Commit Graph

87 Commits

Author SHA1 Message Date
David Taylor 0902e56162
FEATURE: Flag to disable DiscourseConnect CSRF protection (#12356)
This is not recommended. But if you have other protections in place for CSRF mitigation, you may wish to disable Discourse's implementation. This site setting is not visible in the UI, and must be changed via the console.
2021-03-11 10:38:34 +00:00
David Taylor 13d2a1f82c
SECURITY: Attach DiscourseConnect (SSO) nonce to current session (#12124) 2021-02-18 10:35:10 +00:00
David Taylor 821bb1e8cb
FEATURE: Rename 'Discourse SSO' to DiscourseConnect (#11978)
The 'Discourse SSO' protocol is being rebranded to DiscourseConnect. This should help to reduce confusion when 'SSO' is used in the generic sense.

This commit aims to:
- Rename `sso_` site settings. DiscourseConnect specific ones are prefixed `discourse_connect_`. Generic settings are prefixed `auth_`
- Add (server-side-only) backwards compatibility for the old setting names, with deprecation notices
- Copy `site_settings` database records to the new names
- Rename relevant translation keys
- Update relevant translations

This commit does **not** aim to:
- Rename any Ruby classes or methods. This might be done in a future commit
- Change any URLs. This would break existing integrations
- Make any changes to the protocol. This would break existing integrations
- Change any functionality. Further normalization across DiscourseConnect and other auth methods will be done separately

The risks are:
- There is no backwards compatibility for site settings on the client-side. Accessing auth-related site settings in Javascript is fairly rare, and an error on the client side would not be security-critical.
- If a plugin is monkey-patching parts of the auth process, changes to locale keys could cause broken error messages. This should also be unlikely. The old site setting names remain functional, so security-related overrides will remain working.

A follow-up commit will be made with a post-deploy migration to delete the old `site_settings` rows.
2021-02-08 10:04:33 +00:00
Sam 3e1b94c227
PERF: avoid checking card background and user background when not supplied (#11299)
Previously we were performing a bunch of needless work when SSO failed
to supply profile and card backgrounds.
2020-11-25 10:53:44 +11:00
Sam ffc3da35a6
FIX: handle rapid concurrent SSO attempts more gracefully (#11180)
Rapid concurrent SSO attempts is something that happens quite frequently
in the wild at large enough scale.

When this happens conditions such as adding a user to a group could possibly
fire concurrently causing a user to be added to the same group twice and
erroring out.

To avoid all concurrency issues here we protect with a coarse distributed
mutex. This heavily mitigates the risk around concurrent group additions and
concurrent updates to user related records.
2020-11-10 10:40:41 +00:00
mentalstring 67f3fe14aa
FEATURE: support SSO website and location overrides
Add location and website + the ability to override using SSO using the `sso_overrides_location` and `sso_overrides_website` site settings.
2020-04-28 16:06:35 +10:00
Sam Saffron b824898f61
FIX: respect automatic group membership when sso changes email
Previously we were only updating group membership when a user record was
first created in an SSO setting.

This corrects it so we also update it if SSO changes the email
2020-04-08 16:33:50 +10:00
Jarek Radosz e950471c0f
DEV: Replace User.unstage and User#unstage API with User#unstage! (#8906)
* DEV: Replace User.unstage and User#unstage API with User#unstage!

Quoting @SamSaffron:

> User.unstage mixes concerns of both unstaging users and updating params which is fragile/surprising.
> u.unstage destroys notifications and raises a user_unstaged event prior to the user becoming unstaged and the user object being saved.

User#unstage! no longer updates user attributes and saves the object before triggering the `user_unstaged` event.

* Update one more spec

* Assign attributes after unstaging
2020-03-17 16:48:24 +01:00
Sam Saffron 88ecb650a9 DEV: Implement a faster Discourse.cache
This is a bottom up rewrite of Discourse cache to support faster performance
and a limited surface area.

ActiveSupport::Cache::Store accepts many options we do not use, this partial
implementation only picks the bits out that we do use and want to support.

Additionally params are named which avoids typos such as "expires_at" vs "expires_in"

This also moves a few spots in Discourse to use Discourse.cache over setex
Performance of setex and Discourse.cache.write is similar.
2019-11-27 16:11:49 +11:00
Krzysztof Kotlarek 427d54b2b0 DEV: Upgrading Discourse to Zeitwerk (#8098)
Zeitwerk simplifies working with dependencies in dev and makes it easier reloading class chains. 

We no longer need to use Rails "require_dependency" anywhere and instead can just use standard 
Ruby patterns to require files.

This is a far reaching change and we expect some followups here.
2019-10-02 14:01:53 +10:00
Sam Saffron 7b17eb06da FEATURE: ban any SSO attempts with invalid external id
We now treat any external_id of blank string (" " or "     " or "", etc) or a
invalid word (none, nil, blank, null) - case insensitive - as invalid.

In this case the client will see "please contact admin" the logs will explain
the reason clearly.
2019-06-11 10:04:26 +10:00
Sam Saffron 30990006a9 DEV: enable frozen string literal on all files
This reduces chances of errors where consumers of strings mutate inputs
and reduces memory usage of the app.

Test suite passes now, but there may be some stuff left, so we will run
a few sites on a branch prior to merging
2019-05-13 09:31:32 +08:00
Guo Xiang Tan 24347ace10 FIX: Properly associate user_profiles background urls via upload id.
`Upload#url` is more likely and can change from time to time. When it
does changes, we don't want to have to look through multiple tables to
ensure that the URLs are all up to date. Instead, we simply associate
uploads properly to `UserProfile` so that it does not have to replicate
the URLs in the table.
2019-05-02 14:58:24 +08:00
Robin Ward cab83596ec FIX: Sites with SSO that required approval were not creating reviewables 2019-04-10 12:53:50 -04:00
Sam Saffron f8be43644b DEV: allow nonce expiry time to be extended cleanly from a plugin
Previously one would have to redefine a constant
2019-03-19 17:33:38 +11:00
Sam e64402cb3b SECURITY: correct edge case when SSO provides unvalidated emails 2018-09-11 08:24:02 +10:00
Sam e6970151a6 FEATURE: allow specifying locale via SSO
Use:

locale
locale_force_update

To force user locale on users where SiteSetting.allow_user_locale is enabled

Note: If an invalid locale is specified no action will occur
2018-08-30 09:58:03 +10:00
David Lee 4644d777bd FEATURE: add website field to SSO 2018-06-25 16:09:39 +10:00
Régis Hanol 2cf6fb7359 FIX: always unstage users when they log in 2018-05-13 17:00:02 +02:00
Misaka 0x4e21 ff6be3c2e3 FEATURE: add profile_background fields into SSO (#5701)
Add profile_background and card_background fields into Discourse SSO.
2018-05-07 10:03:26 +02:00
Guo Xiang Tan 6e46f81123 Add a distributed mutex around user creation via SSO.
* When two SSO requests containing the same email in the payload are
  sent at the same time, it would sometimes result in two users
  being created but one without an email record. Investigations
  points to ActiveRecord not generating the right statements but
  we have no figured out the reproduction steps yet. We should review
  this after upgrading to Rails 5.2.
2018-04-12 16:18:49 +08:00
Sam fe37ce165d correct issue where groups was never being blanked 2018-04-10 15:30:18 +10:00
Sam afaeb20f27 FEATURE: Add option to have sso synchronize group membership
In some cases add_groups and remove_groups is too much work, some sites
may wish to simply synchronize group membership based on a list.

When sso_overrides_groups is on all not automatic group membership is
sourced from SSO. Note if you omit to specify groups, they will be cleared
out.
2018-04-10 13:17:23 +10:00
Guo Xiang Tan d0e7898fa0 Build `primary_email` association directly in `DiscourseSingleSignOn`. 2018-03-20 19:36:35 +08:00
Michael Brown 1b5549df58 FIX: my sso_overrides_username assumed username was passed 2018-03-13 18:29:11 -04:00
Michael Brown 3c3d205180 FIX: sso_overrides_username may inappropriately change the username if the case changed 2018-03-09 16:06:55 -05:00
Guo Xiang Tan 6b59a2827d Add more information to SSO user creation logging. 2018-03-02 18:27:15 +08:00
Guo Xiang Tan bbb30bedf3 Improve output of SSO verbose logging. 2018-02-22 11:26:13 +08:00
Arpit Jalan b21d5d3633 FIX: SSO email match should be case insensitive 2017-11-08 20:37:41 +05:30
Guo Xiang Tan 9355f92f78 Add more verbose SSO logging. 2017-11-07 19:38:36 +08:00
Guo Xiang Tan 95c891cf11 Raise error if sso record fails to create. 2017-11-07 18:38:38 +08:00
Neil Lalonde 9813f9f0f8 FIX: more cases of case sensitive group membership in sso 2017-08-11 18:09:29 -04:00
Neil Lalonde 3de45ce0cd FIX: use case insensitive group name search when applying group rules from SSO 2017-08-02 11:30:37 -04:00
Guo Xiang Tan 5012d46cbd Add rubocop to our build. (#5004) 2017-07-28 10:20:09 +09:00
Régis Hanol d6c63cc5b2 FIX: user's default group should only be set once
Setting a user's default groups based on their email address should only be done once, ie. when they confirm their email address.
Previously we were doing this everytime we'd save a user record 🤷
2017-06-14 19:20:18 +02:00
Sam 763f156d91 FIX: require re-activation if SSO changes email and updates it 2017-05-16 16:18:18 -04:00
Viet Hoang 40164ccd4a Add user title to SSO payload 2017-01-31 16:42:27 -08:00
Arpit Jalan 0791c2c966 FIX: sso_overrides_avatar should override previously set avatar 2017-01-19 10:52:24 +05:30
Sam 3d76ce1421 FEATURE: SSO support for adding and removing a user to groups
Use: add_groups with a comma delimited list to ensure a user is in groups (using group names)

Use: remove_groups with a comma delimited list to ensure a user is removed from groups (using group names)
2016-11-11 16:57:31 +11:00
Régis Hanol 750338954c FIX: download SSO avatars in a background job to prevent hangs when avatars are huge 2016-10-24 19:55:30 +02:00
Sam 33578a2c17 FIX: always import avatars during SSO if they are missing 2016-09-16 09:45:00 +10:00
Sam 0a39ba43ed FIX: always respect avatar_force_update 2016-09-02 12:04:22 +10:00
Erick Guan 0217973374
FIX: Importing user avatar when new user login by SSO 2016-08-29 20:47:19 +08:00
Sam 9018de39ed FEATURE: allow shipping bio markdown via SSO
- Also adds site setting for sso_overrides_bio to disable bio editing by end users
2016-08-01 15:29:28 +10:00
Régis Hanol 874c18cbc1 FIX: unstage users when using SSO 2016-06-21 11:28:58 +02:00
Sam b04ab83f12 FIX: refresh automatic group if SSO specifies admin/mod 2016-05-17 17:31:34 +10:00
Sam 19ca08857f FEATURE: verbose SSO logging
By enabling the site setting verbose_sso_logging
you can log information every time a user tries initiates SSO
and during SSO failures
2016-04-08 11:20:01 +10:00
Régis Hanol 97c7b894ce better logs when an error happens in SSO 2016-02-24 21:57:01 +01:00
Guo Xiang Tan 3142eb76dc Revert "FIX: find_by_attribute method in Rails 4.5 is case insensitive."
This reverts commit 2af587005b.
2016-02-22 15:55:48 +08:00
Guo Xiang Tan 2af587005b FIX: find_by_attribute method in Rails 4.5 is case insensitive.
* https://github.com/rails/rails/pull/23690
2016-02-15 23:05:16 +08:00