Commit Graph

73 Commits

Author SHA1 Message Date
Sam Saffron f8be43644b DEV: allow nonce expiry time to be extended cleanly from a plugin
Previously one would have to redefine a constant
2019-03-19 17:33:38 +11:00
Sam e64402cb3b SECURITY: correct edge case when SSO provides unvalidated emails 2018-09-11 08:24:02 +10:00
Sam e6970151a6 FEATURE: allow specifying locale via SSO
Use:

locale
locale_force_update

To force user locale on users where SiteSetting.allow_user_locale is enabled

Note: If an invalid locale is specified no action will occur
2018-08-30 09:58:03 +10:00
David Lee 4644d777bd FEATURE: add website field to SSO 2018-06-25 16:09:39 +10:00
Régis Hanol 2cf6fb7359 FIX: always unstage users when they log in 2018-05-13 17:00:02 +02:00
Misaka 0x4e21 ff6be3c2e3 FEATURE: add profile_background fields into SSO (#5701)
Add profile_background and card_background fields into Discourse SSO.
2018-05-07 10:03:26 +02:00
Guo Xiang Tan 6e46f81123 Add a distributed mutex around user creation via SSO.
* When two SSO requests containing the same email in the payload are
  sent at the same time, it would sometimes result in two users
  being created but one without an email record. Investigations
  points to ActiveRecord not generating the right statements but
  we have no figured out the reproduction steps yet. We should review
  this after upgrading to Rails 5.2.
2018-04-12 16:18:49 +08:00
Sam fe37ce165d correct issue where groups was never being blanked 2018-04-10 15:30:18 +10:00
Sam afaeb20f27 FEATURE: Add option to have sso synchronize group membership
In some cases add_groups and remove_groups is too much work, some sites
may wish to simply synchronize group membership based on a list.

When sso_overrides_groups is on all not automatic group membership is
sourced from SSO. Note if you omit to specify groups, they will be cleared
out.
2018-04-10 13:17:23 +10:00
Guo Xiang Tan d0e7898fa0 Build `primary_email` association directly in `DiscourseSingleSignOn`. 2018-03-20 19:36:35 +08:00
Michael Brown 1b5549df58 FIX: my sso_overrides_username assumed username was passed 2018-03-13 18:29:11 -04:00
Michael Brown 3c3d205180 FIX: sso_overrides_username may inappropriately change the username if the case changed 2018-03-09 16:06:55 -05:00
Guo Xiang Tan 6b59a2827d Add more information to SSO user creation logging. 2018-03-02 18:27:15 +08:00
Guo Xiang Tan bbb30bedf3 Improve output of SSO verbose logging. 2018-02-22 11:26:13 +08:00
Arpit Jalan b21d5d3633 FIX: SSO email match should be case insensitive 2017-11-08 20:37:41 +05:30
Guo Xiang Tan 9355f92f78 Add more verbose SSO logging. 2017-11-07 19:38:36 +08:00
Guo Xiang Tan 95c891cf11 Raise error if sso record fails to create. 2017-11-07 18:38:38 +08:00
Neil Lalonde 9813f9f0f8 FIX: more cases of case sensitive group membership in sso 2017-08-11 18:09:29 -04:00
Neil Lalonde 3de45ce0cd FIX: use case insensitive group name search when applying group rules from SSO 2017-08-02 11:30:37 -04:00
Guo Xiang Tan 5012d46cbd Add rubocop to our build. (#5004) 2017-07-28 10:20:09 +09:00
Régis Hanol d6c63cc5b2 FIX: user's default group should only be set once
Setting a user's default groups based on their email address should only be done once, ie. when they confirm their email address.
Previously we were doing this everytime we'd save a user record 🤷
2017-06-14 19:20:18 +02:00
Sam 763f156d91 FIX: require re-activation if SSO changes email and updates it 2017-05-16 16:18:18 -04:00
Viet Hoang 40164ccd4a Add user title to SSO payload 2017-01-31 16:42:27 -08:00
Arpit Jalan 0791c2c966 FIX: sso_overrides_avatar should override previously set avatar 2017-01-19 10:52:24 +05:30
Sam 3d76ce1421 FEATURE: SSO support for adding and removing a user to groups
Use: add_groups with a comma delimited list to ensure a user is in groups (using group names)

Use: remove_groups with a comma delimited list to ensure a user is removed from groups (using group names)
2016-11-11 16:57:31 +11:00
Régis Hanol 750338954c FIX: download SSO avatars in a background job to prevent hangs when avatars are huge 2016-10-24 19:55:30 +02:00
Sam 33578a2c17 FIX: always import avatars during SSO if they are missing 2016-09-16 09:45:00 +10:00
Sam 0a39ba43ed FIX: always respect avatar_force_update 2016-09-02 12:04:22 +10:00
Erick Guan 0217973374
FIX: Importing user avatar when new user login by SSO 2016-08-29 20:47:19 +08:00
Sam 9018de39ed FEATURE: allow shipping bio markdown via SSO
- Also adds site setting for sso_overrides_bio to disable bio editing by end users
2016-08-01 15:29:28 +10:00
Régis Hanol 874c18cbc1 FIX: unstage users when using SSO 2016-06-21 11:28:58 +02:00
Sam b04ab83f12 FIX: refresh automatic group if SSO specifies admin/mod 2016-05-17 17:31:34 +10:00
Sam 19ca08857f FEATURE: verbose SSO logging
By enabling the site setting verbose_sso_logging
you can log information every time a user tries initiates SSO
and during SSO failures
2016-04-08 11:20:01 +10:00
Régis Hanol 97c7b894ce better logs when an error happens in SSO 2016-02-24 21:57:01 +01:00
Guo Xiang Tan 3142eb76dc Revert "FIX: find_by_attribute method in Rails 4.5 is case insensitive."
This reverts commit 2af587005b.
2016-02-22 15:55:48 +08:00
Guo Xiang Tan 2af587005b FIX: find_by_attribute method in Rails 4.5 is case insensitive.
* https://github.com/rails/rails/pull/23690
2016-02-15 23:05:16 +08:00
Sam 6451495ec6 FIX: only override sso name / username if it is supplied 2015-08-24 10:24:33 +10:00
Robin Ward cb94a9000d Revert "Revert "Extract logic to save external avatar url""
This reverts commit 2d20e4c692.
2015-06-23 15:59:50 -04:00
Robin Ward 2d20e4c692 Revert "Extract logic to save external avatar url"
This reverts commit 18b8df3f32.
2015-06-23 15:45:34 -04:00
Robin Ward 18b8df3f32 Extract logic to save external avatar url 2015-06-23 15:23:19 -04:00
Sam d1d703718a Merge pull request #3476 from paulkaplan/sso-distrust-email
Add SSO setting to not trust emails automatically
2015-05-20 12:07:14 +10:00
Sam bd63699d63 FIX: rescue even more errors in case avatar has issues downloading 2015-05-20 10:43:53 +10:00
Paul Kaplan 1c34341f31 Replace site setting with a payload attribute 2015-05-19 11:16:02 -05:00
Paul Kaplan 4c26c4d9bc Add a SiteSetting to not trust sso emails by default 2015-05-15 12:15:06 -05:00
Sam b7897d24b1 keep working even if username is blank 2015-05-07 13:52:26 +10:00
Sam 05737effef FIX: stop stripping dots from SSO names
This could upset Louis C.K.
2015-03-27 10:25:51 +11:00
Sam d80ed94608 more username cycling avoidance 2015-03-27 10:10:53 +11:00
Sam 0c287d7d6b ensure usernames do not keep cycling 2015-03-27 10:04:16 +11:00
Sam 4566a1e30a FIX: sso override code not triggered when attaching to existing user 2015-03-27 09:39:35 +11:00
Dan Singerman e8648350eb Add an sso option to suppress welcome emails
As discussed here: https://meta.discourse.org/t/create-new-sso-users-without-sending-welcome-emails/24894
2015-03-20 17:04:52 +00:00