Discourse/discourse
Discourse/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-09-07 12:02:53 +08:00
Code Packages Activity Actions 5

FIX: Better error when SSO fails due to blank secret (#7946)

Browse source 
* FIX: Better error when SSO fails due to blank secret

* Update spec/requests/session_controller_spec.rb

Co-Authored-By: Robin Ward <robin.ward@gmail.com>
This commit is contained in:
Osama Sayegh 2019-07-26 17:37:23 +03:00 committed by GitHub
parent fe7f0982af
commit 525920a979
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 23 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

7
app/controllers/session_controller.rb
View file

@ -49,7 +49,12 @@ class SessionController < ApplicationController
payload ||= request.query_string
if SiteSetting.enable_sso_provider
sso = SingleSignOnProvider.parse(payload)
begin
sso = SingleSignOnProvider.parse(payload)
rescue SingleSignOnProvider::BlankSecret
render plain: I18n.t("sso.missing_secret"), status: 400
return
end
if sso.return_sso_url.blank?
render plain: "return_sso_url is blank, it must be provided", status: 400