Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

FIX: do not show SSO last payload to moderators (#12084)

This commit is contained in:
Arpit Jalan 2021-02-15 16:12:06 +05:30 committed by GitHub
parent 465b402b08
commit 901d6080df
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 19 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/serializers/single_sign_on_record_serializer.rb
View File

@ -7,4 +7,8 @@ class SingleSignOnRecordSerializer < ApplicationSerializer
:external_name, :external_avatar_url,
:external_profile_background_url,
:external_card_background_url
def include_last_payload?
scope.is_admin?
end
end

16
spec/serializers/single_sign_on_record_serializer_spec.rb
View File

@ -5,7 +5,7 @@ require 'rails_helper'
RSpec.describe SingleSignOnRecordSerializer do
fab!(:user) { Fabricate(:user) }
let :sso do
SingleSignOnRecord.create!(user_id: user.id, external_id: '12345', external_email: user.email, last_payload: '')
SingleSignOnRecord.create!(user_id: user.id, external_id: '12345', external_email: user.email, last_payload: 'foobar')
end
context "admin" do
@ -21,4 +21,18 @@ RSpec.describe SingleSignOnRecordSerializer do
expect(payload[:external_email]).to be_nil
end
end
context "moderator" do
let(:moderator) { Fabricate(:moderator) }
let :serializer do
SingleSignOnRecordSerializer.new(sso, scope: Guardian.new(moderator), root: false)
end
it "should not include user sso payload" do
payload = serializer.as_json
expect(payload[:user_id]).to eq(user.id)
expect(payload[:external_id]).to eq('12345')
expect(payload[:last_payload]).to be_nil
end
end
end