Merge pull request #3476 from paulkaplan/sso-distrust-email
Add SSO setting to not trust emails automatically
This commit is contained in:
commit
d1d703718a
|
@ -73,6 +73,11 @@ class SessionController < ApplicationController
|
||||||
if SiteSetting.must_approve_users? && !user.approved?
|
if SiteSetting.must_approve_users? && !user.approved?
|
||||||
render text: I18n.t("sso.account_not_approved"), status: 403
|
render text: I18n.t("sso.account_not_approved"), status: 403
|
||||||
return
|
return
|
||||||
|
elsif !user.active?
|
||||||
|
activation = UserActivator.new(user, request, session, cookies)
|
||||||
|
activation.finish
|
||||||
|
session["user_created_message"] = activation.message
|
||||||
|
redirect_to users_account_created_path and return
|
||||||
else
|
else
|
||||||
log_on_user user
|
log_on_user user
|
||||||
end
|
end
|
||||||
|
|
|
@ -57,7 +57,7 @@ class DiscourseSingleSignOn < SingleSignOn
|
||||||
change_external_attributes_and_override(sso_record, user)
|
change_external_attributes_and_override(sso_record, user)
|
||||||
end
|
end
|
||||||
|
|
||||||
if sso_record && (user = sso_record.user) && !user.active
|
if sso_record && (user = sso_record.user) && !user.active && !require_activation
|
||||||
user.active = true
|
user.active = true
|
||||||
user.save!
|
user.save!
|
||||||
user.enqueue_welcome_message('welcome_user') unless suppress_welcome_message
|
user.enqueue_welcome_message('welcome_user') unless suppress_welcome_message
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
class SingleSignOn
|
class SingleSignOn
|
||||||
ACCESSORS = [:nonce, :name, :username, :email, :avatar_url, :avatar_force_update,
|
ACCESSORS = [:nonce, :name, :username, :email, :avatar_url, :avatar_force_update, :require_activation,
|
||||||
:about_me, :external_id, :return_sso_url, :admin, :moderator, :suppress_welcome_message]
|
:about_me, :external_id, :return_sso_url, :admin, :moderator, :suppress_welcome_message]
|
||||||
FIXNUMS = []
|
FIXNUMS = []
|
||||||
BOOLS = [:avatar_force_update, :admin, :moderator, :suppress_welcome_message]
|
BOOLS = [:avatar_force_update, :admin, :moderator, :suppress_welcome_message]
|
||||||
|
|
|
@ -193,6 +193,54 @@ describe SessionController do
|
||||||
expect(logged_on_user.custom_fields["bla"]).to eq(nil)
|
expect(logged_on_user.custom_fields["bla"]).to eq(nil)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
context 'when sso emails are not trusted' do
|
||||||
|
context 'if you have not activated your account' do
|
||||||
|
it 'does not log you in' do
|
||||||
|
sso = get_sso('/a/')
|
||||||
|
sso.external_id = '666' # the number of the beast
|
||||||
|
sso.email = 'bob@bob.com'
|
||||||
|
sso.name = 'Sam Saffron'
|
||||||
|
sso.username = 'sam'
|
||||||
|
sso.require_activation = true
|
||||||
|
|
||||||
|
get :sso_login, Rack::Utils.parse_query(sso.payload)
|
||||||
|
|
||||||
|
logged_on_user = Discourse.current_user_provider.new(request.env).current_user
|
||||||
|
expect(logged_on_user).to eq(nil)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'sends an activation email' do
|
||||||
|
Jobs.expects(:enqueue).with(:user_email, has_entries(type: :signup))
|
||||||
|
sso = get_sso('/a/')
|
||||||
|
sso.external_id = '666' # the number of the beast
|
||||||
|
sso.email = 'bob@bob.com'
|
||||||
|
sso.name = 'Sam Saffron'
|
||||||
|
sso.username = 'sam'
|
||||||
|
sso.require_activation = true
|
||||||
|
|
||||||
|
get :sso_login, Rack::Utils.parse_query(sso.payload)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'if you have activated your account' do
|
||||||
|
it 'allows you to log in' do
|
||||||
|
sso = get_sso('/hello/world')
|
||||||
|
sso.external_id = '997'
|
||||||
|
sso.sso_url = "http://somewhere.over.com/sso_login"
|
||||||
|
sso.require_activation = true
|
||||||
|
|
||||||
|
user = Fabricate(:user)
|
||||||
|
user.create_single_sign_on_record(external_id: '997', last_payload: '')
|
||||||
|
user.stubs(:active?).returns(true)
|
||||||
|
|
||||||
|
get :sso_login, Rack::Utils.parse_query(sso.payload)
|
||||||
|
|
||||||
|
logged_on_user = Discourse.current_user_provider.new(request.env).current_user
|
||||||
|
expect(user.id).to eq(logged_on_user.id)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
it 'allows login to existing account with valid nonce' do
|
it 'allows login to existing account with valid nonce' do
|
||||||
sso = get_sso('/hello/world')
|
sso = get_sso('/hello/world')
|
||||||
sso.external_id = '997'
|
sso.external_id = '997'
|
||||||
|
|
|
@ -140,6 +140,29 @@ describe DiscourseSingleSignOn do
|
||||||
expect(sso.nonce).to_not be_nil
|
expect(sso.nonce).to_not be_nil
|
||||||
end
|
end
|
||||||
|
|
||||||
|
context 'trusting emails' do
|
||||||
|
let(:sso) {
|
||||||
|
sso = DiscourseSingleSignOn.new
|
||||||
|
sso.username = "test"
|
||||||
|
sso.name = "test"
|
||||||
|
sso.email = "test@example.com"
|
||||||
|
sso.external_id = "A"
|
||||||
|
sso
|
||||||
|
}
|
||||||
|
|
||||||
|
it 'activates users by default' do
|
||||||
|
user = sso.lookup_or_create_user(ip_address)
|
||||||
|
expect(user.active).to eq(true)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'does not activate user when asked not to' do
|
||||||
|
sso.require_activation = true
|
||||||
|
user = sso.lookup_or_create_user(ip_address)
|
||||||
|
expect(user.active).to eq(false)
|
||||||
|
end
|
||||||
|
|
||||||
|
end
|
||||||
|
|
||||||
context 'welcome emails' do
|
context 'welcome emails' do
|
||||||
let(:sso) {
|
let(:sso) {
|
||||||
sso = DiscourseSingleSignOn.new
|
sso = DiscourseSingleSignOn.new
|
||||||
|
|
Loading…
Reference in New Issue