FEATURE: single sign on support

Added support for outsourcing auth to a different website, documentation on meta
2025-09-06 10:50:21 +08:00 · 2014-02-25 14:30:49 +11:00 · 2014-02-25 14:30:49 +11:00 · 6f31d3f0e5
commit 6f31d3f0e5
parent 46d1c8c1e0
13 changed files with 357 additions and 2 deletions
--- a/spec/controllers/session_controller_spec.rb
+++ b/spec/controllers/session_controller_spec.rb
@ -2,6 +2,89 @@ require 'spec_helper'

 describe SessionController do

+  describe '.sso_login' do
+
+    before do
+      @sso_url = "http://somesite.com/discourse_sso"
+      @sso_secret = "shjkfdhsfkjh"
+
+      SiteSetting.stubs("enable_sso").returns(true)
+      SiteSetting.stubs("sso_url").returns(@sso_url)
+      SiteSetting.stubs("sso_secret").returns(@sso_secret)
+    end
+
+    def get_sso
+      nonce = SecureRandom.hex
+      dso = DiscourseSingleSignOn.new
+      dso.nonce = nonce
+      dso.register_nonce
+
+      sso = SingleSignOn.new
+      sso.nonce = nonce
+      sso.sso_secret = @sso_secret
+      sso
+    end
+
+    it 'can take over an account' do
+      sso = get_sso
+      user = Fabricate(:user)
+      sso.email = user.email
+      sso.external_id = "abc"
+
+      get :sso_login, Rack::Utils.parse_query(sso.payload)
+
+      response.should redirect_to('/')
+      logged_on_user = Discourse.current_user_provider.new(request.env).current_user
+      logged_on_user.email.should == user.email
+
+      logged_on_user.single_sign_on_record.external_id.should == "abc"
+    end
+
+    it 'allows you to create an account' do
+      sso = get_sso
+      sso.external_id = '666' # the number of the beast
+      sso.email = 'bob@bob.com'
+      sso.name = 'Sam Saffron'
+      sso.username = 'sam'
+
+      get :sso_login, Rack::Utils.parse_query(sso.payload)
+      response.should redirect_to('/')
+
+      logged_on_user = Discourse.current_user_provider.new(request.env).current_user
+
+      logged_on_user.email.should == 'bob@bob.com'
+      logged_on_user.name.should == 'Sam Saffron'
+      logged_on_user.username.should == 'sam'
+
+      logged_on_user.single_sign_on_record.external_id.should == "666"
+    end
+
+    it 'allows login to existing account with valid nonce' do
+
+      sso = get_sso
+      sso.external_id = '997'
+      sso.return_url = '/hello/world'
+
+      user = Fabricate(:user)
+      user.create_single_sign_on_record(external_id: '997', last_payload: '')
+
+      get :sso_login, Rack::Utils.parse_query(sso.payload)
+
+      user.single_sign_on_record.reload
+      user.single_sign_on_record.last_payload.should == sso.unsigned_payload
+
+      response.should redirect_to('/hello/world')
+      logged_on_user = Discourse.current_user_provider.new(request.env).current_user
+
+      user.id.should == logged_on_user.id
+
+      # nonce is bad now
+      get :sso_login, Rack::Utils.parse_query(sso.payload)
+      response.code.should == '500'
+
+    end
+  end
+
  describe '.create' do

    let(:user) { Fabricate(:user) }