github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-26 18:30:54 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
198c960b52
discourse/app/controllers/users/omniauth_callbacks_controller.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

184 lines
6.0 KiB
Ruby
Raw Normal View History

move all logic to omniauth implement omniauth-facebook / omniauth-twitter
2013-02-12 21:47:22 +08:00
# -*- encoding : utf-8 -*-
DEV: enable frozen string literal on all files This reduces chances of errors where consumers of strings mutate inputs and reduces memory usage of the app. Test suite passes now, but there may be some stuff left, so we will run a few sites on a branch prior to merging
2019-05-03 06:17:27 +08:00
# frozen_string_literal: true
move all logic to omniauth implement omniauth-facebook / omniauth-twitter
2013-02-12 21:47:22 +08:00
class Users::OmniauthCallbacksController < ApplicationController
major refactor of auth, break up the gigantic omniauth controller into sub classes for way better extensibitily
2013-08-23 14:20:43 +08:00
Fix all the errors to get our tests green on Rails 5.1.
2017-08-31 12:06:56 +08:00
skip_before_action :redirect_to_login_if_required
move all logic to omniauth implement omniauth-facebook / omniauth-twitter
2013-02-12 21:47:22 +08:00
UX: Use `no_ember` styling for omniauth error page
2017-11-16 03:04:26 +08:00
layout 'no_ember'
move all logic to omniauth implement omniauth-facebook / omniauth-twitter
2013-02-12 21:47:22 +08:00
# need to be able to call this
Fix all the errors to get our tests green on Rails 5.1.
2017-08-31 12:06:56 +08:00
skip_before_action :check_xhr
move all logic to omniauth implement omniauth-facebook / omniauth-twitter
2013-02-12 21:47:22 +08:00
SECURITY: correct our CSRF implementation to be much more aggressive
2013-07-29 13:13:13 +08:00
# this is the only spot where we allow CSRF, our openid / oauth redirect
# will not have a CSRF token, however the payload is all validated so its safe
Fix all the errors to get our tests green on Rails 5.1.
2017-08-31 12:06:56 +08:00
skip_before_action :verify_authenticity_token, only: :complete
move all logic to omniauth implement omniauth-facebook / omniauth-twitter
2013-02-12 21:47:22 +08:00
SECURITY: Require POST with CSRF token for OmniAuth request phase
2019-08-08 18:57:28 +08:00
def confirm_request
self.class.find_authenticator(params[:provider])
UX: Hide login/signup header buttons during authentication flows
2019-08-08 20:57:18 +08:00
render locals: { hide_auth_buttons: true }
SECURITY: Require POST with CSRF token for OmniAuth request phase
2019-08-08 18:57:28 +08:00
end
move all logic to omniauth implement omniauth-facebook / omniauth-twitter
2013-02-12 21:47:22 +08:00
def complete
major refactor of auth, break up the gigantic omniauth controller into sub classes for way better extensibitily
2013-08-23 14:20:43 +08:00
auth = request.env["omniauth.auth"]
FIX: Return a 404 if the auth session is not present
2017-05-05 03:35:03 +08:00
raise Discourse::NotFound unless request.env["omniauth.auth"]
add session to auth hash in oauth complete method
2013-11-20 01:58:12 +08:00
auth[:session] = session
working plugin interface for custom openid auth, custom css and custom js
2013-08-01 13:59:57 +08:00
major refactor of auth, break up the gigantic omniauth controller into sub classes for way better extensibitily
2013-08-23 14:20:43 +08:00
authenticator = self.class.find_authenticator(params[:provider])
Check when logging in whether a auth provider is enabled, including specs
2013-03-05 02:44:41 +08:00
FEATURE: Allow connecting associated accounts when two-factor is enabled (#6754) Previously the 'reconnect' process was a bit magic - IF you were already logged into discourse, and followed the auth flow, your account would be reconnected and you would be 'logged in again'. Now, we explicitly check for a reconnect=true parameter when the flow is started, store it in the session, and then only follow the reconnect logic if that variable is present. Setting this parameter also skips the 'logged in again' step, which means reconnect now works with 2fa enabled.
2018-12-11 21:19:00 +08:00
if session.delete(:auth_reconnect) && authenticator.can_connect_existing_user? && current_user
SECURITY: Add confirmation screen when connecting associated accounts
2019-07-17 19:34:02 +08:00
# Save to redis, with a secret token, then redirect to confirmation screen
token = SecureRandom.hex
DEV: s/\$redis/Discourse\.redis (#8431) This commit also adds a rubocop rule to prevent global variables.
2019-12-03 17:05:53 +08:00
Discourse.redis.setex "#{Users::AssociateAccountsController::REDIS_PREFIX}_#{current_user.id}_#{token}", 10.minutes, auth.to_json
Replace `base_uri` with `base_path` (#10879) DEV: Replace instances of Discourse.base_uri with Discourse.base_path This is clearer because the base_uri is actually just a path prefix. This continues the work started in 555f467.
2020-10-09 19:51:24 +08:00
return redirect_to "#{Discourse.base_path}/associate/#{token}"
FEATURE: List, revoke and reconnect associated accounts. Phase 1 (#6099) Listing connections is supported for all built-in auth providers. Revoke and reconnect is currently only implemented for Facebook.
2018-07-23 23:51:57 +08:00
else
DEV: Introduce `:before_auth` DiscourseEvent (#11233) This is useful for plugins to manipulate the auth hash from OmniAuth before it is read by the Authenticator class
2020-11-13 22:41:54 +08:00
DiscourseEvent.trigger(:before_auth, authenticator, auth)
FEATURE: List, revoke and reconnect associated accounts. Phase 1 (#6099) Listing connections is supported for all built-in auth providers. Revoke and reconnect is currently only implemented for Facebook.
2018-07-23 23:51:57 +08:00
@auth_result = authenticator.after_authenticate(auth)
FIX: Handle staged users as unregistered users for external auth (#12567) For 'local logins', the UX for staged users is designed to be identical to unregistered users. However, staged users logging in via external auth were being automatically unstaged, and skipping the registration/invite flow. In the past this made sense because the registration/invite flows didn't work perfectly with external auth. Now, both registration and invites work well with external auth, so it's best to leave the 'unstage' logic to those endpoints. This problem was particularly noticeable when using the 'bulk invite' feature to invite users with pre-configured User Fields. In that situation, staged user accounts are used to preserve the user field data.
2021-03-31 20:40:58 +08:00
@auth_result.user = nil if @auth_result&.user&.staged # Treat staged users the same as unregistered users
FIX: Ensure :after_auth event is triggered. (#7791)
2019-06-22 02:57:49 +08:00
DiscourseEvent.trigger(:after_auth, authenticator, @auth_result)
FEATURE: List, revoke and reconnect associated accounts. Phase 1 (#6099) Listing connections is supported for all built-in auth providers. Revoke and reconnect is currently only implemented for Facebook.
2018-07-23 23:51:57 +08:00
end
working plugin interface for custom openid auth, custom css and custom js
2013-08-01 13:59:57 +08:00
FIX: Make serverside and clientside omniauth origin redirects consistent Previously external domains were allowed in the client-side redirects, but not the server-side redirects. Now the behavior is to only allow local origins.
2019-05-15 16:55:31 +08:00
preferred_origin = request.env['omniauth.origin']
FIX: redirect to original URL after social login
2018-01-27 01:52:27 +08:00
FIX: Redirect to provided origin after auth (#12558) It used to redirect to the destination_url cookie which sometimes is set incorrectly.
2021-03-31 17:23:12 +08:00
if session[:destination_url].present?
preferred_origin = session[:destination_url]
session.delete(:destination_url)
elsif SiteSetting.enable_discourse_connect_provider && payload = cookies.delete(:sso_payload)
FIX: Make serverside and clientside omniauth origin redirects consistent Previously external domains were allowed in the client-side redirects, but not the server-side redirects. Now the behavior is to only allow local origins.
2019-05-15 16:55:31 +08:00
preferred_origin = session_sso_provider_url + "?" + payload
FIX: redirect users to SSO client URL after social login
2018-10-05 02:31:08 +08:00
elsif cookies[:destination_url].present?
FIX: Make serverside and clientside omniauth origin redirects consistent Previously external domains were allowed in the client-side redirects, but not the server-side redirects. Now the behavior is to only allow local origins.
2019-05-15 16:55:31 +08:00
preferred_origin = cookies[:destination_url]
FIX: redirects back to origin for SSO and omniauth login
2016-09-16 11:48:50 +08:00
cookies.delete(:destination_url)
end
FIX: Make serverside and clientside omniauth origin redirects consistent Previously external domains were allowed in the client-side redirects, but not the server-side redirects. Now the behavior is to only allow local origins.
2019-05-15 16:55:31 +08:00
if preferred_origin.present?
Remove use of `rescue nil`. * `rescue nil` is a really bad pattern to use in our code base. We should rescue errors that we expect the code to throw and not rescue everything because we're unsure of what errors the code would throw. This would reduce the amount of pain we face when debugging why something isn't working as expexted. I've been bitten countless of times by errors being swallowed as a result during debugging sessions.
2018-03-28 16:20:08 +08:00
parsed = begin
FIX: Make serverside and clientside omniauth origin redirects consistent Previously external domains were allowed in the client-side redirects, but not the server-side redirects. Now the behavior is to only allow local origins.
2019-05-15 16:55:31 +08:00
URI.parse(preferred_origin)
FIX: store the topic links using the cooked upload url
2018-08-14 18:23:32 +08:00
rescue URI::Error
Remove use of `rescue nil`. * `rescue nil` is a really bad pattern to use in our code base. We should rescue errors that we expect the code to throw and not rescue everything because we're unsure of what errors the code would throw. This would reduce the amount of pain we face when debugging why something isn't working as expexted. I've been bitten countless of times by errors being swallowed as a result during debugging sessions.
2018-03-28 16:20:08 +08:00
end
DEV: Make it easier to customize omniauth login complete handler in plugins (#11403) It also removes the unused `provider` variable and stops Discourse from redirecting to /login after a login.
2020-12-04 05:27:55 +08:00
if valid_origin?(parsed)
DEV: enable frozen string literal on all files This reduces chances of errors where consumers of strings mutate inputs and reduces memory usage of the app. Test suite passes now, but there may be some stuff left, so we will run a few sites on a branch prior to merging
2019-05-03 06:17:27 +08:00
@origin = +"#{parsed.path}"
FIX: don't redirect incorrectly after full screen login (#7170) Fixes two issues: 1. Redirecting to an external origin's path after login did not work 2. User would be erroneously redirected to the external origin after logout https://meta.discourse.org/t/109755
2019-03-19 20:39:13 +08:00
@origin << "?#{parsed.query}" if parsed.query
FEATURE: allow auto provider to specify "full screen login" this feature means we attempt to log in without opening a frame.
2015-10-13 09:23:34 +08:00
end
end
FIX: redirect to original URL after social login
2018-01-27 01:52:27 +08:00
if @origin.blank?
Replace `base_uri` with `base_path` (#10879) DEV: Replace instances of Discourse.base_uri with Discourse.base_path This is clearer because the base_uri is actually just a path prefix. This continues the work started in 555f467.
2020-10-09 19:51:24 +08:00
@origin = Discourse.base_path("/")
FEATURE: allow auto provider to specify "full screen login" this feature means we attempt to log in without opening a frame.
2015-10-13 09:23:34 +08:00
end
FIX: Make serverside and clientside omniauth origin redirects consistent Previously external domains were allowed in the client-side redirects, but not the server-side redirects. Now the behavior is to only allow local origins.
2019-05-15 16:55:31 +08:00
@auth_result.destination_url = @origin
FIX: Improve email validation error handling for external logins (#11307) - Display reason for validation error when logging in via an authenticator - Fix email validation handling for 'Discourse SSO', and add a spec Previously, validation errors (e.g. blocked or already-taken emails) would raise a generic error with no useful information.
2020-11-23 19:06:08 +08:00
@auth_result.authenticator_name = authenticator.name
FIX: don't redirect incorrectly after full screen login (#7170) Fixes two issues: 1. Redirecting to an external origin's path after login did not work 2. User would be erroneously redirected to the external origin after logout https://meta.discourse.org/t/109755
2019-03-19 20:39:13 +08:00
FIX: Improve email validation error handling for external logins (#11307) - Display reason for validation error when logging in via an authenticator - Fix email validation handling for 'Discourse SSO', and add a spec Previously, validation errors (e.g. blocked or already-taken emails) would raise a generic error with no useful information.
2020-11-23 19:06:08 +08:00
return render_auth_result_failure if @auth_result.failed?
complete_response_data
return render_auth_result_failure if @auth_result.failed?
cookies['_bypass_cache'] = true
cookies[:authentication_data] = {
value: @auth_result.to_client_hash.to_json,
path: Discourse.base_path("/")
}
redirect_to @origin
move all logic to omniauth implement omniauth-facebook / omniauth-twitter
2013-02-12 21:47:22 +08:00
end
DEV: Make it easier to customize omniauth login complete handler in plugins (#11403) It also removes the unused `provider` variable and stops Discourse from redirecting to /login after a login.
2020-12-04 05:27:55 +08:00
def valid_origin?(uri)
return false if uri.nil?
return false if uri.host.present? && uri.host != Discourse.current_hostname
return false if uri.path.start_with?("#{Discourse.base_path}/auth/")
return false if uri.path.start_with?("#{Discourse.base_path}/login")
true
end
This commit adds a callback route to handle omniauth failure and removes a few unneccessary entries in en.yml
2013-02-15 03:11:13 +08:00
def failure
UX: Improve error handling for common OmniAuth exceptions (#7991) This displays more useful messages for the most common issues we see: - CSRF (when the user switches browser) - Invalid IAT (when the server clock is wrong) - OAuth::Unauthorized for OAuth1 providers, when the credentials are incorrect This commit also stops earlier for disabled authenticators. Now we stop at the request phase, rather than the callback phase.
2019-08-12 17:55:02 +08:00
error_key = params[:message].to_s.gsub(/[^\w-]/, "") || "generic"
flash[:error] = I18n.t("login.omniauth_error.#{error_key}", default: I18n.t("login.omniauth_error.generic"))
UX: Use `no_ember` styling for omniauth error page
2017-11-16 03:04:26 +08:00
render 'failure'
This commit adds a callback route to handle omniauth failure and removes a few unneccessary entries in en.yml
2013-02-15 03:11:13 +08:00
end
major refactor of auth, break up the gigantic omniauth controller into sub classes for way better extensibitily
2013-08-23 14:20:43 +08:00
def self.find_authenticator(name)
FEATURE: List, revoke and reconnect associated accounts. Phase 1 (#6099) Listing connections is supported for all built-in auth providers. Revoke and reconnect is currently only implemented for Facebook.
2018-07-23 23:51:57 +08:00
Discourse.enabled_authenticators.each do |authenticator|
return authenticator if authenticator.name == name
Authenticate with Discourse via OAuth2 See https://github.com/michaelkirk/discourse_oauth2_example for an example of how you might integrate your existing oauth2 provider's authentication via a Discourse plugin.
2013-08-18 12:43:59 +08:00
end
FEATURE: List, revoke and reconnect associated accounts. Phase 1 (#6099) Listing connections is supported for all built-in auth providers. Revoke and reconnect is currently only implemented for Facebook.
2018-07-23 23:51:57 +08:00
raise Discourse::InvalidAccess.new(I18n.t('authenticator_not_found'))
move all logic to omniauth implement omniauth-facebook / omniauth-twitter
2013-02-12 21:47:22 +08:00
end
major refactor of auth, break up the gigantic omniauth controller into sub classes for way better extensibitily
2013-08-23 14:20:43 +08:00
protected
Added Github authentication option, disabled by default with enable options in settings.
2013-02-26 12:28:32 +08:00
FIX: Improve email validation error handling for external logins (#11307) - Display reason for validation error when logging in via an authenticator - Fix email validation handling for 'Discourse SSO', and add a spec Previously, validation errors (e.g. blocked or already-taken emails) would raise a generic error with no useful information.
2020-11-23 19:06:08 +08:00
def render_auth_result_failure
flash[:error] = @auth_result.failed_reason.html_safe
render 'failure'
end
Refactor omniauth_callbacks_controller for extensibility
2014-10-01 00:24:22 +08:00
def complete_response_data
Better support for passing up errors when OmniAuth fails after auth
2015-06-25 00:12:43 +08:00
if @auth_result.user
user_found(@auth_result.user)
DEV: Make it easier to customize omniauth login complete handler in plugins (#11403) It also removes the unused `provider` variable and stops Discourse from redirecting to /login after a login.
2020-12-04 05:27:55 +08:00
elsif invite_required?
Better support for passing up errors when OmniAuth fails after auth
2015-06-25 00:12:43 +08:00
@auth_result.requires_invite = true
Refactor omniauth_callbacks_controller for extensibility
2014-10-01 00:24:22 +08:00
else
Better support for passing up errors when OmniAuth fails after auth
2015-06-25 00:12:43 +08:00
session[:authentication] = @auth_result.session_data
Refactor omniauth_callbacks_controller for extensibility
2014-10-01 00:24:22 +08:00
end
end
DEV: Make it easier to customize omniauth login complete handler in plugins (#11403) It also removes the unused `provider` variable and stops Discourse from redirecting to /login after a login.
2020-12-04 05:27:55 +08:00
def invite_required?
FEATURE: Allow invites redemption with Omniauth providers.
2021-03-02 15:13:04 +08:00
if SiteSetting.invite_only?
path = Discourse.route_for(@origin)
return true unless path
return true if path[:controller] != "invites" && path[:action] != "show"
!Invite.exists?(invite_key: path[:id])
end
DEV: Make it easier to customize omniauth login complete handler in plugins (#11403) It also removes the unused `provider` variable and stops Discourse from redirecting to /login after a login.
2020-12-04 05:27:55 +08:00
end
major refactor of auth, break up the gigantic omniauth controller into sub classes for way better extensibitily
2013-08-23 14:20:43 +08:00
def user_found(user)
SECURITY: 2FA with U2F / TOTP
2020-01-15 18:27:12 +08:00
if user.has_any_second_factor_methods_enabled?
FEATURE: Disallow login via omniauth when user has 2FA enabled.
2018-03-01 15:47:07 +08:00
@auth_result.omniauth_disallow_totp = true
FIX: Use user account email instead of auth email when totp is enabled. https://meta.discourse.org/t/github-2fa-flow-broken/88674
2018-05-30 12:14:04 +08:00
@auth_result.email = user.email
FEATURE: Disallow login via omniauth when user has 2FA enabled.
2018-03-01 15:47:07 +08:00
return
end
FIX: Handle staged users as unregistered users for external auth (#12567) For 'local logins', the UX for staged users is designed to be identical to unregistered users. However, staged users logging in via external auth were being automatically unstaged, and skipping the registration/invite flow. In the past this made sense because the registration/invite flows didn't work perfectly with external auth. Now, both registration and invites work well with external auth, so it's best to leave the 'unstage' logic to those endpoints. This problem was particularly noticeable when using the 'bulk invite' feature to invite users with pre-configured User Fields. In that situation, staged user accounts are used to preserve the user field data.
2021-03-31 20:40:58 +08:00
# automatically activate any account if a provider marked the email valid
FIX: Don't mark user as `active` if verified email is different.
2017-03-01 11:58:24 +08:00
if @auth_result.email_valid && @auth_result.email == user.email
SECURITY: Reset password when activating an account via auth provider Followup to d693b4e35fe0e58c5578eae4a56c06dff4756ba2
2019-08-28 19:49:11 +08:00
if !user.active || !user.email_confirmed?
user.update!(password: SecureRandom.hex)
FIX: When activating via omniauth, create tokens after password reset Resetting a password invalidates all email tokens, so we need to create the tokens after the password reset.
2019-08-28 21:43:25 +08:00
# Ensure there is an active email token
unless EmailToken.where(email: user.email, confirmed: true).exists? ||
user.email_tokens.active.where(email: user.email).exists?
user.email_tokens.create!(email: user.email)
end
SECURITY: Reset password when activating an account via auth provider Followup to d693b4e35fe0e58c5578eae4a56c06dff4756ba2
2019-08-28 19:49:11 +08:00
user.activate
end
FIX: save registration_ip_address for staged users logging in via social auth
2017-12-12 20:08:57 +08:00
user.update!(registration_ip_address: request.remote_ip) if user.registration_ip_address.blank?
Fixed GitHub auth, GitHub can provide us with a valid email - so automatically log in for those cases
2013-08-02 10:03:53 +08:00
end
UX: improve message when admin login is blocked because of admin ip address whitelisting
2015-03-03 01:13:10 +08:00
if ScreenedIpAddress.should_block?(request.remote_ip)
Better support for passing up errors when OmniAuth fails after auth
2015-06-25 00:12:43 +08:00
@auth_result.not_allowed_from_ip_address = true
UX: improve message when admin login is blocked because of admin ip address whitelisting
2015-03-03 01:13:10 +08:00
elsif ScreenedIpAddress.block_admin_login?(user, request.remote_ip)
Better support for passing up errors when OmniAuth fails after auth
2015-06-25 00:12:43 +08:00
@auth_result.admin_not_allowed_from_ip_address = true
FEATURE: restrict admin access based on IP address
2014-09-05 06:50:27 +08:00
elsif Guardian.new(user).can_access_forum? && user.active # log on any account that is active with forum access
FIX: Improve email validation error handling for external logins (#11307) - Display reason for validation error when logging in via an authenticator - Fix email validation handling for 'Discourse SSO', and add a spec Previously, validation errors (e.g. blocked or already-taken emails) would raise a generic error with no useful information.
2020-11-23 19:06:08 +08:00
begin
user.save! if @auth_result.apply_user_attributes!
rescue ActiveRecord::RecordInvalid => e
@auth_result.failed = true
@auth_result.failed_reason = e.record.errors.full_messages.join(", ")
return
end
major refactor of auth, break up the gigantic omniauth controller into sub classes for way better extensibitily
2013-08-23 14:20:43 +08:00
log_on_user(user)
Invite link can't be used to log in after you set a password or sign in with 3rd party
2014-01-22 05:53:46 +08:00
Invite.invalidate_for_email(user.email) # invite link can't be used to log in anymore
session[:authentication] = nil # don't carry around old auth info, perhaps move elsewhere
Better support for passing up errors when OmniAuth fails after auth
2015-06-25 00:12:43 +08:00
@auth_result.authenticated = true
Add basic Persona functionality 1. No session integration yet, so automatic login/logout events are suppressed. 2. Popup blockers must be disabled: submits form to target="_blank"
2013-03-01 23:23:21 +08:00
else
invite only forums had very wonky logic, invited users were not being activated, invite_only forums were still registering users
2013-08-28 15:18:31 +08:00
if SiteSetting.must_approve_users? && !user.approved?
Better support for passing up errors when OmniAuth fails after auth
2015-06-25 00:12:43 +08:00
@auth_result.awaiting_approval = true
remove duplicate code
2013-07-11 14:02:18 +08:00
else
Better support for passing up errors when OmniAuth fails after auth
2015-06-25 00:12:43 +08:00
@auth_result.awaiting_activation = true
remove duplicate code
2013-07-11 14:02:18 +08:00
end
end
end
move all logic to omniauth implement omniauth-facebook / omniauth-twitter
2013-02-12 21:47:22 +08:00
end
Reference in New Issue Copy Permalink