IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 18:55:32 -06:00
Code Issues Packages Projects Releases Wiki Activity

FIX: SSO provider secrets - check wildcard domains last, toggle secrets visibility

Browse Source
This commit is contained in:
Maja Komel 2018-10-15 12:57:45 +02:00
parent f6eff38c0e
commit c104256991
5 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/assets/javascripts/admin/templates/components/secret-value-list.hbs
View File

@ -7,7 +7,7 @@
icon="times" icon="times"
class="remove-value-btn btn-small"}} class="remove-value-btn btn-small"}}
{{input value=value.key class="value-input" focus-out=(action "changeKey" index)}} {{input value=value.key class="value-input" focus-out=(action "changeKey" index)}}
{{input value=value.secret class="value-input" focus-out=(action "changeSecret" index) type="password"}} {{input value=value.secret class="value-input" focus-out=(action "changeSecret" index) type=(if isSecret "password" "text")}}
</div> </div>
{{/each}} {{/each}}
</div> </div>

2
app/assets/javascripts/admin/templates/components/site-settings/secret-list.hbs
View File

@ -1,3 +1,3 @@
{{secret-value-list setting=setting values=value}} {{secret-value-list setting=setting values=value isSecret=isSecret}}
{{setting-validation-message message=validationMessage}} {{setting-validation-message message=validationMessage}}
<div class='desc'>{{{unbound setting.description}}}</div> <div class='desc'>{{{unbound setting.description}}}</div>

1
config/site_settings.yml
View File

@ -345,6 +345,7 @@ login:
default: '' default: ''
type: list type: list
list_type: secret list_type: secret
secret: true
placeholder: placeholder:
key: "sso_provider.key_placeholder" key: "sso_provider.key_placeholder"
value: "sso_provider.value_placeholder" value: "sso_provider.value_placeholder"

4
lib/single_sign_on.rb
View File

@ -92,8 +92,10 @@ class SingleSignOn
provider_secrets = SiteSetting.sso_provider_secrets.split(/[\|,\n]/) provider_secrets = SiteSetting.sso_provider_secrets.split(/[\|,\n]/)
provider_secrets_hash = Hash[*provider_secrets] provider_secrets_hash = Hash[*provider_secrets]
return_url_host = URI.parse(return_sso_url).host return_url_host = URI.parse(return_sso_url).host
# moves wildcard domains to the end of hash
sorted_secrets = provider_secrets_hash.sort_by { |k, _| k }.reverse.to_h
secret = provider_secrets_hash.select do |domain, _| secret = sorted_secrets.select do |domain, _|
WildcardDomainChecker.check_domain(domain, return_url_host) WildcardDomainChecker.check_domain(domain, return_url_host)
end end
secret.present? ? secret.values.first : nil secret.present? ? secret.values.first : nil

2
spec/requests/session_controller_spec.rb
View File

@ -589,7 +589,7 @@ RSpec.describe SessionController do
SiteSetting.enable_sso_provider = true SiteSetting.enable_sso_provider = true
SiteSetting.enable_sso = false SiteSetting.enable_sso = false
SiteSetting.enable_local_logins = true SiteSetting.enable_local_logins = true
SiteSetting.sso_provider_secrets = "www.random.site|secretForRandomSite\nsomewhere.over.rainbow|secretForOverRainbow" SiteSetting.sso_provider_secrets = "*|secretforAll\n*.rainbow|wrongSecretForOverRainbow\nwww.random.site|secretForRandomSite\nsomewhere.over.rainbow|secretForOverRainbow"
@sso = SingleSignOn.new @sso = SingleSignOn.new
@sso.nonce = "mynonce" @sso.nonce = "mynonce"