2019-05-03 06:17:27 +08:00
# frozen_string_literal: true
2022-01-06 20:28:46 +08:00
class DiscourseConnectBase
2018-12-07 23:01:44 +08:00
class ParseError < RuntimeError
2023-01-09 20:10:19 +08:00
end
2018-08-30 07:57:53 +08:00
ACCESSORS = % i [
add_groups
admin
moderator
avatar_force_update
avatar_url
bio
card_background_url
2022-04-13 20:04:09 +08:00
confirmed_2fa
2018-08-30 07:57:53 +08:00
email
external_id
groups
locale
locale_force_update
2022-04-13 20:04:09 +08:00
location
2020-02-04 01:53:14 +08:00
logout
2018-08-30 07:57:53 +08:00
name
2022-04-13 20:04:09 +08:00
no_2fa_methods
2018-08-30 07:57:53 +08:00
nonce
profile_background_url
remove_groups
2022-04-13 20:04:09 +08:00
require_2fa
2018-08-30 07:57:53 +08:00
require_activation
return_sso_url
suppress_welcome_message
title
username
website
2023-01-09 20:10:19 +08:00
]
2018-08-30 07:57:53 +08:00
2014-02-25 11:30:49 +08:00
FIXNUMS = [ ]
2018-08-30 07:57:53 +08:00
BOOLS = % i [
admin
avatar_force_update
2022-04-13 20:04:09 +08:00
confirmed_2fa
2018-08-30 07:57:53 +08:00
locale_force_update
2020-02-04 01:53:14 +08:00
logout
2018-08-30 07:57:53 +08:00
moderator
2022-04-13 20:04:09 +08:00
no_2fa_methods
require_2fa
2018-08-30 07:57:53 +08:00
require_activation
suppress_welcome_message
2023-01-09 20:10:19 +08:00
]
2018-08-30 07:57:53 +08:00
2019-03-19 14:33:20 +08:00
def self . nonce_expiry_time
@nonce_expiry_time || = 10 . minutes
end
def self . nonce_expiry_time = ( v )
@nonce_expiry_time = v
end
2014-02-25 11:30:49 +08:00
2021-08-18 21:14:12 +08:00
def self . used_nonce_expiry_time
24 . hours
end
2014-02-25 11:30:49 +08:00
attr_accessor ( * ACCESSORS )
2017-11-02 19:33:35 +08:00
attr_writer :sso_secret , :sso_url
2014-02-25 11:30:49 +08:00
def self . sso_secret
raise RuntimeError , " sso_secret not implemented on class, be sure to set it on instance "
end
def self . sso_url
raise RuntimeError , " sso_url not implemented on class, be sure to set it on instance "
end
2021-02-18 18:35:10 +08:00
def self . parse ( payload , sso_secret = nil , ** init_kwargs )
sso = new ( ** init_kwargs )
2018-12-19 17:22:10 +08:00
sso . sso_secret = sso_secret if sso_secret
2014-02-25 11:30:49 +08:00
parsed = Rack :: Utils . parse_query ( payload )
2018-10-15 13:03:53 +08:00
decoded = Base64 . decode64 ( parsed [ " sso " ] )
decoded_hash = Rack :: Utils . parse_query ( decoded )
2014-02-25 11:30:49 +08:00
if sso . sign ( parsed [ " sso " ] ) != parsed [ " sig " ]
2014-12-30 06:23:21 +08:00
diags =
" \n \n sso: #{ parsed [ " sso " ] } \n \n sig: #{ parsed [ " sig " ] } \n \n expected sig: #{ sso . sign ( parsed [ " sso " ] ) } "
2014-12-30 06:28:44 +08:00
if parsed [ " sso " ] =~ %r{ [^a-zA-Z0-9= \ r \ n/+] }m
2018-12-07 23:01:44 +08:00
raise ParseError ,
" The SSO field should be Base64 encoded, using only A-Z, a-z, 0-9, +, /, and = characters. Your input contains characters we don't understand as Base64, see http://en.wikipedia.org/wiki/Base64 #{ diags } "
2014-12-30 06:23:21 +08:00
else
2018-12-07 23:01:44 +08:00
raise ParseError , " Bad signature for payload #{ diags } "
2014-12-30 06:23:21 +08:00
end
2014-02-25 11:30:49 +08:00
end
ACCESSORS . each do | k |
val = decoded_hash [ k . to_s ]
val = val . to_i if FIXNUMS . include? k
2014-11-27 09:39:00 +08:00
val = %w[ true false ] . include? ( val ) ? val == " true " : nil if BOOLS . include? k
2019-05-07 09:27:05 +08:00
sso . public_send ( " #{ k } = " , val )
2014-02-25 11:30:49 +08:00
end
2014-04-22 11:52:13 +08:00
decoded_hash . each do | k , v |
2017-03-27 22:21:38 +08:00
if field = k [ / ^custom \ .(.+)$ / , 1 ]
2014-04-22 11:52:13 +08:00
sso . custom_fields [ field ] = v
end
end
2014-02-25 11:30:49 +08:00
sso
end
2016-04-08 09:20:01 +08:00
def diagnostics
2022-01-06 20:28:46 +08:00
DiscourseConnectBase :: ACCESSORS . map { | a | " #{ a } : #{ public_send ( a ) } " } . join ( " \n " )
2016-04-08 09:20:01 +08:00
end
2014-04-22 11:52:13 +08:00
def sso_secret
@sso_secret || self . class . sso_secret
end
def sso_url
@sso_url || self . class . sso_url
end
def custom_fields
@custom_fields || = { }
end
2022-05-31 13:24:04 +08:00
def self . sign ( payload , secret )
OpenSSL :: HMAC . hexdigest ( " sha256 " , secret , payload )
end
2018-12-19 17:22:10 +08:00
def sign ( payload , secret = nil )
secret = secret || sso_secret
2022-05-31 13:24:04 +08:00
self . class . sign ( payload , secret )
2014-02-25 11:30:49 +08:00
end
2021-03-19 08:20:10 +08:00
def to_json
self . to_h . to_json
end
2014-02-25 11:30:49 +08:00
def to_url ( base_url = nil )
2014-03-20 05:14:09 +08:00
base = " #{ base_url || sso_url } "
" #{ base } #{ base . include? ( " ? " ) ? " & " : " ? " } #{ payload } "
2014-02-25 11:30:49 +08:00
end
2018-12-19 17:22:10 +08:00
def payload ( secret = nil )
2017-10-18 01:41:52 +08:00
payload = Base64 . strict_encode64 ( unsigned_payload )
2018-12-19 17:22:10 +08:00
" sso= #{ CGI . escape ( payload ) } &sig= #{ sign ( payload , secret ) } "
2014-02-25 11:30:49 +08:00
end
def unsigned_payload
2021-03-19 08:20:10 +08:00
Rack :: Utils . build_query ( self . to_h )
end
def to_h
2014-02-25 11:30:49 +08:00
payload = { }
2017-03-27 22:21:38 +08:00
2014-02-25 11:30:49 +08:00
ACCESSORS . each do | k |
2019-05-07 10:05:58 +08:00
next if ( val = public_send ( k ) ) == nil
payload [ k ] = val
2014-02-25 11:30:49 +08:00
end
2017-03-27 22:21:38 +08:00
@custom_fields & . each { | k , v | payload [ " custom. #{ k } " ] = v . to_s }
2014-04-22 11:52:13 +08:00
2021-03-19 08:20:10 +08:00
payload
2014-02-25 11:30:49 +08:00
end
end