From 1f0915bf838cfea3ab2aa9c00eda677dacf71789 Mon Sep 17 00:00:00 2001
From: Ryan Fox <ryan.fox@upverter.com>
Date: Mon, 2 Feb 2015 12:55:32 -0500
Subject: [PATCH 1/2] Allow periods in the external_id value used in the
 /users/by-external route.

---
 app/controllers/users_controller.rb | 7 +++++++
 config/routes.rb                    | 3 ++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index a44008d11d5..1c76a22aa8b 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -28,6 +28,13 @@ class UsersController < ApplicationController
   def show
     @user = fetch_user_from_params
     user_serializer = UserSerializer.new(@user, scope: guardian, root: 'user')
+
+    # This is a hack to get around a Rails issue where values with periods aren't handled correctly
+    # when used as part of a route.
+    if params[:external_id] and params[:external_id].ends_with? '.json'
+      return render_json_dump(user_serializer)
+    end
+
     respond_to do |format|
       format.html do
         @restrict_fields = guardian.restrict_user_fields?(@user)
diff --git a/config/routes.rb b/config/routes.rb
index 8a41b8be10c..03a92e4197f 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -256,7 +256,8 @@ Discourse::Application.routes.draw do
   get "users/:username/badges" => "users#show", constraints: {username: USERNAME_ROUTE_FORMAT}
   get "users/:username/notifications" => "users#show", constraints: {username: USERNAME_ROUTE_FORMAT}
   delete "users/:username" => "users#destroy", constraints: {username: USERNAME_ROUTE_FORMAT}
-  get "users/by-external/:external_id" => "users#show"
+  # The external_id constraint is to allow periods to be used in the value without becoming part of the format. ie: foo.bar.json
+  get "users/by-external/:external_id" => "users#show", constraints: {external_id: /[^\/]+/}
   get "users/:username/flagged-posts" => "users#show", constraints: {username: USERNAME_ROUTE_FORMAT}
   get "users/:username/deleted-posts" => "users#show", constraints: {username: USERNAME_ROUTE_FORMAT}
   get "users/:username/badges_json" => "user_badges#username"

From c3f21dcdfc9fd73a962de021b05c81bb5b6f1e97 Mon Sep 17 00:00:00 2001
From: Ryan Fox <ryan.fox@upverter.com>
Date: Mon, 2 Feb 2015 12:58:02 -0500
Subject: [PATCH 2/2] Remove the .json part from the external_id value when
 using it to lookup a user.

---
 app/controllers/application_controller.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index ff805687b44..e8313fbde47 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -239,7 +239,8 @@ class ApplicationController < ActionController::Base
       find_opts[:active] = true unless opts[:include_inactive]
       User.find_by(find_opts)
     elsif params[:external_id]
-      SingleSignOnRecord.find_by(external_id: params[:external_id]).try(:user)
+      external_id = params[:external_id].gsub(/\.json$/, '')
+      SingleSignOnRecord.find_by(external_id: external_id).try(:user)
     end
     raise Discourse::NotFound.new if user.blank?