discourse/app/controllers
Matt Marjanović ad2aa7b52c
FEATURE: Add logout functionality to SSO Provider protocol (#8816)
This commit adds support for an optional "logout" parameter in the
payload of the /session/sso_provider endpoint.  If an SSO Consumer
adds a "logout=true" parameter to the encoded/signed "sso" payload,
then Discourse will treat the request as a logout request instead
of an authentication request.  The logout flow works something like
this:

 * User requests logout at SSO-Consumer site (e.g., clicks "Log me out!"
   on web browser).
 * SSO-Consumer site does whatever it does to destroy User's session on
   the SSO-Consumer site.
 * SSO-Consumer then redirects browser to the Discourse sso_provider
   endpoint, with a signed request bearing "logout=true" in addition
   to the usual nonce and the "return_sso_url".
 * Discourse destroys User's discourse session and redirects browser back
   to the "return_sso_url".
 * SSO-Consumer site does whatever it does --- notably, it cannot request
   SSO credentials from Discourse without the User being prompted to login
   again.
2020-02-03 12:53:14 -05:00
..
admin FEATURE: Replace existing badge owners when using the bulk award feature (#8770) 2020-01-23 14:14:58 -03:00
users SECURITY: 2FA with U2F / TOTP 2020-01-15 11:27:12 +01:00
about_controller.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
application_controller.rb FIX: add 'noindex' header to rss feed responses. 2020-01-24 09:30:27 +05:30
badges_controller.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
bookmarks_controller.rb Improving bookmarks part 1 (#8466) 2019-12-11 14:04:02 +10:00
categories_controller.rb UX: Introduce automatic 'categories topics' setting (#8804) 2020-01-29 20:30:48 +02:00
category_hashtags_controller.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
clicks_controller.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
composer_controller.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
composer_messages_controller.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
csp_reports_controller.rb
directory_items_controller.rb DEV: pluck_first 2019-10-21 12:08:20 +01:00
draft_controller.rb FIX: under some conditions draft would say it was saving when not 2019-10-31 17:15:58 +11:00
drafts_controller.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
email_controller.rb DEV: Implement a faster Discourse.cache 2019-11-27 16:11:49 +11:00
embed_controller.rb FEATURE: Create New Topic button on embed with params (#8280) 2019-11-01 14:19:10 -05:00
exceptions_controller.rb FEATURE: Add site setting to show more detailed 404 errors. (#8014) 2019-10-08 14:15:08 +03:00
export_csv_controller.rb fix the build. 2019-12-24 15:56:44 +05:30
extra_locales_controller.rb FIX: Better error handling for invalid locale bundle versions 2019-11-11 22:30:32 +01:00
finish_installation_controller.rb DEV: update rubocop to version 0.77 2019-12-10 11:48:39 +11:00
forums_controller.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
groups_controller.rb FIX: groups pagination was broken 2020-01-16 23:57:34 +01:00
highlight_js_controller.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
inline_onebox_controller.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
invites_controller.rb FEATURE: Add timezone to core user_options (#8380) 2019-11-25 10:49:27 +10:00
list_controller.rb FIX: Replace deprecated URI.encode, URI.escape, URI.unescape and URI.unencode (#8528) 2019-12-12 12:49:21 +10:00
metadata_controller.rb DEV: correct a few Ruby 2.7 deprecations 2019-11-28 13:13:29 +11:00
notifications_controller.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
offline_controller.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
onebox_controller.rb FIX: Cache failed onebox URL request server-side (#8421) 2019-11-28 07:48:29 +10:00
permalinks_controller.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
post_action_users_controller.rb UX: pluralize "likes/read this" 2019-12-13 22:18:28 +01:00
post_actions_controller.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
post_readers_controller.rb DEV: '= true' is not necessary 2019-12-03 11:32:45 -03:00
posts_controller.rb Get rid of no longer needed target_usernames warning log 2020-01-30 12:30:11 +10:00
push_notification_controller.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
qunit_controller.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
reviewable_claimed_topics_controller.rb FIX: Don't log a claimed topic database error during tests 2020-01-09 12:32:05 -05:00
reviewables_controller.rb DEV: update rubocop to version 0.77 2019-12-10 11:48:39 +11:00
robots_txt_controller.rb FEATURE: Allow customization of robots.txt (#7884) 2019-07-15 20:47:44 +03:00
safe_mode_controller.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
search_controller.rb FEATURE: Allow scoping search to tag (#8345) 2019-11-14 10:40:26 +10:00
session_controller.rb FEATURE: Add logout functionality to SSO Provider protocol (#8816) 2020-02-03 12:53:14 -05:00
similar_topics_controller.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
site_controller.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
static_controller.rb FEATURE: add short site description on login page title 2019-10-14 11:40:09 +05:30
steps_controller.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
stylesheets_controller.rb DEV: pluck_first 2019-10-21 12:08:20 +01:00
svg_sprite_controller.rb FEATURE: support custom icons in themes (#7155) 2019-03-15 17:16:15 +11:00
tag_groups_controller.rb DEV: Tag group improvements (#8252) 2019-10-30 16:57:13 +01:00
tags_controller.rb FIX: Use new tag routes (#8683) 2020-01-21 19:23:08 +02:00
theme_javascripts_controller.rb DEV: pluck_first 2019-10-21 12:08:20 +01:00
themes_controller.rb Fix string literal when switching theme in dev env 2019-05-13 10:25:51 -04:00
topics_controller.rb FIX: better error message when topic deletion fails 2020-01-15 19:30:06 +05:30
uploads_controller.rb FEATURE: Secure media allowing duplicated uploads with category-level privacy and post-based access rules (#8664) 2020-01-16 13:50:27 +10:00
user_actions_controller.rb FEATURE: Quick access panels in user menu (#8073) 2019-09-09 11:03:57 -04:00
user_api_keys_controller.rb SECURITY: Correct permission check when revoking user API keys 2019-12-17 10:56:16 +00:00
user_avatars_controller.rb FIX: Return blank avatar when downloading an avatar is not possible due to file size 2019-10-22 12:05:36 -03:00
user_badges_controller.rb DEV: pluck_first 2019-10-21 12:08:20 +01:00
users_controller.rb FIX: Check parameter types 2020-02-03 12:36:08 +02:00
users_email_controller.rb SECURITY: 2FA with U2F / TOTP 2020-01-15 11:27:12 +01:00
webhooks_controller.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
wizard_controller.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00