FIX: redirect to return_url when working as SSO provider

2015-10-25 10:30:19 +05:30 · 2015-10-25 10:30:19 +05:30 · c28843e87b
parent d49ea33465
commit c28843e87b
3 changed files with 58 additions and 28 deletions
--- a/app/assets/javascripts/discourse/controllers/login.js.es6
+++ b/app/assets/javascripts/discourse/controllers/login.js.es6
@ -78,9 +78,15 @@ export default Ember.Controller.extend(ModalFunctionality, {
          const $hidden_login_form = $('#hidden-login-form');
          const destinationUrl = $.cookie('destination_url');
          const shouldRedirectToUrl = self.session.get("shouldRedirectToUrl");
+          const ssoDestinationUrl = $.cookie('sso_destination_url');
          $hidden_login_form.find('input[name=username]').val(self.get('loginName'));
          $hidden_login_form.find('input[name=password]').val(self.get('loginPassword'));
-          if (destinationUrl) {
+          
+          if (ssoDestinationUrl) {
+            $.cookie('sso_destination_url', null);
+            window.location.assign(ssoDestinationUrl);
+            return;
+          } else if (destinationUrl) {
            // redirect client to the original URL
            $.cookie('destination_url', null);
            $hidden_login_form.find('input[name=redirect]').val(destinationUrl);
--- a/app/controllers/session_controller.rb
+++ b/app/controllers/session_controller.rb
@ -37,7 +37,11 @@ class SessionController < ApplicationController
        sso.external_id = current_user.id.to_s
        sso.admin = current_user.admin?
        sso.moderator = current_user.moderator?
-        redirect_to sso.to_url(sso.return_sso_url)
+        if request.xhr?
+          cookies[:sso_destination_url] = sso.to_url(sso.return_sso_url)
+        else
+          redirect_to sso.to_url(sso.return_sso_url)
+        end
      else
        session[:sso_payload] = request.query_string
        redirect_to path('/login')
@ -266,9 +270,8 @@ class SessionController < ApplicationController

    if payload = session.delete(:sso_payload)
      sso_provider(payload)
-    else
-      render_serialized(user, UserSerializer)
    end
+    render_serialized(user, UserSerializer)
  end

 end
--- a/spec/controllers/session_controller_spec.rb
+++ b/spec/controllers/session_controller_spec.rb
@ -264,40 +264,61 @@ describe SessionController do
      expect(response.code).to eq('419')
    end

-    it 'can act as an SSO provider' do
-      SiteSetting.enable_sso_provider = true
-      SiteSetting.enable_sso = false
-      SiteSetting.enable_local_logins = true
-      SiteSetting.sso_secret = "topsecret"
+    describe 'can act as an SSO provider' do
+      before do
+        SiteSetting.enable_sso_provider = true
+        SiteSetting.enable_sso = false
+        SiteSetting.enable_local_logins = true
+        SiteSetting.sso_secret = "topsecret"

-      sso = SingleSignOn.new
-      sso.nonce = "mynonce"
-      sso.sso_secret = SiteSetting.sso_secret
-      sso.return_sso_url = "http://somewhere.over.rainbow/sso"
+        @sso = SingleSignOn.new
+        @sso.nonce = "mynonce"
+        @sso.sso_secret = SiteSetting.sso_secret
+        @sso.return_sso_url = "http://somewhere.over.rainbow/sso"

-      get :sso_provider, Rack::Utils.parse_query(sso.payload)
+        @user = Fabricate(:user, password: "frogs", active: true, admin: true)
+        EmailToken.update_all(confirmed: true)
+      end

-      expect(response).to redirect_to("/login")
+      it "successfully logs in and redirects user to return_sso_url when the user is not logged in" do
+        get :sso_provider, Rack::Utils.parse_query(@sso.payload)
+        expect(response).to redirect_to("/login")

-      user = Fabricate(:user, password: "frogs", active: true, admin: true)
-      EmailToken.update_all(confirmed: true)
+        xhr :post, :create, login: @user.username, password: "frogs", format: :json

-      xhr :post, :create, login: user.username, password: "frogs", format: :json
+        location = cookies[:sso_destination_url]
+        # javascript code will handle redirection of user to return_sso_url
+        expect(location).to match(/^http:\/\/somewhere.over.rainbow\/sso/)

-      location = response.header["Location"]
-      expect(location).to match(/^http:\/\/somewhere.over.rainbow\/sso/)
+        payload = location.split("?")[1]
+        sso2 = SingleSignOn.parse(payload, "topsecret")

-      payload = location.split("?")[1]
+        expect(sso2.email).to eq(@user.email)
+        expect(sso2.name).to eq(@user.name)
+        expect(sso2.username).to eq(@user.username)
+        expect(sso2.external_id).to eq(@user.id.to_s)
+        expect(sso2.admin).to eq(true)
+        expect(sso2.moderator).to eq(false)
+      end

-      sso2 = SingleSignOn.parse(payload, "topsecret")
+      it "successfully redirects user to return_sso_url when the user is logged in" do
+        log_in_user(@user)

-      expect(sso2.email).to eq(user.email)
-      expect(sso2.name).to eq(user.name)
-      expect(sso2.username).to eq(user.username)
-      expect(sso2.external_id).to eq(user.id.to_s)
-      expect(sso2.admin).to eq(true)
-      expect(sso2.moderator).to eq(false)
+        get :sso_provider, Rack::Utils.parse_query(@sso.payload)

+        location = response.header["Location"]
+        expect(location).to match(/^http:\/\/somewhere.over.rainbow\/sso/)
+
+        payload = location.split("?")[1]
+        sso2 = SingleSignOn.parse(payload, "topsecret")
+
+        expect(sso2.email).to eq(@user.email)
+        expect(sso2.name).to eq(@user.name)
+        expect(sso2.username).to eq(@user.username)
+        expect(sso2.external_id).to eq(@user.id.to_s)
+        expect(sso2.admin).to eq(true)
+        expect(sso2.moderator).to eq(false)
+      end
    end

    describe 'local attribute override from SSO payload' do