github-mirror/discourse
github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-03-21 19:35:42 +08:00
Code Issues Actions1 Packages Projects Releases Wiki Activity

FIX: If the admin sso sync has no external ID, don't throw an error

Browse Source 
Instead, return a HTTP error code and a message explaining the problem,
to avoid log pollution.
This commit is contained in:
Robin Ward 2020-01-08 11:47:01 -05:00
parent 4d5b142f1d
commit e616b92511
3 changed files with 13 additions and 0 deletions
app/controllers/admin
users_controller.rb
config/locales
server.en.yml
spec/requests/admin
users_controller_spec.rb

2
app/controllers/admin/users_controller.rb

@ -423,6 +423,8 @@ class Admin::UsersController < Admin::AdminController
render_serialized(user, AdminDetailedUserSerializer, root: false)
rescue ActiveRecord::RecordInvalid => ex
render json: failed_json.merge(message: ex.message), status: 403
rescue DiscourseSingleSignOn::BlankExternalId => ex
render json: failed_json.merge(message: I18n.t('sso.blank_id_error')), status: 422
end
end

1
config/locales/server.en.yml

@ -2231,6 +2231,7 @@ en:
unknown_error: "There is a problem with your account. Please contact the site's administrator."
timeout_expired: "Account login timed out, please try logging in again."
no_email: "No email address was provided. Please contact the site's administrator."
blank_id_error: "The `external_id` is required but was blank"
email_error: "An account could not be registered with the email address <b>%{email}</b>. Please contact the site's administrator."
missing_secret: "SSO authentication failed due to missing secret. Contact the site administrators to fix this problem."

10
spec/requests/admin/users_controller_spec.rb

@ -872,6 +872,16 @@ RSpec.describe Admin::UsersController do
expect(JSON.parse(response.body)["message"]).to include(I18n.t('sso.login_error'))
expect(JSON.parse(response.body)["message"]).not_to include(correct_payload["sig"])
end
it "returns 404 if the external id does not exist" do
sso.name = "Dr. Claw"
sso.username = "dr_claw"
sso.email = "dr@claw.com"
sso.external_id = ""
post "/admin/users/sync_sso.json", params: Rack::Utils.parse_query(sso.payload)
expect(response.status).to eq(422)
expect(JSON.parse(response.body)["message"]).to include(I18n.t('sso.blank_id_error'))
end
end
describe '#disable_second_factor' do