FIX: redirect to return_url when working as SSO provider
This commit is contained in:
parent
d49ea33465
commit
c28843e87b
|
@ -78,9 +78,15 @@ export default Ember.Controller.extend(ModalFunctionality, {
|
||||||
const $hidden_login_form = $('#hidden-login-form');
|
const $hidden_login_form = $('#hidden-login-form');
|
||||||
const destinationUrl = $.cookie('destination_url');
|
const destinationUrl = $.cookie('destination_url');
|
||||||
const shouldRedirectToUrl = self.session.get("shouldRedirectToUrl");
|
const shouldRedirectToUrl = self.session.get("shouldRedirectToUrl");
|
||||||
|
const ssoDestinationUrl = $.cookie('sso_destination_url');
|
||||||
$hidden_login_form.find('input[name=username]').val(self.get('loginName'));
|
$hidden_login_form.find('input[name=username]').val(self.get('loginName'));
|
||||||
$hidden_login_form.find('input[name=password]').val(self.get('loginPassword'));
|
$hidden_login_form.find('input[name=password]').val(self.get('loginPassword'));
|
||||||
if (destinationUrl) {
|
|
||||||
|
if (ssoDestinationUrl) {
|
||||||
|
$.cookie('sso_destination_url', null);
|
||||||
|
window.location.assign(ssoDestinationUrl);
|
||||||
|
return;
|
||||||
|
} else if (destinationUrl) {
|
||||||
// redirect client to the original URL
|
// redirect client to the original URL
|
||||||
$.cookie('destination_url', null);
|
$.cookie('destination_url', null);
|
||||||
$hidden_login_form.find('input[name=redirect]').val(destinationUrl);
|
$hidden_login_form.find('input[name=redirect]').val(destinationUrl);
|
||||||
|
|
|
@ -37,7 +37,11 @@ class SessionController < ApplicationController
|
||||||
sso.external_id = current_user.id.to_s
|
sso.external_id = current_user.id.to_s
|
||||||
sso.admin = current_user.admin?
|
sso.admin = current_user.admin?
|
||||||
sso.moderator = current_user.moderator?
|
sso.moderator = current_user.moderator?
|
||||||
|
if request.xhr?
|
||||||
|
cookies[:sso_destination_url] = sso.to_url(sso.return_sso_url)
|
||||||
|
else
|
||||||
redirect_to sso.to_url(sso.return_sso_url)
|
redirect_to sso.to_url(sso.return_sso_url)
|
||||||
|
end
|
||||||
else
|
else
|
||||||
session[:sso_payload] = request.query_string
|
session[:sso_payload] = request.query_string
|
||||||
redirect_to path('/login')
|
redirect_to path('/login')
|
||||||
|
@ -266,9 +270,8 @@ class SessionController < ApplicationController
|
||||||
|
|
||||||
if payload = session.delete(:sso_payload)
|
if payload = session.delete(:sso_payload)
|
||||||
sso_provider(payload)
|
sso_provider(payload)
|
||||||
else
|
|
||||||
render_serialized(user, UserSerializer)
|
|
||||||
end
|
end
|
||||||
|
render_serialized(user, UserSerializer)
|
||||||
end
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
|
@ -264,40 +264,61 @@ describe SessionController do
|
||||||
expect(response.code).to eq('419')
|
expect(response.code).to eq('419')
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'can act as an SSO provider' do
|
describe 'can act as an SSO provider' do
|
||||||
|
before do
|
||||||
SiteSetting.enable_sso_provider = true
|
SiteSetting.enable_sso_provider = true
|
||||||
SiteSetting.enable_sso = false
|
SiteSetting.enable_sso = false
|
||||||
SiteSetting.enable_local_logins = true
|
SiteSetting.enable_local_logins = true
|
||||||
SiteSetting.sso_secret = "topsecret"
|
SiteSetting.sso_secret = "topsecret"
|
||||||
|
|
||||||
sso = SingleSignOn.new
|
@sso = SingleSignOn.new
|
||||||
sso.nonce = "mynonce"
|
@sso.nonce = "mynonce"
|
||||||
sso.sso_secret = SiteSetting.sso_secret
|
@sso.sso_secret = SiteSetting.sso_secret
|
||||||
sso.return_sso_url = "http://somewhere.over.rainbow/sso"
|
@sso.return_sso_url = "http://somewhere.over.rainbow/sso"
|
||||||
|
|
||||||
get :sso_provider, Rack::Utils.parse_query(sso.payload)
|
@user = Fabricate(:user, password: "frogs", active: true, admin: true)
|
||||||
|
EmailToken.update_all(confirmed: true)
|
||||||
|
end
|
||||||
|
|
||||||
|
it "successfully logs in and redirects user to return_sso_url when the user is not logged in" do
|
||||||
|
get :sso_provider, Rack::Utils.parse_query(@sso.payload)
|
||||||
expect(response).to redirect_to("/login")
|
expect(response).to redirect_to("/login")
|
||||||
|
|
||||||
user = Fabricate(:user, password: "frogs", active: true, admin: true)
|
xhr :post, :create, login: @user.username, password: "frogs", format: :json
|
||||||
EmailToken.update_all(confirmed: true)
|
|
||||||
|
|
||||||
xhr :post, :create, login: user.username, password: "frogs", format: :json
|
location = cookies[:sso_destination_url]
|
||||||
|
# javascript code will handle redirection of user to return_sso_url
|
||||||
|
expect(location).to match(/^http:\/\/somewhere.over.rainbow\/sso/)
|
||||||
|
|
||||||
|
payload = location.split("?")[1]
|
||||||
|
sso2 = SingleSignOn.parse(payload, "topsecret")
|
||||||
|
|
||||||
|
expect(sso2.email).to eq(@user.email)
|
||||||
|
expect(sso2.name).to eq(@user.name)
|
||||||
|
expect(sso2.username).to eq(@user.username)
|
||||||
|
expect(sso2.external_id).to eq(@user.id.to_s)
|
||||||
|
expect(sso2.admin).to eq(true)
|
||||||
|
expect(sso2.moderator).to eq(false)
|
||||||
|
end
|
||||||
|
|
||||||
|
it "successfully redirects user to return_sso_url when the user is logged in" do
|
||||||
|
log_in_user(@user)
|
||||||
|
|
||||||
|
get :sso_provider, Rack::Utils.parse_query(@sso.payload)
|
||||||
|
|
||||||
location = response.header["Location"]
|
location = response.header["Location"]
|
||||||
expect(location).to match(/^http:\/\/somewhere.over.rainbow\/sso/)
|
expect(location).to match(/^http:\/\/somewhere.over.rainbow\/sso/)
|
||||||
|
|
||||||
payload = location.split("?")[1]
|
payload = location.split("?")[1]
|
||||||
|
|
||||||
sso2 = SingleSignOn.parse(payload, "topsecret")
|
sso2 = SingleSignOn.parse(payload, "topsecret")
|
||||||
|
|
||||||
expect(sso2.email).to eq(user.email)
|
expect(sso2.email).to eq(@user.email)
|
||||||
expect(sso2.name).to eq(user.name)
|
expect(sso2.name).to eq(@user.name)
|
||||||
expect(sso2.username).to eq(user.username)
|
expect(sso2.username).to eq(@user.username)
|
||||||
expect(sso2.external_id).to eq(user.id.to_s)
|
expect(sso2.external_id).to eq(@user.id.to_s)
|
||||||
expect(sso2.admin).to eq(true)
|
expect(sso2.admin).to eq(true)
|
||||||
expect(sso2.moderator).to eq(false)
|
expect(sso2.moderator).to eq(false)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe 'local attribute override from SSO payload' do
|
describe 'local attribute override from SSO payload' do
|
||||||
|
|
Loading…
Reference in New Issue