From 2754b45fff6062bd4d9c79baf3c824c5f3d8e12d Mon Sep 17 00:00:00 2001
From: Sam <sam.saffron@gmail.com>
Date: Tue, 30 Dec 2014 09:23:21 +1100
Subject: [PATCH] improve error handling massage for bad sso requests

---
 lib/single_sign_on.rb | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/single_sign_on.rb b/lib/single_sign_on.rb
index bed24b53b1c..9131621bc39 100644
--- a/lib/single_sign_on.rb
+++ b/lib/single_sign_on.rb
@@ -22,7 +22,12 @@ class SingleSignOn
 
     parsed = Rack::Utils.parse_query(payload)
     if sso.sign(parsed["sso"]) != parsed["sig"]
-      raise RuntimeError, "Bad signature for payload"
+      diags = "\n\nsso: #{parsed["sso"]}\n\nsig: #{parsed["sig"]}\n\nexpected sig: #{sso.sign(parsed["sso"])}"
+      if parsed["sso"] =~ /[^a-zA-Z0-9=\r\n]/m
+        raise RuntimeError, "The SSO field should be Base64 encoded, using only A-Z, a-z, 0-9 and = characters. Your input contains characters we don't understand as Base64, see http://en.wikipedia.org/wiki/Base64 #{diags}"
+      else
+        raise RuntimeError, "Bad signature for payload #{diags}"
+      end
     end
 
     decoded = Base64.decode64(parsed["sso"])