{count} character)
other: is the wrong length (should be %{count} characters) other: is the wrong length (should be %{count} characters)
other_than: "must be other than %{count}" other_than: "must be other than %{count}"
sso_overrides_username: "Username needs to be updated on SSO provider side, since `sso_overrides_username` setting is enabled." auth_overrides_username: "Username needs to be updated on authentication provider side, since `auth_overrides_username` setting is enabled."
template: template:
body: ! "There were problems with the following fields:" body: ! "There were problems with the following fields:"
header: header:
@ -204,7 +204,7 @@ en:
share_quote_facebook_requirements: "You must set a Facebook app id to enable quote sharing for Facebook." share_quote_facebook_requirements: "You must set a Facebook app id to enable quote sharing for Facebook."
second_factor_cannot_enforce_with_socials: "You cannot enforce 2FA with social logins enabled. You must first disable login via: %{auth_provider_names}" second_factor_cannot_enforce_with_socials: "You cannot enforce 2FA with social logins enabled. You must first disable login via: %{auth_provider_names}"
second_factor_cannot_be_enforced_with_disabled_local_login: "You cannot enforce 2FA if local logins are disabled." second_factor_cannot_be_enforced_with_disabled_local_login: "You cannot enforce 2FA if local logins are disabled."
second_factor_cannot_be_enforced_with_sso_enabled: "You cannot enforce 2FA if SSO is enabled." second_factor_cannot_be_enforced_with_discourse_connect_enabled: "You cannot enforce 2FA if DiscourseConnect is enabled."
local_login_cannot_be_disabled_if_second_factor_enforced: "You cannot disable local login if 2FA is enforced. Disable enforced 2FA before disabling local logins." local_login_cannot_be_disabled_if_second_factor_enforced: "You cannot disable local login if 2FA is enforced. Disable enforced 2FA before disabling local logins."
cannot_enable_s3_uploads_when_s3_enabled_globally: "You cannot enable S3 uploads because S3 uploads are already globally enabled, and enabling this site-level could cause critical issues with uploads" cannot_enable_s3_uploads_when_s3_enabled_globally: "You cannot enable S3 uploads because S3 uploads are already globally enabled, and enabling this site-level could cause critical issues with uploads"
cors_origins_should_not_have_trailing_slash: "You should not add the trailing slash (/) to CORS origins." cors_origins_should_not_have_trailing_slash: "You should not add the trailing slash (/) to CORS origins."
@ -239,7 +239,7 @@ en:
confirm_email: "<p>Youre almost done! We sent an activation mail to your email address. Please follow the instructions in the mail to activate your account.</p><p>If it doesnt arrive, check your spam folder.</p>" confirm_email: "<p>Youre almost done! We sent an activation mail to your email address. Please follow the instructions in the mail to activate your account.</p><p>If it doesnt arrive, check your spam folder.</p>"
cant_invite_to_group: "You are not allowed to invite users to specified group(s). Make sure you are owner of the group(s) you are trying to invite to." cant_invite_to_group: "You are not allowed to invite users to specified group(s). Make sure you are owner of the group(s) you are trying to invite to."
disabled_errors: disabled_errors:
sso_enabled: "Invites are disabled because SSO is enabled." discourse_connect_enabled: "Invites are disabled because DiscourseConnect is enabled."
local_logins_disabled: "Invites are disabled because the 'enable local logins' setting is disabled." local_logins_disabled: "Invites are disabled because the 'enable local logins' setting is disabled."
invalid_access: "You are not permitted to view the requested resource." invalid_access: "You are not permitted to view the requested resource."
@ -448,7 +448,7 @@ en:
one: "Maximum %{count} user can be added at once" one: "Maximum %{count} user can be added at once"
other: "Maximum %{count} users can be added at once" other: "Maximum %{count} users can be added at once"
usernames_or_emails_required: "Usernames or emails must be present" usernames_or_emails_required: "Usernames or emails must be present"
no_invites_with_sso: "You can invite only registered users when SSO is enabled" no_invites_with_discourse_connect: "You can invite only registered users when DiscourseConnect is enabled"
no_invites_without_local_logins: "You can invite only registered users when local logins are disabled" no_invites_without_local_logins: "You can invite only registered users when local logins are disabled"
default_names: default_names:
everyone: "everyone" everyone: "everyone"
@ -1532,7 +1532,7 @@ en:
detailed_404: "Provides more details to users about why they cant access a particular topic. Note: This is less secure because users will know if a URL links to a valid topic." detailed_404: "Provides more details to users about why they cant access a particular topic. Note: This is less secure because users will know if a URL links to a valid topic."
enforce_second_factor: "Forces users to enable two-factor authentication. Select 'all' to enforce it to all users. Select 'staff' to enforce it to staff users only." enforce_second_factor: "Forces users to enable two-factor authentication. Select 'all' to enforce it to all users. Select 'staff' to enforce it to staff users only."
force_https: "Force your site to use HTTPS only. WARNING: do NOT enable this until you verify HTTPS is fully set up and working absolutely everywhere! Did you check your CDN, all social logins, and any external logos / dependencies to make sure they are all HTTPS compatible, too?" force_https: "Force your site to use HTTPS only. WARNING: do NOT enable this until you verify HTTPS is fully set up and working absolutely everywhere! Did you check your CDN, all social logins, and any external logos / dependencies to make sure they are all HTTPS compatible, too?"
same_site_cookies: "Use same site cookies, they eliminate all vectors Cross Site Request Forgery on supported browsers (Lax or Strict). Warning: Strict will only work on sites that force login and use SSO." same_site_cookies: "Use same site cookies, they eliminate all vectors Cross Site Request Forgery on supported browsers (Lax or Strict). Warning: Strict will only work on sites that force login and use an external auth method."
summary_score_threshold: "The minimum score required for a post to be included in 'Summarize This Topic'" summary_score_threshold: "The minimum score required for a post to be included in 'Summarize This Topic'"
summary_posts_required: "Minimum posts in a topic before 'Summarize This Topic' is enabled. Changes to this setting will be applied retroactively within a week." summary_posts_required: "Minimum posts in a topic before 'Summarize This Topic' is enabled. Changes to this setting will be applied retroactively within a week."
summary_likes_required: "Minimum likes in a topic before 'Summarize This Topic' is enabled. Changes to this setting will be applied retroactively within a week." summary_likes_required: "Minimum likes in a topic before 'Summarize This Topic' is enabled. Changes to this setting will be applied retroactively within a week."
@ -1656,27 +1656,27 @@ en:
password_unique_characters: "Minimum number of unique characters that a password must have." password_unique_characters: "Minimum number of unique characters that a password must have."
block_common_passwords: "Don't allow passwords that are in the 10,000 most common passwords." block_common_passwords: "Don't allow passwords that are in the 10,000 most common passwords."
external_auth_skip_create_confirm: When signing up via external auth, skip the create account popup. Best used alongside sso_overrides_email, sso_overrides_username and sso_overrides_name. auth_skip_create_confirm: When signing up via external auth, skip the create account popup. Best used alongside auth_overrides_email, auth_overrides_username and auth_overrides_name.
external_auth_immediately: "Automatically redirect to the external login system without user interaction. This only takes effect when login_required is true, and there is only one external authentication method" auth_immediately: "Automatically redirect to the external login system without user interaction. This only takes effect when login_required is true, and there is only one external authentication method"
enable_sso: "Enable single sign on via an external site (WARNING: USERS' EMAIL ADDRESSES *MUST* BE VALIDATED BY THE EXTERNAL SITE!)" enable_discourse_connect: "Enable sign on via DiscourseConnect (formerly 'Discourse SSO') (WARNING: USERS' EMAIL ADDRESSES *MUST* BE VALIDATED BY THE EXTERNAL SITE!)"
verbose_sso_logging: "Log verbose SSO related diagnostics to <a href='%{base_path}/logs' target='_blank'>/logs</a>" verbose_discourse_connect_logging: "Log verbose DiscourseConnect related diagnostics to <a href='%{base_path}/logs' target='_blank'>/logs</a>"
enable_sso_provider: "Implement Discourse SSO provider protocol at the /session/sso_provider endpoint, requires sso_provider_secrets to be set" enable_discourse_connect_provider: "Implement DiscourseConnect (formerly 'Discourse SSO') provider protocol at the /session/sso_provider endpoint, requires discourse_connect_provider_secrets to be set"
sso_url: "URL of single sign on endpoint (must include http:// or https://)" discourse_connect_url: "URL of DiscourseConnect endpoint (must include http:// or https://)"
sso_secret: "Secret string used to cryptographically authenticate SSO information, be sure it is 10 characters or longer" discourse_connect_secret: "Secret string used to cryptographically authenticate DiscourseConnect information, be sure it is 10 characters or longer"
sso_provider_secrets: "A list of domain-secret pairs that are using Discourse as an SSO provider. Make sure SSO secret is 10 characters or longer. Wildcard symbol * can be used to match any domain or only a part of it (e.g. *.example.com)." discourse_connect_provider_secrets: "A list of domain-secret pairs that are using DiscourseConnect. Make sure DiscourseConnect secret is 10 characters or longer. Wildcard symbol * can be used to match any domain or only a part of it (e.g. *.example.com)."
sso_overrides_bio: "Overrides user bio in user profile and prevents user from changing it" discourse_connect_overrides_bio: "Overrides user bio in user profile and prevents user from changing it"
sso_overrides_groups: "Synchronize all manual group membership with groups specified in the groups sso attribute (WARNING: if you do not specify groups all manual group membership will be cleared for user)" discourse_connect_overrides_groups: "Synchronize all manual group membership with groups specified in the groups attribute (WARNING: if you do not specify groups all manual group membership will be cleared for user)"
sso_overrides_email: "Overrides local email with external site email from SSO payload on every login, and prevent local changes. Applies to all authentication providers. (WARNING: discrepancies can occur due to normalization of local emails)" auth_overrides_email: "Overrides local email with external site email on every login, and prevent local changes. Applies to all authentication providers. (WARNING: discrepancies can occur due to normalization of local emails)"
sso_overrides_username: "Overrides local username with external site username from SSO payload on every login, and prevent local changes. Applies to all authentication providers. (WARNING: discrepancies can occur due to differences in username length/requirements)" auth_overrides_username: "Overrides local username with external site username on every login, and prevent local changes. Applies to all authentication providers. (WARNING: discrepancies can occur due to differences in username length/requirements)"
sso_overrides_name: "Overrides local full name with external site full name from SSO payload on every login, and prevent local changes. Applies to all authentication providers." auth_overrides_name: "Overrides local full name with external site full name on every login, and prevent local changes. Applies to all authentication providers."
sso_overrides_avatar: "Overrides user avatar with external site avatar from SSO payload. If enabled, users will not be allowed to upload avatars on Discourse." discourse_connect_overrides_avatar: "Overrides user avatar with external site avatar from DiscourseConnect payload. If enabled, users will not be allowed to upload avatars on Discourse."
sso_overrides_location: "Overrides user location with external location from SSO payload and prevent local changes." discourse_connect_overrides_location: "Overrides user location with external location from DiscourseConnect payload and prevent local changes."
sso_overrides_website: "Overrides user website with external location from SSO payload and prevent local changes." discourse_connect_overrides_website: "Overrides user website with external location from DiscourseConnect payload and prevent local changes."
sso_overrides_profile_background: "Overrides user profile background with external site avatar from SSO payload." discourse_connect_overrides_profile_background: "Overrides user profile background with external site avatar from DiscourseConnect payload."
sso_overrides_card_background: "Overrides user card background with external site avatar from SSO payload." discourse_connect_overrides_card_background: "Overrides user card background with external site avatar from DiscourseConnect payload."
sso_not_approved_url: "Redirect unapproved SSO accounts to this URL" discourse_connect_not_approved_url: "Redirect unapproved DiscourseConnect accounts to this URL"
sso_allows_all_return_paths: "Do not restrict the domain for return_paths provided by SSO (by default return path must be on current site)" discourse_connect_allows_all_return_paths: "Do not restrict the domain for return_paths provided by DiscourseConnect (by default return path must be on current site)"
enable_local_logins: "Enable local username and password login based accounts. This must be enabled for invites to work. WARNING: if disabled, you may be unable to log in if you have not previously configured at least one alternate login method." enable_local_logins: "Enable local username and password login based accounts. This must be enabled for invites to work. WARNING: if disabled, you may be unable to log in if you have not previously configured at least one alternate login method."
enable_local_logins_via_email: "Allow users to request a one-click login link to be sent to them via email." enable_local_logins_via_email: "Allow users to request a one-click login link to be sent to them via email."
@ -2313,8 +2313,8 @@ en:
email_editable_enabled: "You must disable 'email editable' before enabling this setting." email_editable_enabled: "You must disable 'email editable' before enabling this setting."
staged_users_disabled: "You must first enable 'staged users' before enabling this setting." staged_users_disabled: "You must first enable 'staged users' before enabling this setting."
reply_by_email_disabled: "You must first enable 'reply by email' before enabling this setting." reply_by_email_disabled: "You must first enable 'reply by email' before enabling this setting."
sso_url_is_empty: "You must set a 'sso url' before enabling this setting." discourse_connect_url_is_empty: "You must set a 'discourse connect url' before enabling this setting."
sso_invite_only: "You cannot enable sso and invite only at the same time." discourse_connect_invite_only: "You cannot enable DiscourseConnect and invite only at the same time."
enable_local_logins_disabled: "You must first enable 'enable local logins' before enabling this setting." enable_local_logins_disabled: "You must first enable 'enable local logins' before enabling this setting."
min_username_length_exists: "You cannot set the minimum username length above the shortest username (%{username})." min_username_length_exists: "You cannot set the minimum username length above the shortest username (%{username})."
min_username_length_range: "You cannot set the minimum above the maximum." min_username_length_range: "You cannot set the minimum above the maximum."
@ -2334,9 +2334,9 @@ en:
list_value_count: "The list must contain exactly %{count} values." list_value_count: "The list must contain exactly %{count} values."
placeholder: placeholder:
sso_provider_secrets: discourse_connect_provider_secrets:
key: "www.example.com" key: "www.example.com"
value: "SSO secret" value: "DiscourseConnect secret"
search: search:
extreme_load_error: "Site is under extreme load, search is disabled, try again later" extreme_load_error: "Site is under extreme load, search is disabled, try again later"
@ -2349,7 +2349,7 @@ en:
audio: "[audio]" audio: "[audio]"
video: "[video]" video: "[video]"
sso: discourse_connect:
login_error: "Login Error" login_error: "Login Error"
not_found: "Your account couldn't be found. Please contact the site's administrator." not_found: "Your account couldn't be found. Please contact the site's administrator."
account_not_approved: "Your account is pending approval. You will receive an email notification when you are approved." account_not_approved: "Your account is pending approval. You will receive an email notification when you are approved."
@ -2358,7 +2358,7 @@ en:
no_email: "No email address was provided. Please contact the site's administrator." no_email: "No email address was provided. Please contact the site's administrator."
blank_id_error: "The `external_id` is required but was blank" blank_id_error: "The `external_id` is required but was blank"
email_error: "An account could not be registered with the email address <b>%{email}</b>. Please contact the site's administrator." email_error: "An account could not be registered with the email address <b>%{email}</b>. Please contact the site's administrator."
missing_secret: "SSO authentication failed due to missing secret. Contact the site administrators to fix this problem." missing_secret: "Authentication failed due to missing secret. Contact the site administrators to fix this problem."
original_poster: "Original Poster" original_poster: "Original Poster"
most_posts: "Most Posts" most_posts: "Most Posts"

View File

@ -423,31 +423,31 @@ login:
default: "" default: ""
type: list type: list
list_type: simple list_type: simple
external_auth_skip_create_confirm: auth_skip_create_confirm:
default: false default: false
client: true client: true
external_auth_immediately: auth_immediately:
default: true default: true
enable_sso: enable_discourse_connect:
client: true client: true
default: false default: false
validator: "EnableSsoValidator" validator: "EnableSsoValidator"
sso_allows_all_return_paths: false discourse_connect_allows_all_return_paths: false
enable_sso_provider: false enable_discourse_connect_provider: false
verbose_sso_logging: false verbose_discourse_connect_logging: false
verbose_auth_token_logging: verbose_auth_token_logging:
hidden: true hidden: true
default: true default: true
max_suspicious_distance_km: max_suspicious_distance_km:
hidden: true hidden: true
default: 500 default: 500
sso_url: discourse_connect_url:
default: "" default: ""
regex: '^https?:\/\/.+[^\/]$' regex: '^https?:\/\/.+[^\/]$'
sso_secret: discourse_connect_secret:
default: "" default: ""
secret: true secret: true
sso_provider_secrets: discourse_connect_provider_secrets:
default: "" default: ""
type: list type: list
list_type: secret list_type: secret
@ -455,22 +455,22 @@ login:
placeholder: placeholder:
key: "sso_provider.key_placeholder" key: "sso_provider.key_placeholder"
value: "sso_provider.value_placeholder" value: "sso_provider.value_placeholder"
sso_overrides_groups: false discourse_connect_overrides_groups: false
sso_overrides_bio: false discourse_connect_overrides_bio: false
sso_overrides_email: auth_overrides_email:
default: false default: false
validator: "SsoOverridesEmailValidator" validator: "SsoOverridesEmailValidator"
client: true client: true
sso_overrides_username: false auth_overrides_username: false
sso_overrides_name: false auth_overrides_name: false
sso_overrides_avatar: discourse_connect_overrides_avatar:
default: false default: false
client: true client: true
sso_overrides_profile_background: false discourse_connect_overrides_profile_background: false
sso_overrides_location: false discourse_connect_overrides_location: false
sso_overrides_website: false discourse_connect_overrides_website: false
sso_overrides_card_background: false discourse_connect_overrides_card_background: false
sso_not_approved_url: "" discourse_connect_not_approved_url: ""
blocked_email_domains: blocked_email_domains:
default: "mailinator.com" default: "mailinator.com"
type: list type: list

View File

@ -2,12 +2,14 @@
class AddSsoProviderSecretsToSiteSettings < ActiveRecord::Migration[5.2] class AddSsoProviderSecretsToSiteSettings < ActiveRecord::Migration[5.2]
def up def up
return unless SiteSetting.enable_sso_provider && SiteSetting.sso_secret.present? execute <<~SQL
sso_secret = SiteSetting.sso_secret INSERT INTO site_settings(name, data_type, value, created_at, updated_at)
sso_secret_insert = ActiveRecord::Base.connection.quote("*|#{sso_secret}") SELECT 'sso_provider_secrets', 8, '*|' || value, now(), now()
FROM site_settings WHERE name = 'sso_secret'
execute "INSERT INTO site_settings(name, data_type, value, created_at, updated_at) AND EXISTS (
VALUES ('sso_provider_secrets', 8, #{sso_secret_insert}, now(), now())" SELECT 1 FROM site_settings WHERE name = 'enable_sso_provider' AND value = 't'
)
SQL
end end
def down def down

View File

@ -0,0 +1,43 @@
# frozen_string_literal: true
class RenameSsoSiteSettings < ActiveRecord::Migration[6.0]
RENAME_SETTINGS = [
['enable_sso', 'enable_discourse_connect'],
['sso_allows_all_return_paths', 'discourse_connect_allows_all_return_paths'],
['enable_sso_provider', 'enable_discourse_connect_provider'],
['verbose_sso_logging', 'verbose_discourse_connect_logging'],
['sso_url', 'discourse_connect_url'],
['sso_secret', 'discourse_connect_secret'],
['sso_provider_secrets', 'discourse_connect_provider_secrets'],
['sso_overrides_groups', 'discourse_connect_overrides_groups'],
['sso_overrides_bio', 'discourse_connect_overrides_bio'],
['sso_overrides_email', 'auth_overrides_email'],
['sso_overrides_username', 'auth_overrides_username'],
['sso_overrides_name', 'auth_overrides_name'],
['sso_overrides_avatar', 'discourse_connect_overrides_avatar'],
['sso_overrides_profile_background', 'discourse_connect_overrides_profile_background'],
['sso_overrides_location', 'discourse_connect_overrides_location'],
['sso_overrides_website', 'discourse_connect_overrides_website'],
['sso_overrides_card_background', 'discourse_connect_overrides_card_background'],
['external_auth_skip_create_confirm', 'auth_skip_create_confirm'],
['external_auth_immediately', 'auth_immediately']
]
def up
# Copying the rows so that things keep working during deploy
# TODO: Add a post-deploy migration to drop the old rows
RENAME_SETTINGS.each do |old_name, new_name|
execute <<~SQL
INSERT INTO site_settings (name, data_type, value, created_at, updated_at)
SELECT '#{new_name}', data_type, value, created_at, updated_at
FROM site_settings
WHERE name = '#{old_name}'
SQL
end
end
def down
raise ActiveRecord::IrreversibleMigration
end
end

View File

@ -70,17 +70,17 @@ class Auth::Result
def apply_user_attributes! def apply_user_attributes!
change_made = false change_made = false
if SiteSetting.sso_overrides_username? && username.present? && username != user.username if SiteSetting.auth_overrides_username? && username.present? && username != user.username
user.username = UserNameSuggester.suggest(username || name || email, user.username) user.username = UserNameSuggester.suggest(username || name || email, user.username)
change_made = true change_made = true
end end
if SiteSetting.sso_overrides_email && email_valid && email.present? && user.email != Email.downcase(email) if SiteSetting.auth_overrides_email && email_valid && email.present? && user.email != Email.downcase(email)
user.email = email user.email = email
change_made = true change_made = true
end end
if SiteSetting.sso_overrides_name && name.present? && user.name != name if SiteSetting.auth_overrides_name && name.present? && user.name != name
user.name = name user.name = name
change_made = true change_made = true
end end
@ -89,11 +89,11 @@ class Auth::Result
end end
def can_edit_name def can_edit_name
!SiteSetting.sso_overrides_name !SiteSetting.auth_overrides_name
end end
def can_edit_username def can_edit_username
!(SiteSetting.sso_overrides_username || omit_username) !(SiteSetting.auth_overrides_username || omit_username)
end end
def to_client_hash def to_client_hash

View File

@ -78,7 +78,7 @@ class ComposerMessagesFinder
# - "disable avatar education message" is enabled # - "disable avatar education message" is enabled
# - "sso overrides avatar" is enabled # - "sso overrides avatar" is enabled
# - "allow uploaded avatars" is disabled # - "allow uploaded avatars" is disabled
return if SiteSetting.disable_avatar_education_message || SiteSetting.sso_overrides_avatar || !SiteSetting.allow_uploaded_avatars return if SiteSetting.disable_avatar_education_message || SiteSetting.discourse_connect_overrides_avatar || !SiteSetting.allow_uploaded_avatars
# If we got this far, log that we've nagged them about the avatar # If we got this far, log that we've nagged them about the avatar
UserHistory.create!(action: UserHistory.actions[:notified_about_avatar], target_user_id: @user.id) UserHistory.create!(action: UserHistory.actions[:notified_about_avatar], target_user_id: @user.id)

View File

@ -353,7 +353,7 @@ class Guardian
def can_invite_to_forum?(groups = nil) def can_invite_to_forum?(groups = nil)
authenticated? && authenticated? &&
(SiteSetting.max_invites_per_day.to_i > 0 || is_staff?) && (SiteSetting.max_invites_per_day.to_i > 0 || is_staff?) &&
!SiteSetting.enable_sso && !SiteSetting.enable_discourse_connect &&
SiteSetting.enable_local_logins && SiteSetting.enable_local_logins &&
( (
(!SiteSetting.must_approve_users? && @user.has_trust_level?(SiteSetting.min_trust_level_to_allow_invite.to_i)) || (!SiteSetting.must_approve_users? && @user.has_trust_level?(SiteSetting.min_trust_level_to_allow_invite.to_i)) ||
@ -391,7 +391,7 @@ class Guardian
def can_invite_via_email?(object) def can_invite_via_email?(object)
return false unless can_invite_to?(object) return false unless can_invite_to?(object)
!SiteSetting.enable_sso && SiteSetting.enable_local_logins && (!SiteSetting.must_approve_users? || is_staff?) !SiteSetting.enable_discourse_connect && SiteSetting.enable_local_logins && (!SiteSetting.must_approve_users? || is_staff?)
end end
def can_bulk_invite_to_forum?(user) def can_bulk_invite_to_forum?(user)

View File

@ -23,7 +23,7 @@ module UserGuardian
end end
def can_edit_username?(user) def can_edit_username?(user)
return false if SiteSetting.sso_overrides_username? return false if SiteSetting.auth_overrides_username?
return true if is_staff? return true if is_staff?
return false if SiteSetting.username_change_period <= 0 return false if SiteSetting.username_change_period <= 0
return false if is_anonymous? return false if is_anonymous?
@ -31,7 +31,7 @@ module UserGuardian
end end
def can_edit_email?(user) def can_edit_email?(user)
return false if SiteSetting.sso_overrides_email? return false if SiteSetting.auth_overrides_email?
return false unless SiteSetting.email_editable? return false unless SiteSetting.email_editable?
return true if is_staff? return true if is_staff?
return false if is_anonymous? return false if is_anonymous?
@ -40,7 +40,7 @@ module UserGuardian
def can_edit_name?(user) def can_edit_name?(user)
return false unless SiteSetting.enable_names? return false unless SiteSetting.enable_names?
return false if SiteSetting.sso_overrides_name? return false if SiteSetting.auth_overrides_name?
return true if is_staff? return true if is_staff?
return false if is_anonymous? return false if is_anonymous?
can_edit?(user) can_edit?(user)
@ -61,7 +61,7 @@ module UserGuardian
def can_delete_user?(user) def can_delete_user?(user)
return false if user.nil? || user.admin? return false if user.nil? || user.admin?
if is_me?(user) if is_me?(user)
!SiteSetting.enable_sso && !SiteSetting.enable_discourse_connect &&
!user.has_more_posts_than?(SiteSetting.delete_user_self_max_post_count) !user.has_more_posts_than?(SiteSetting.delete_user_self_max_post_count)
else else
is_staff? && ( is_staff? && (
@ -173,6 +173,6 @@ module UserGuardian
end end
def can_delete_sso_record?(user) def can_delete_sso_record?(user)
SiteSetting.enable_sso && user && is_admin? SiteSetting.enable_discourse_connect && user && is_admin?
end end
end end

View File

@ -7,7 +7,7 @@ class SingleSignOnProvider < SingleSignOn
set_return_sso_url(payload) set_return_sso_url(payload)
if sso_secret.blank? && self.sso_secret.blank? if sso_secret.blank? && self.sso_secret.blank?
host = URI.parse(@return_sso_url).host host = URI.parse(@return_sso_url).host
Rails.logger.warn("SSO failed; website #{host} is not in the `sso_provider_secrets` site settings") Rails.logger.warn("SSO failed; website #{host} is not in the `discourse_connect_provider_secrets` site settings")
raise BlankSecret raise BlankSecret
end end
@ -24,9 +24,9 @@ class SingleSignOnProvider < SingleSignOn
end end
def self.sso_secret def self.sso_secret
return nil unless @return_sso_url && SiteSetting.enable_sso_provider return nil unless @return_sso_url && SiteSetting.enable_discourse_connect_provider
provider_secrets = SiteSetting.sso_provider_secrets.split(/[|\n]/) provider_secrets = SiteSetting.discourse_connect_provider_secrets.split(/[|\n]/)
provider_secrets_hash = Hash[*provider_secrets] provider_secrets_hash = Hash[*provider_secrets]
return_url_host = URI.parse(@return_sso_url).host return_url_host = URI.parse(@return_sso_url).host
# moves wildcard domains to the end of hash # moves wildcard domains to the end of hash

View File

@ -10,7 +10,27 @@ module SiteSettings::DeprecatedSettings
['enable_category_group_review', 'enable_category_group_moderation', true, '2.7'], ['enable_category_group_review', 'enable_category_group_moderation', true, '2.7'],
['newuser_max_images', 'newuser_max_embedded_media', true, '2.7'], ['newuser_max_images', 'newuser_max_embedded_media', true, '2.7'],
['min_trust_to_post_images', 'min_trust_to_post_embedded_media', true, '2.7'], ['min_trust_to_post_images', 'min_trust_to_post_embedded_media', true, '2.7'],
['moderators_create_categories', 'moderators_manage_categories_and_groups', '2.7'] ['moderators_create_categories', 'moderators_manage_categories_and_groups', '2.7'],
['enable_sso', 'enable_discourse_connect', true, '2.8'],
['sso_allows_all_return_paths', 'discourse_connect_allows_all_return_paths', true, '2.8'],
['enable_sso_provider', 'enable_discourse_connect_provider', true, '2.8'],
['verbose_sso_logging', 'verbose_discourse_connect_logging', true, '2.8'],
['sso_url', 'discourse_connect_url', true, '2.8'],
['sso_secret', 'discourse_connect_secret', true, '2.8'],
['sso_provider_secrets', 'discourse_connect_provider_secrets', true, '2.8'],
['sso_overrides_groups', 'discourse_connect_overrides_groups', true, '2.8'],
['sso_overrides_bio', 'discourse_connect_overrides_bio', true, '2.8'],
['sso_overrides_email', 'auth_overrides_email', true, '2.8'],
['sso_overrides_username', 'auth_overrides_username', true, '2.8'],
['sso_overrides_name', 'auth_overrides_name', true, '2.8'],
['sso_overrides_avatar', 'discourse_connect_overrides_avatar', true, '2.8'],
['sso_overrides_profile_background', 'discourse_connect_overrides_profile_background', true, '2.8'],
['sso_overrides_location', 'discourse_connect_overrides_location', true, '2.8'],
['sso_overrides_website', 'discourse_connect_overrides_website', true, '2.8'],
['sso_overrides_card_background', 'discourse_connect_overrides_card_background', true, '2.8'],
['external_auth_skip_create_confirm', 'auth_skip_create_confirm', true, '2.8'],
['external_auth_immediately', 'auth_immediately', true, '2.8'],
] ]
def setup_deprecated_methods def setup_deprecated_methods

View File

@ -177,8 +177,8 @@ module SiteSettings::Validations
end end
def validate_enforce_second_factor(new_val) def validate_enforce_second_factor(new_val)
if SiteSetting.enable_sso? if SiteSetting.enable_discourse_connect?
return validate_error :second_factor_cannot_be_enforced_with_sso_enabled return validate_error :second_factor_cannot_be_enforced_with_discourse_connect_enabled
end end
if new_val == "all" && Discourse.enabled_auth_providers.count > 0 if new_val == "all" && Discourse.enabled_auth_providers.count > 0
auth_provider_names = Discourse.enabled_auth_providers.map(&:name).join(", ") auth_provider_names = Discourse.enabled_auth_providers.map(&:name).join(", ")

View File

@ -7,10 +7,10 @@ class EnableInviteOnlyValidator
def valid_value?(val) def valid_value?(val)
return true if val == 'f' return true if val == 'f'
!SiteSetting.enable_sso? !SiteSetting.enable_discourse_connect?
end end
def error_message def error_message
I18n.t('site_settings.errors.sso_invite_only') I18n.t('site_settings.errors.discourse_connect_invite_only')
end end
end end

View File

@ -7,12 +7,12 @@ class EnableSsoValidator
def valid_value?(val) def valid_value?(val)
return true if val == 'f' return true if val == 'f'
return false if SiteSetting.sso_url.blank? || SiteSetting.invite_only? return false if SiteSetting.discourse_connect_url.blank? || SiteSetting.invite_only?
true true
end end
def error_message def error_message
return I18n.t('site_settings.errors.sso_url_is_empty') if SiteSetting.sso_url.blank? return I18n.t('site_settings.errors.discourse_connect_url_is_empty') if SiteSetting.discourse_connect_url.blank?
return I18n.t('site_settings.errors.sso_invite_only') if SiteSetting.invite_only? return I18n.t('site_settings.errors.discourse_connect_invite_only') if SiteSetting.invite_only?
end end
end end

View File

@ -14,7 +14,7 @@ SiteSetting.refresh!
tests = [ tests = [
["current cache", lambda do ["current cache", lambda do
SiteSetting.title SiteSetting.title
SiteSetting.enable_sso SiteSetting.enable_discourse_connect
end end
], ],
["change default locale with current cache refreshed", lambda do ["change default locale with current cache refreshed", lambda do

View File

@ -13,7 +13,7 @@ require File.expand_path('../../../../config/environment', __FILE__)
# warming up # warming up
SiteSetting.title SiteSetting.title
SiteSetting.enable_sso SiteSetting.enable_discourse_connect
SiteSetting.default_locale = SiteSetting.default_locale == 'en' ? 'zh_CN' : 'en' SiteSetting.default_locale = SiteSetting.default_locale == 'en' ? 'zh_CN' : 'en'
SiteSetting.title = SecureRandom.hex SiteSetting.title = SecureRandom.hex
@ -22,7 +22,7 @@ profile do
end end
profile do profile do
SiteSetting.enable_sso SiteSetting.enable_discourse_connect
end end
profile do profile do

View File

@ -138,8 +138,8 @@ describe ComposerMessagesFinder do
expect(finder.check_avatar_notification).to be_blank expect(finder.check_avatar_notification).to be_blank
end end
it "doesn't notify users if 'sso_overrides_avatar' setting is enabled" do it "doesn't notify users if 'discourse_connect_overrides_avatar' setting is enabled" do
SiteSetting.sso_overrides_avatar = true SiteSetting.discourse_connect_overrides_avatar = true
expect(finder.check_avatar_notification).to be_blank expect(finder.check_avatar_notification).to be_blank
end end

View File

@ -111,8 +111,8 @@ RSpec.describe SecondFactorManager do
describe 'when SSO is enabled' do describe 'when SSO is enabled' do
it 'should return false' do it 'should return false' do
SiteSetting.sso_url = 'http://someurl.com' SiteSetting.discourse_connect_url = 'http://someurl.com'
SiteSetting.enable_sso = true SiteSetting.enable_discourse_connect = true
expect(user.totp_enabled?).to eq(false) expect(user.totp_enabled?).to eq(false)
end end
@ -437,8 +437,8 @@ RSpec.describe SecondFactorManager do
describe 'when SSO is enabled' do describe 'when SSO is enabled' do
it 'should return false' do it 'should return false' do
SiteSetting.sso_url = 'http://someurl.com' SiteSetting.discourse_connect_url = 'http://someurl.com'
SiteSetting.enable_sso = true SiteSetting.enable_discourse_connect = true
expect(user_backup.backup_codes_enabled?).to eq(false) expect(user_backup.backup_codes_enabled?).to eq(false)
end end

View File

@ -237,8 +237,8 @@ describe UserGuardian do
include_examples "can_delete_user examples" include_examples "can_delete_user examples"
it "isn't allowed when SSO is enabled" do it "isn't allowed when SSO is enabled" do
SiteSetting.sso_url = "https://www.example.com/sso" SiteSetting.discourse_connect_url = "https://www.example.com/sso"
SiteSetting.enable_sso = true SiteSetting.enable_discourse_connect = true
expect(guardian.can_delete_user?(user)).to eq(false) expect(guardian.can_delete_user?(user)).to eq(false)
end end

View File

@ -690,8 +690,8 @@ describe Guardian do
end end
it 'returns false for all users when sso is enabled' do it 'returns false for all users when sso is enabled' do
SiteSetting.sso_url = "https://www.example.com/sso" SiteSetting.discourse_connect_url = "https://www.example.com/sso"
SiteSetting.enable_sso = true SiteSetting.enable_discourse_connect = true
expect(Guardian.new(trust_level_2).can_invite_via_email?(topic)).to be_falsey expect(Guardian.new(trust_level_2).can_invite_via_email?(topic)).to be_falsey
expect(Guardian.new(moderator).can_invite_via_email?(topic)).to be_falsey expect(Guardian.new(moderator).can_invite_via_email?(topic)).to be_falsey
@ -2714,9 +2714,9 @@ describe Guardian do
context 'when SSO username override is active' do context 'when SSO username override is active' do
before do before do
SiteSetting.sso_url = "https://www.example.com/sso" SiteSetting.discourse_connect_url = "https://www.example.com/sso"
SiteSetting.enable_sso = true SiteSetting.enable_discourse_connect = true
SiteSetting.sso_overrides_username = true SiteSetting.auth_overrides_username = true
end end
it "is false for admins" do it "is false for admins" do
@ -2799,9 +2799,9 @@ describe Guardian do
context 'when SSO email override is active' do context 'when SSO email override is active' do
before do before do
SiteSetting.email_editable = false SiteSetting.email_editable = false
SiteSetting.sso_url = "https://www.example.com/sso" SiteSetting.discourse_connect_url = "https://www.example.com/sso"
SiteSetting.enable_sso = true SiteSetting.enable_discourse_connect = true
SiteSetting.sso_overrides_email = true SiteSetting.auth_overrides_email = true
end end
it "is false for admins" do it "is false for admins" do
@ -2878,8 +2878,8 @@ describe Guardian do
context 'when SSO is disabled' do context 'when SSO is disabled' do
before do before do
SiteSetting.enable_sso = false SiteSetting.enable_discourse_connect = false
SiteSetting.sso_overrides_name = false SiteSetting.auth_overrides_name = false
end end
it 'is true for admins' do it 'is true for admins' do
@ -2897,13 +2897,13 @@ describe Guardian do
context 'when SSO is enabled' do context 'when SSO is enabled' do
before do before do
SiteSetting.sso_url = "https://www.example.com/sso" SiteSetting.discourse_connect_url = "https://www.example.com/sso"
SiteSetting.enable_sso = true SiteSetting.enable_discourse_connect = true
end end
context 'when SSO name override is active' do context 'when SSO name override is active' do
before do before do
SiteSetting.sso_overrides_name = true SiteSetting.auth_overrides_name = true
end end
it 'is false for admins' do it 'is false for admins' do
@ -2921,7 +2921,7 @@ describe Guardian do
context 'when SSO name override is not active' do context 'when SSO name override is not active' do
before do before do
SiteSetting.sso_overrides_name = false SiteSetting.auth_overrides_name = false
end end
it 'is true for admins' do it 'is true for admins' do

View File

@ -7,8 +7,8 @@ RSpec.describe EnableInviteOnlyValidator do
context "when sso is enabled" do context "when sso is enabled" do
before do before do
SiteSetting.sso_url = "https://example.com/sso" SiteSetting.discourse_connect_url = "https://example.com/sso"
SiteSetting.enable_sso = true SiteSetting.enable_discourse_connect = true
end end
it "is valid when false" do it "is valid when false" do
@ -18,7 +18,7 @@ RSpec.describe EnableInviteOnlyValidator do
it "is isn't value for true" do it "is isn't value for true" do
expect(subject.valid_value?('t')).to eq(false) expect(subject.valid_value?('t')).to eq(false)
expect(subject.error_message).to eq(I18n.t( expect(subject.error_message).to eq(I18n.t(
'site_settings.errors.sso_invite_only' 'site_settings.errors.discourse_connect_invite_only'
)) ))
end end
end end

View File

@ -8,7 +8,7 @@ RSpec.describe EnableSsoValidator do
describe '#valid_value?' do describe '#valid_value?' do
describe "when 'sso url' is empty" do describe "when 'sso url' is empty" do
before do before do
SiteSetting.sso_url = "" SiteSetting.discourse_connect_url = ""
end end
describe 'when val is false' do describe 'when val is false' do
@ -22,7 +22,7 @@ RSpec.describe EnableSsoValidator do
expect(subject.valid_value?('t')).to eq(false) expect(subject.valid_value?('t')).to eq(false)
expect(subject.error_message).to eq(I18n.t( expect(subject.error_message).to eq(I18n.t(
'site_settings.errors.sso_url_is_empty' 'site_settings.errors.discourse_connect_url_is_empty'
)) ))
end end
end end
@ -31,7 +31,7 @@ RSpec.describe EnableSsoValidator do
describe "when invite_only is set" do describe "when invite_only is set" do
before do before do
SiteSetting.invite_only = true SiteSetting.invite_only = true
SiteSetting.sso_url = 'https://example.com/sso' SiteSetting.discourse_connect_url = 'https://example.com/sso'
end end
it 'allows a false value' do it 'allows a false value' do
@ -41,14 +41,14 @@ RSpec.describe EnableSsoValidator do
it "doesn't allow true" do it "doesn't allow true" do
expect(subject.valid_value?('t')).to eq(false) expect(subject.valid_value?('t')).to eq(false)
expect(subject.error_message).to eq(I18n.t( expect(subject.error_message).to eq(I18n.t(
'site_settings.errors.sso_invite_only' 'site_settings.errors.discourse_connect_invite_only'
)) ))
end end
end end
describe "when 'sso url' is present" do describe "when 'sso url' is present" do
before do before do
SiteSetting.sso_url = "https://www.example.com/sso" SiteSetting.discourse_connect_url = "https://www.example.com/sso"
end end
describe 'when value is false' do describe 'when value is false' do

View File

@ -8,8 +8,8 @@ RSpec.describe SsoOverridesEmailValidator do
describe '#valid_value?' do describe '#valid_value?' do
describe "when 'email editable' is true" do describe "when 'email editable' is true" do
before do before do
SiteSetting.sso_url = "https://www.example.com/sso" SiteSetting.discourse_connect_url = "https://www.example.com/sso"
SiteSetting.enable_sso = true SiteSetting.enable_discourse_connect = true
SiteSetting.email_editable = true SiteSetting.email_editable = true
end end
@ -32,8 +32,8 @@ RSpec.describe SsoOverridesEmailValidator do
describe "when 'email editable' is false" do describe "when 'email editable' is false" do
before do before do
SiteSetting.sso_url = "https://www.example.com/sso" SiteSetting.discourse_connect_url = "https://www.example.com/sso"
SiteSetting.enable_sso = true SiteSetting.enable_discourse_connect = true
SiteSetting.email_editable = false SiteSetting.email_editable = false
end end

View File

@ -210,8 +210,8 @@ describe Jobs::ExportCsvFile do
end end
it 'exports sso data' do it 'exports sso data' do
SiteSetting.sso_url = "https://www.example.com/sso" SiteSetting.discourse_connect_url = "https://www.example.com/sso"
SiteSetting.enable_sso = true SiteSetting.enable_discourse_connect = true
user = Fabricate(:user) user = Fabricate(:user)
user.user_profile.update_column(:location, "La,La Land") user.user_profile.update_column(:location, "La,La Land")
user.create_single_sign_on_record(external_id: "123", last_payload: "xxx", external_email: 'test@test.com') user.create_single_sign_on_record(external_id: "123", last_payload: "xxx", external_email: 'test@test.com')

View File

@ -151,10 +151,10 @@ describe SiteSettings::Validations do
end end
context "when SSO is enabled" do context "when SSO is enabled" do
let(:error_message) { I18n.t("errors.site_settings.second_factor_cannot_be_enforced_with_sso_enabled") } let(:error_message) { I18n.t("errors.site_settings.second_factor_cannot_be_enforced_with_discourse_connect_enabled") }
before do before do
SiteSetting.sso_url = "https://www.example.com/sso" SiteSetting.discourse_connect_url = "https://www.example.com/sso"
SiteSetting.enable_sso = true SiteSetting.enable_discourse_connect = true
end end
it "should raise an error" do it "should raise an error" do

View File

@ -4,12 +4,12 @@ require "rails_helper"
describe DiscourseSingleSignOn do describe DiscourseSingleSignOn do
before do before do
@sso_url = "http://example.com/discourse_sso" @discourse_connect_url = "http://example.com/discourse_sso"
@sso_secret = "shjkfdhsfkjh" @discourse_connect_secret = "shjkfdhsfkjh"
SiteSetting.sso_url = @sso_url SiteSetting.discourse_connect_url = @discourse_connect_url
SiteSetting.enable_sso = true SiteSetting.enable_discourse_connect = true
SiteSetting.sso_secret = @sso_secret SiteSetting.discourse_connect_secret = @discourse_connect_secret
Jobs.run_immediately! Jobs.run_immediately!
end end
@ -114,7 +114,7 @@ describe DiscourseSingleSignOn do
end end
it "unstaged users" do it "unstaged users" do
SiteSetting.sso_overrides_name = true SiteSetting.auth_overrides_name = true
email = "staged@user.com" email = "staged@user.com"
Fabricate(:user, staged: true, email: email) Fabricate(:user, staged: true, email: email)
@ -195,7 +195,7 @@ describe DiscourseSingleSignOn do
sso.groups = "#{group2.name.capitalize},group4,badname,trust_level_4" sso.groups = "#{group2.name.capitalize},group4,badname,trust_level_4"
sso.lookup_or_create_user(ip_address) sso.lookup_or_create_user(ip_address)
SiteSetting.sso_overrides_groups = true SiteSetting.discourse_connect_overrides_groups = true
group1.reload group1.reload
expect(group1.usernames).to eq("") expect(group1.usernames).to eq("")
@ -260,7 +260,7 @@ describe DiscourseSingleSignOn do
end end
it 'can override username properly when only the case changes' do it 'can override username properly when only the case changes' do
SiteSetting.sso_overrides_username = true SiteSetting.auth_overrides_username = true
sso = DiscourseSingleSignOn.new sso = DiscourseSingleSignOn.new
sso.username = "testuser" sso.username = "testuser"
@ -280,8 +280,8 @@ describe DiscourseSingleSignOn do
expect(user.username).to eq "TestUser" expect(user.username).to eq "TestUser"
end end
it 'behaves properly when sso_overrides_username is set but username is missing or blank' do it 'behaves properly when auth_overrides_username is set but username is missing or blank' do
SiteSetting.sso_overrides_username = true SiteSetting.auth_overrides_username = true
sso = DiscourseSingleSignOn.new sso = DiscourseSingleSignOn.new
sso.username = "testuser" sso.username = "testuser"
@ -310,9 +310,9 @@ describe DiscourseSingleSignOn do
admin = Fabricate(:admin) admin = Fabricate(:admin)
SiteSetting.email_editable = false SiteSetting.email_editable = false
SiteSetting.sso_overrides_name = true SiteSetting.auth_overrides_name = true
SiteSetting.sso_overrides_email = true SiteSetting.auth_overrides_email = true
SiteSetting.sso_overrides_username = true SiteSetting.auth_overrides_username = true
sso = DiscourseSingleSignOn.new sso = DiscourseSingleSignOn.new
sso.username = "bob%the$admin" sso.username = "bob%the$admin"
@ -378,7 +378,7 @@ describe DiscourseSingleSignOn do
it "generates a correct sso url" do it "generates a correct sso url" do
url, payload = DiscourseSingleSignOn.generate_url.split("?") url, payload = DiscourseSingleSignOn.generate_url.split("?")
expect(url).to eq @sso_url expect(url).to eq @discourse_connect_url
sso = DiscourseSingleSignOn.parse(payload) sso = DiscourseSingleSignOn.parse(payload)
expect(sso.nonce).to_not be_nil expect(sso.nonce).to_not be_nil
@ -447,7 +447,7 @@ describe DiscourseSingleSignOn do
it 'does not deactivate user if email provided is capitalized' do it 'does not deactivate user if email provided is capitalized' do
SiteSetting.email_editable = false SiteSetting.email_editable = false
SiteSetting.sso_overrides_email = true SiteSetting.auth_overrides_email = true
sso.require_activation = true sso.require_activation = true
user = sso.lookup_or_create_user(ip_address) user = sso.lookup_or_create_user(ip_address)
@ -465,7 +465,7 @@ describe DiscourseSingleSignOn do
it 'deactivates accounts that have updated email address' do it 'deactivates accounts that have updated email address' do
SiteSetting.email_editable = false SiteSetting.email_editable = false
SiteSetting.sso_overrides_email = true SiteSetting.auth_overrides_email = true
sso.require_activation = true sso.require_activation = true
user = sso.lookup_or_create_user(ip_address) user = sso.lookup_or_create_user(ip_address)
@ -567,7 +567,7 @@ describe DiscourseSingleSignOn do
# yes override if site setting # yes override if site setting
sso.bio = "new profile 2" sso.bio = "new profile 2"
SiteSetting.sso_overrides_bio = true SiteSetting.discourse_connect_overrides_bio = true
user = sso.lookup_or_create_user(ip_address) user = sso.lookup_or_create_user(ip_address)
expect(user.user_profile.bio_cooked).to match_html("<p>new profile 2</p") expect(user.user_profile.bio_cooked).to match_html("<p>new profile 2</p")
@ -575,7 +575,7 @@ describe DiscourseSingleSignOn do
end end
context 'when sso_overrides_avatar is not enabled' do context 'when discourse_connect_overrides_avatar is not enabled' do
it "correctly handles provided avatar_urls" do it "correctly handles provided avatar_urls" do
sso = DiscourseSingleSignOn.new sso = DiscourseSingleSignOn.new
@ -635,7 +635,7 @@ describe DiscourseSingleSignOn do
end end
context 'when sso_overrides_avatar is enabled' do context 'when discourse_connect_overrides_avatar is enabled' do
fab!(:sso_record) { Fabricate(:single_sign_on_record, external_avatar_url: "http://example.com/an_image.png") } fab!(:sso_record) { Fabricate(:single_sign_on_record, external_avatar_url: "http://example.com/an_image.png") }
let!(:sso) { let!(:sso) {
@ -650,7 +650,7 @@ describe DiscourseSingleSignOn do
let(:logo) { file_from_fixtures("logo.png") } let(:logo) { file_from_fixtures("logo.png") }
before do before do
SiteSetting.sso_overrides_avatar = true SiteSetting.discourse_connect_overrides_avatar = true
end end
it "deal with no avatar url passed for an existing user with an avatar" do it "deal with no avatar url passed for an existing user with an avatar" do
@ -683,7 +683,7 @@ describe DiscourseSingleSignOn do
end end
end end
context 'when sso_overrides_profile_background is not enabled' do context 'when discourse_connect_overrides_profile_background is not enabled' do
it "correctly handles provided profile_background_urls" do it "correctly handles provided profile_background_urls" do
sso = DiscourseSingleSignOn.new sso = DiscourseSingleSignOn.new
@ -715,7 +715,7 @@ describe DiscourseSingleSignOn do
end end
end end
context 'when sso_overrides_profile_background is enabled' do context 'when discourse_connect_overrides_profile_background is enabled' do
fab!(:sso_record) { Fabricate(:single_sign_on_record, external_profile_background_url: "http://example.com/an_image.png") } fab!(:sso_record) { Fabricate(:single_sign_on_record, external_profile_background_url: "http://example.com/an_image.png") }
let!(:sso) { let!(:sso) {
@ -730,7 +730,7 @@ describe DiscourseSingleSignOn do
let(:logo) { file_from_fixtures("logo.png") } let(:logo) { file_from_fixtures("logo.png") }
before do before do
SiteSetting.sso_overrides_profile_background = true SiteSetting.discourse_connect_overrides_profile_background = true
end end
it "deal with no profile_background_url passed for an existing user with a profile_background" do it "deal with no profile_background_url passed for an existing user with a profile_background" do
@ -755,7 +755,7 @@ describe DiscourseSingleSignOn do
end end
end end
context 'when sso_overrides_card_background is not enabled' do context 'when discourse_connect_overrides_card_background is not enabled' do
it "correctly handles provided card_background_urls" do it "correctly handles provided card_background_urls" do
sso = DiscourseSingleSignOn.new sso = DiscourseSingleSignOn.new
@ -787,7 +787,7 @@ describe DiscourseSingleSignOn do
end end
end end
context 'when sso_overrides_card_background is enabled' do context 'when discourse_connect_overrides_card_background is enabled' do
fab!(:sso_record) { Fabricate(:single_sign_on_record, external_card_background_url: "http://example.com/an_image.png") } fab!(:sso_record) { Fabricate(:single_sign_on_record, external_card_background_url: "http://example.com/an_image.png") }
let!(:sso) { let!(:sso) {
@ -802,7 +802,7 @@ describe DiscourseSingleSignOn do
let(:logo) { file_from_fixtures("logo.png") } let(:logo) { file_from_fixtures("logo.png") }
before do before do
SiteSetting.sso_overrides_card_background = true SiteSetting.discourse_connect_overrides_card_background = true
end end
it "deal with no card_background_url passed for an existing user with a card_background" do it "deal with no card_background_url passed for an existing user with a card_background" do

View File

@ -57,7 +57,7 @@ describe Invite do
invite = Fabricate.build(:invite, email: "test@mail.com") invite = Fabricate.build(:invite, email: "test@mail.com")
expect(invite).not_to be_valid expect(invite).not_to be_valid
expect(invite.errors.details[:email].first[:error]).to eq(I18n.t("invite.disabled_errors.sso_enabled")) expect(invite.errors.details[:email].first[:error]).to eq(I18n.t("invite.disabled_errors.discourse_connect_enabled"))
end end
end end

View File

@ -862,12 +862,12 @@ RSpec.describe Admin::UsersController do
before do before do
SiteSetting.email_editable = false SiteSetting.email_editable = false
SiteSetting.sso_url = "https://www.example.com/sso" SiteSetting.discourse_connect_url = "https://www.example.com/sso"
SiteSetting.enable_sso = true SiteSetting.enable_discourse_connect = true
SiteSetting.sso_overrides_email = true SiteSetting.auth_overrides_email = true
SiteSetting.sso_overrides_name = true SiteSetting.auth_overrides_name = true
SiteSetting.sso_overrides_username = true SiteSetting.auth_overrides_username = true
SiteSetting.sso_secret = sso_secret SiteSetting.discourse_connect_secret = sso_secret
sso.sso_secret = sso_secret sso.sso_secret = sso_secret
end end
@ -924,7 +924,7 @@ RSpec.describe Admin::UsersController do
correct_payload = Rack::Utils.parse_query(sso.payload) correct_payload = Rack::Utils.parse_query(sso.payload)
post "/admin/users/sync_sso.json", params: correct_payload.merge(sig: "someincorrectsignature") post "/admin/users/sync_sso.json", params: correct_payload.merge(sig: "someincorrectsignature")
expect(response.status).to eq(422) expect(response.status).to eq(422)
expect(response.parsed_body["message"]).to include(I18n.t('sso.login_error')) expect(response.parsed_body["message"]).to include(I18n.t('discourse_connect.login_error'))
expect(response.parsed_body["message"]).not_to include(correct_payload["sig"]) expect(response.parsed_body["message"]).not_to include(correct_payload["sig"])
end end
@ -935,7 +935,7 @@ RSpec.describe Admin::UsersController do
sso.external_id = "" sso.external_id = ""
post "/admin/users/sync_sso.json", params: Rack::Utils.parse_query(sso.payload) post "/admin/users/sync_sso.json", params: Rack::Utils.parse_query(sso.payload)
expect(response.status).to eq(422) expect(response.status).to eq(422)
expect(response.parsed_body["message"]).to include(I18n.t('sso.blank_id_error')) expect(response.parsed_body["message"]).to include(I18n.t('discourse_connect.blank_id_error'))
end end
end end
@ -1094,8 +1094,8 @@ RSpec.describe Admin::UsersController do
fab!(:sso_record) { SingleSignOnRecord.create!(user_id: user.id, external_id: '12345', external_email: user.email, last_payload: '') } fab!(:sso_record) { SingleSignOnRecord.create!(user_id: user.id, external_id: '12345', external_email: user.email, last_payload: '') }
it "deletes the record" do it "deletes the record" do
SiteSetting.sso_url = "https://www.example.com/sso" SiteSetting.discourse_connect_url = "https://www.example.com/sso"
SiteSetting.enable_sso = true SiteSetting.enable_discourse_connect = true
delete "/admin/users/#{user.id}/sso_record.json" delete "/admin/users/#{user.id}/sso_record.json"
expect(response.status).to eq(200) expect(response.status).to eq(200)

View File

@ -96,8 +96,8 @@ describe 'users' do
let(:external_id) { '1' } let(:external_id) { '1' }
before do before do
SiteSetting.sso_url = 'http://someurl.com' SiteSetting.discourse_connect_url = 'http://someurl.com'
SiteSetting.enable_sso = true SiteSetting.enable_discourse_connect = true
user.create_single_sign_on_record(external_id: '1', last_payload: '') user.create_single_sign_on_record(external_id: '1', last_payload: '')
end end

View File

@ -22,8 +22,8 @@ RSpec.describe ApplicationController do
end end
it "should redirect to SSO if enabled" do it "should redirect to SSO if enabled" do
SiteSetting.sso_url = 'http://someurl.com' SiteSetting.discourse_connect_url = 'http://someurl.com'
SiteSetting.enable_sso = true SiteSetting.enable_discourse_connect = true
get "/" get "/"
expect(response).to redirect_to("/session/sso") expect(response).to redirect_to("/session/sso")
end end
@ -45,17 +45,17 @@ RSpec.describe ApplicationController do
expect(response).to redirect_to("/login") expect(response).to redirect_to("/login")
end end
it "should not redirect to SSO when external_auth_immediately is disabled" do it "should not redirect to SSO when auth_immediately is disabled" do
SiteSetting.external_auth_immediately = false SiteSetting.auth_immediately = false
SiteSetting.sso_url = 'http://someurl.com' SiteSetting.discourse_connect_url = 'http://someurl.com'
SiteSetting.enable_sso = true SiteSetting.enable_discourse_connect = true
get "/" get "/"
expect(response).to redirect_to("/login") expect(response).to redirect_to("/login")
end end
it "should not redirect to authenticator when external_auth_immediately is disabled" do it "should not redirect to authenticator when auth_immediately is disabled" do
SiteSetting.external_auth_immediately = false SiteSetting.auth_immediately = false
SiteSetting.enable_google_oauth2_logins = true SiteSetting.enable_google_oauth2_logins = true
SiteSetting.enable_local_logins = false SiteSetting.enable_local_logins = false

View File

@ -444,8 +444,8 @@ describe InvitesController do
it "does not send password reset email if sso is enabled" do it "does not send password reset email if sso is enabled" do
invite # create the invite before enabling SSO invite # create the invite before enabling SSO
SiteSetting.sso_url = "https://www.example.com/sso" SiteSetting.discourse_connect_url = "https://www.example.com/sso"
SiteSetting.enable_sso = true SiteSetting.enable_discourse_connect = true
put "/invites/show/#{invite.invite_key}.json" put "/invites/show/#{invite.invite_key}.json"
expect(response.status).to eq(200) expect(response.status).to eq(200)

View File

@ -351,9 +351,9 @@ RSpec.describe Users::OmniauthCallbacksController do
it "should update name/username/email when sso_overrides is enabled" do it "should update name/username/email when sso_overrides is enabled" do
SiteSetting.email_editable = false SiteSetting.email_editable = false
SiteSetting.sso_overrides_email = true SiteSetting.auth_overrides_email = true
SiteSetting.sso_overrides_name = true SiteSetting.auth_overrides_name = true
SiteSetting.sso_overrides_username = true SiteSetting.auth_overrides_username = true
UserAssociatedAccount.create!(provider_name: "google_oauth2", user_id: user.id, provider_uid: '123545') UserAssociatedAccount.create!(provider_name: "google_oauth2", user_id: user.id, provider_uid: '123545')
@ -371,7 +371,7 @@ RSpec.describe Users::OmniauthCallbacksController do
it "will not update email if not verified" do it "will not update email if not verified" do
SiteSetting.email_editable = false SiteSetting.email_editable = false
SiteSetting.sso_overrides_email = true SiteSetting.auth_overrides_email = true
OmniAuth.config.mock_auth[:google_oauth2][:extra][:raw_info][:email_verified] = false OmniAuth.config.mock_auth[:google_oauth2][:extra][:raw_info][:email_verified] = false
@ -387,9 +387,9 @@ RSpec.describe Users::OmniauthCallbacksController do
expect(user.email).to eq('email@example.com') expect(user.email).to eq('email@example.com')
end end
it "shows error when sso_overrides_email causes a validation error" do it "shows error when auth_overrides_email causes a validation error" do
SiteSetting.email_editable = false SiteSetting.email_editable = false
SiteSetting.sso_overrides_email = true SiteSetting.auth_overrides_email = true
UserAssociatedAccount.create!(provider_name: "google_oauth2", user_id: user.id, provider_uid: '123545') UserAssociatedAccount.create!(provider_name: "google_oauth2", user_id: user.id, provider_uid: '123545')
@ -454,12 +454,12 @@ RSpec.describe Users::OmniauthCallbacksController do
context 'when sso_payload cookie exist' do context 'when sso_payload cookie exist' do
before do before do
SiteSetting.enable_sso_provider = true SiteSetting.enable_discourse_connect_provider = true
SiteSetting.sso_secret = "topsecret" SiteSetting.discourse_connect_secret = "topsecret"
@sso = SingleSignOn.new @sso = SingleSignOn.new
@sso.nonce = "mynonce" @sso.nonce = "mynonce"
@sso.sso_secret = SiteSetting.sso_secret @sso.sso_secret = SiteSetting.discourse_connect_secret
@sso.return_sso_url = "http://somewhere.over.rainbow/sso" @sso.return_sso_url = "http://somewhere.over.rainbow/sso"
cookies[:sso_payload] = @sso.payload cookies[:sso_payload] = @sso.payload

View File

@ -35,8 +35,8 @@ RSpec.describe SessionController do
context "when SSO enabled" do context "when SSO enabled" do
before do before do
SiteSetting.sso_url = "https://www.example.com/sso" SiteSetting.discourse_connect_url = "https://www.example.com/sso"
SiteSetting.enable_sso = true SiteSetting.enable_discourse_connect = true
end end
it "only works for admins" do it "only works for admins" do
@ -508,9 +508,9 @@ RSpec.describe SessionController do
@sso_url = "http://example.com/discourse_sso" @sso_url = "http://example.com/discourse_sso"
@sso_secret = "shjkfdhsfkjh" @sso_secret = "shjkfdhsfkjh"
SiteSetting.sso_url = @sso_url SiteSetting.discourse_connect_url = @sso_url
SiteSetting.enable_sso = true SiteSetting.enable_discourse_connect = true
SiteSetting.sso_secret = @sso_secret SiteSetting.discourse_connect_secret = @sso_secret
Fabricate(:admin) Fabricate(:admin)
end end
@ -577,7 +577,7 @@ RSpec.describe SessionController do
expect(messages.length).to eq(0) expect(messages.length).to eq(0)
expect(response.status).to eq(500) expect(response.status).to eq(500)
expect(response.body).to include(I18n.t('sso.blank_id_error')) expect(response.body).to include(I18n.t('discourse_connect.blank_id_error'))
end end
it 'can handle invalid sso email validation errors' do it 'can handle invalid sso email validation errors' do
@ -593,7 +593,7 @@ RSpec.describe SessionController do
expect(messages.length).to eq(0) expect(messages.length).to eq(0)
expect(response.status).to eq(500) expect(response.status).to eq(500)
expect(response.body).to include(I18n.t("sso.email_error", email: ERB::Util.html_escape("test@test.com"))) expect(response.body).to include(I18n.t("discourse_connect.email_error", email: ERB::Util.html_escape("test@test.com")))
end end
it 'can handle invalid sso external ids due to banned word' do it 'can handle invalid sso external ids due to banned word' do
@ -628,7 +628,7 @@ RSpec.describe SessionController do
sign_out sign_out
SiteSetting.email_editable = false SiteSetting.email_editable = false
SiteSetting.sso_overrides_email = true SiteSetting.auth_overrides_email = true
group = Fabricate(:group, name: :bob, automatic_membership_email_domains: 'jane.com') group = Fabricate(:group, name: :bob, automatic_membership_email_domains: 'jane.com')
sso = get_sso("/") sso = get_sso("/")
@ -731,7 +731,7 @@ RSpec.describe SessionController do
end end
it 'redirects to random url if it is allowed' do it 'redirects to random url if it is allowed' do
SiteSetting.sso_allows_all_return_paths = true SiteSetting.discourse_connect_allows_all_return_paths = true
sso = get_sso('https://gusundtrout.com') sso = get_sso('https://gusundtrout.com')
sso.external_id = '666' # the number of the beast sso.external_id = '666' # the number of the beast
@ -879,8 +879,8 @@ RSpec.describe SessionController do
context "when sso provider is enabled" do context "when sso provider is enabled" do
before do before do
SiteSetting.enable_sso_provider = true SiteSetting.enable_discourse_connect_provider = true
SiteSetting.sso_provider_secrets = [ SiteSetting.discourse_connect_provider_secrets = [
"*|secret,forAll", "*|secret,forAll",
"*.rainbow|wrongSecretForOverRainbow", "*.rainbow|wrongSecretForOverRainbow",
"www.random.site|secretForRandomSite", "www.random.site|secretForRandomSite",
@ -932,9 +932,9 @@ RSpec.describe SessionController do
describe 'local attribute override from SSO payload' do describe 'local attribute override from SSO payload' do
before do before do
SiteSetting.email_editable = false SiteSetting.email_editable = false
SiteSetting.sso_overrides_email = true SiteSetting.auth_overrides_email = true
SiteSetting.sso_overrides_username = true SiteSetting.auth_overrides_username = true
SiteSetting.sso_overrides_name = true SiteSetting.auth_overrides_name = true
@user = Fabricate(:user) @user = Fabricate(:user)
@ -994,10 +994,10 @@ RSpec.describe SessionController do
body: lambda { |request| file_from_fixtures("logo.png") } body: lambda { |request| file_from_fixtures("logo.png") }
) )
SiteSetting.enable_sso_provider = true SiteSetting.enable_discourse_connect_provider = true
SiteSetting.enable_sso = false SiteSetting.enable_discourse_connect = false
SiteSetting.enable_local_logins = true SiteSetting.enable_local_logins = true
SiteSetting.sso_provider_secrets = [ SiteSetting.discourse_connect_provider_secrets = [
"*|secret,forAll", "*|secret,forAll",
"*.rainbow|wrongSecretForOverRainbow", "*.rainbow|wrongSecretForOverRainbow",
"www.random.site|secretForRandomSite", "www.random.site|secretForRandomSite",
@ -1062,17 +1062,17 @@ RSpec.describe SessionController do
end end
it "fails with a nice error message if secret is blank" do it "fails with a nice error message if secret is blank" do
SiteSetting.sso_provider_secrets = "" SiteSetting.discourse_connect_provider_secrets = ""
sso = SingleSignOnProvider.new sso = SingleSignOnProvider.new
sso.nonce = "mynonce" sso.nonce = "mynonce"
sso.return_sso_url = "http://website.without.secret.com/sso" sso.return_sso_url = "http://website.without.secret.com/sso"
get "/session/sso_provider", params: Rack::Utils.parse_query(sso.payload("aasdasdasd")) get "/session/sso_provider", params: Rack::Utils.parse_query(sso.payload("aasdasdasd"))
expect(response.status).to eq(400) expect(response.status).to eq(400)
expect(response.body).to eq(I18n.t("sso.missing_secret")) expect(response.body).to eq(I18n.t("discourse_connect.missing_secret"))
end end
it "returns a 422 if no return_sso_url" do it "returns a 422 if no return_sso_url" do
SiteSetting.sso_provider_secrets = "abcdefghij" SiteSetting.discourse_connect_provider_secrets = "abcdefghij"
sso = SingleSignOnProvider.new sso = SingleSignOnProvider.new
get "/session/sso_provider?sso=asdf&sig=abcdefghij" get "/session/sso_provider?sso=asdf&sig=abcdefghij"
expect(response.status).to eq(422) expect(response.status).to eq(422)
@ -1206,8 +1206,8 @@ RSpec.describe SessionController do
context 'SSO is enabled' do context 'SSO is enabled' do
before do before do
SiteSetting.sso_url = "https://www.example.com/sso" SiteSetting.discourse_connect_url = "https://www.example.com/sso"
SiteSetting.enable_sso = true SiteSetting.enable_discourse_connect = true
post "/session.json", params: { post "/session.json", params: {
login: user.username, password: 'myawesomepassword' login: user.username, password: 'myawesomepassword'
@ -1810,8 +1810,8 @@ RSpec.describe SessionController do
end end
it 'redirects to /login when SSO and login_required' do it 'redirects to /login when SSO and login_required' do
SiteSetting.sso_url = "https://example.com/sso" SiteSetting.discourse_connect_url = "https://example.com/sso"
SiteSetting.enable_sso = true SiteSetting.enable_discourse_connect = true
user = sign_in(Fabricate(:user)) user = sign_in(Fabricate(:user))
delete "/session/#{user.username}.json", xhr: true delete "/session/#{user.username}.json", xhr: true
@ -1987,8 +1987,8 @@ RSpec.describe SessionController do
context 'SSO is enabled' do context 'SSO is enabled' do
before do before do
SiteSetting.sso_url = "https://www.example.com/sso" SiteSetting.discourse_connect_url = "https://www.example.com/sso"
SiteSetting.enable_sso = true SiteSetting.enable_discourse_connect = true
post "/session.json", params: { post "/session.json", params: {
login: user.username, password: 'myawesomepassword' login: user.username, password: 'myawesomepassword'

View File

@ -127,8 +127,8 @@ describe UploadsController do
expect(response.status).to eq(422) expect(response.status).to eq(422)
end end
it 'ensures sso_overrides_avatar is not enabled when uploading an avatar' do it 'ensures discourse_connect_overrides_avatar is not enabled when uploading an avatar' do
SiteSetting.sso_overrides_avatar = true SiteSetting.discourse_connect_overrides_avatar = true
post "/uploads.json", params: { file: logo, type: "avatar" } post "/uploads.json", params: { file: logo, type: "avatar" }
expect(response.status).to eq(422) expect(response.status).to eq(422)
end end

View File

@ -1071,8 +1071,8 @@ describe UsersController do
end end
it "doesn't use provided username/name if sso_overrides is enabled" do it "doesn't use provided username/name if sso_overrides is enabled" do
SiteSetting.sso_overrides_username = true SiteSetting.auth_overrides_username = true
SiteSetting.sso_overrides_name = true SiteSetting.auth_overrides_name = true
post "/u.json", params: { post "/u.json", params: {
username: "attemptednewname", username: "attemptednewname",
name: "Attempt At New Name", name: "Attempt At New Name",
@ -1463,17 +1463,17 @@ describe UsersController do
expect(response.parsed_body['username']).to eq(new_username) expect(response.parsed_body['username']).to eq(new_username)
end end
it 'should respond with proper error message if sso_overrides_username is enabled' do it 'should respond with proper error message if auth_overrides_username is enabled' do
SiteSetting.sso_url = 'http://someurl.com' SiteSetting.discourse_connect_url = 'http://someurl.com'
SiteSetting.enable_sso = true SiteSetting.enable_discourse_connect = true
SiteSetting.sso_overrides_username = true SiteSetting.auth_overrides_username = true
acting_user = Fabricate(:admin) acting_user = Fabricate(:admin)
sign_in(acting_user) sign_in(acting_user)
put "/u/#{user.username}/preferences/username.json", params: { new_username: new_username } put "/u/#{user.username}/preferences/username.json", params: { new_username: new_username }
expect(response.status).to eq(422) expect(response.status).to eq(422)
expect(response.parsed_body['errors'].first).to include(I18n.t('errors.messages.sso_overrides_username')) expect(response.parsed_body['errors'].first).to include(I18n.t('errors.messages.auth_overrides_username'))
end end
end end
end end
@ -2343,8 +2343,8 @@ describe UsersController do
expect(response).to be_forbidden expect(response).to be_forbidden
end end
it "raises an error when sso_overrides_avatar is disabled" do it "raises an error when discourse_connect_overrides_avatar is disabled" do
SiteSetting.sso_overrides_avatar = true SiteSetting.discourse_connect_overrides_avatar = true
put "/u/#{user.username}/preferences/avatar/pick.json", params: { put "/u/#{user.username}/preferences/avatar/pick.json", params: {
upload_id: upload.id, type: "custom" upload_id: upload.id, type: "custom"
} }
@ -3972,8 +3972,8 @@ describe UsersController do
describe 'when SSO is enabled' do describe 'when SSO is enabled' do
it 'should return the right response' do it 'should return the right response' do
SiteSetting.sso_url = 'http://someurl.com' SiteSetting.discourse_connect_url = 'http://someurl.com'
SiteSetting.enable_sso = true SiteSetting.enable_discourse_connect = true
post "/users/create_second_factor_totp.json" post "/users/create_second_factor_totp.json"
@ -4204,8 +4204,8 @@ describe UsersController do
describe 'when SSO is enabled' do describe 'when SSO is enabled' do
it 'should return the right response' do it 'should return the right response' do
SiteSetting.sso_url = 'http://someurl.com' SiteSetting.discourse_connect_url = 'http://someurl.com'
SiteSetting.enable_sso = true SiteSetting.enable_discourse_connect = true
put "/users/second_factors_backup.json" put "/users/second_factors_backup.json"
@ -4479,8 +4479,8 @@ describe UsersController do
context 'when SSO is enabled' do context 'when SSO is enabled' do
before do before do
SiteSetting.sso_url = 'https://discourse.test/sso' SiteSetting.discourse_connect_url = 'https://discourse.test/sso'
SiteSetting.enable_sso = true SiteSetting.enable_discourse_connect = true
end end
it 'does not allow access' do it 'does not allow access' do
@ -4503,7 +4503,7 @@ describe UsersController do
context 'when the site settings allow second factors' do context 'when the site settings allow second factors' do
before do before do
SiteSetting.enable_local_logins = true SiteSetting.enable_local_logins = true
SiteSetting.enable_sso = false SiteSetting.enable_discourse_connect = false
end end
context 'when the password parameter is not provided' do context 'when the password parameter is not provided' do

View File

@ -27,9 +27,9 @@ RSpec.describe CurrentUserSerializer do
end end
it "should include the external_id" do it "should include the external_id" do
SiteSetting.sso_url = "http://example.com/discourse_sso" SiteSetting.discourse_connect_url = "http://example.com/discourse_sso"
SiteSetting.sso_secret = "12345678910" SiteSetting.discourse_connect_secret = "12345678910"
SiteSetting.enable_sso = true SiteSetting.enable_discourse_connect = true
payload = serializer.as_json payload = serializer.as_json
expect(payload[:external_id]).to eq("12345") expect(payload[:external_id]).to eq("12345")
end end

View File

@ -29,9 +29,9 @@ describe NotificationSerializer do
let(:json) { serializer.as_json } let(:json) { serializer.as_json }
it "should include the external_id" do it "should include the external_id" do
SiteSetting.sso_url = "http://example.com/discourse_sso" SiteSetting.discourse_connect_url = "http://example.com/discourse_sso"
SiteSetting.sso_secret = "12345678910" SiteSetting.discourse_connect_secret = "12345678910"
SiteSetting.enable_sso = true SiteSetting.enable_discourse_connect = true
expect(json[:notification][:external_id]).to eq("12345") expect(json[:notification][:external_id]).to eq("12345")
end end
end end

View File

@ -11,13 +11,13 @@ describe SiteSettingsTask do
describe 'export' do describe 'export' do
it 'creates a hash of all site settings' do it 'creates a hash of all site settings' do
sso_url = "https://somewhere.over.com" sso_url = "https://somewhere.over.com"
SiteSetting.sso_url = sso_url SiteSetting.discourse_connect_url = sso_url
SiteSetting.enable_sso = true SiteSetting.enable_discourse_connect = true
hash = SiteSettingsTask.export_to_hash hash = SiteSettingsTask.export_to_hash
expect(hash).to eq( expect(hash).to eq(
"enable_sso" => "true", "enable_discourse_connect" => "true",
"sso_url" => sso_url "discourse_connect_url" => sso_url
) )
end end
end end

View File

@ -267,9 +267,9 @@ describe UserUpdater do
context 'when sso overrides bio' do context 'when sso overrides bio' do
it 'does not change bio' do it 'does not change bio' do
SiteSetting.sso_url = "https://www.example.com/sso" SiteSetting.discourse_connect_url = "https://www.example.com/sso"
SiteSetting.enable_sso = true SiteSetting.enable_discourse_connect = true
SiteSetting.sso_overrides_bio = true SiteSetting.discourse_connect_overrides_bio = true
user = Fabricate(:user) user = Fabricate(:user)
updater = UserUpdater.new(acting_user, user) updater = UserUpdater.new(acting_user, user)
@ -283,9 +283,9 @@ describe UserUpdater do
context 'when sso overrides location' do context 'when sso overrides location' do
it 'does not change location' do it 'does not change location' do
SiteSetting.sso_url = "https://www.example.com/sso" SiteSetting.discourse_connect_url = "https://www.example.com/sso"
SiteSetting.enable_sso = true SiteSetting.enable_discourse_connect = true
SiteSetting.sso_overrides_location = true SiteSetting.discourse_connect_overrides_location = true
user = Fabricate(:user) user = Fabricate(:user)
updater = UserUpdater.new(acting_user, user) updater = UserUpdater.new(acting_user, user)
@ -299,9 +299,9 @@ describe UserUpdater do
context 'when sso overrides website' do context 'when sso overrides website' do
it 'does not change website' do it 'does not change website' do
SiteSetting.sso_url = "https://www.example.com/sso" SiteSetting.discourse_connect_url = "https://www.example.com/sso"
SiteSetting.enable_sso = true SiteSetting.enable_discourse_connect = true
SiteSetting.sso_overrides_website = true SiteSetting.discourse_connect_overrides_website = true
user = Fabricate(:user) user = Fabricate(:user)
updater = UserUpdater.new(acting_user, user) updater = UserUpdater.new(acting_user, user)