FEATURE: admin end point to sync sso /admin/users/sync_sso

Must be admin to invoke (api is fine too), uses same sso payload nonce is ignored
2024-11-26 03:13:39 +08:00 · 2014-10-28 11:25:02 +11:00 · 2014-10-28 11:25:02 +11:00 · 7d6d8bd0a3
commit 7d6d8bd0a3
parent a438f35478
3 changed files with 52 additions and 1 deletions
--- a/app/controllers/admin/users_controller.rb
+++ b/app/controllers/admin/users_controller.rb
@ -258,6 +258,18 @@ class Admin::UsersController < Admin::AdminController
    render json: location
  end

+  def sync_sso
+    unless SiteSetting.enable_sso
+      render nothing: true, status: 404
+      return
+    end
+
+    sso = DiscourseSingleSignOn.parse(request.query_string)
+    user = sso.lookup_or_create_user
+
+    render_serialized(user, AdminDetailedUserSerializer, root: false)
+  end
+
  private

    def fetch_user
--- a/config/routes.rb
+++ b/config/routes.rb
@ -81,6 +81,9 @@ Discourse::Application.routes.draw do
      get "tl3_requirements"
    end

+
+    post "users/sync_sso" => "users#sync_sso", constraints: AdminConstraint.new
+
    resources :impersonate, constraints: AdminConstraint.new

    resources :email do
--- a/spec/controllers/admin/users_controller_spec.rb
+++ b/spec/controllers/admin/users_controller_spec.rb
@ -1,4 +1,5 @@
 require 'spec_helper'
+require_dependency 'single_sign_on'

 describe Admin::UsersController do

@ -314,7 +315,7 @@ describe Admin::UsersController do
        before do
          @user = Fabricate(:user)
          topic = create_topic(user: @user)
-          post = create_post(topic: topic, user: @user)
+          _post = create_post(topic: topic, user: @user)
          @user.stubs(:first_post_created_at).returns(Time.zone.now)
          User.expects(:find_by).with(id: @delete_me.id).returns(@user)
        end
@ -394,4 +395,39 @@ describe Admin::UsersController do

  end

+  it 'can sync up sso' do
+    log_in(:admin)
+
+    SiteSetting.enable_sso = true
+    SiteSetting.sso_overrides_email = true
+    SiteSetting.sso_overrides_name = true
+    SiteSetting.sso_overrides_username = true
+
+    SiteSetting.sso_secret = "sso secret"
+
+    sso = SingleSignOn.new
+    sso.sso_secret = "sso secret"
+    sso.name = "Bob The Bob"
+    sso.username = "bob"
+    sso.email = "bob@bob.com"
+    sso.external_id = "1"
+
+    user = DiscourseSingleSignOn.parse(sso.payload)
+                                .lookup_or_create_user
+
+
+    sso.name = "Bill"
+    sso.username = "Hokli$$!!"
+    sso.email = "bob2@bob.com"
+
+    xhr :post, :sync_sso, Rack::Utils.parse_query(sso.payload)
+    response.should be_success
+
+    user.reload
+    user.email.should == "bob2@bob.com"
+    user.name.should == "Bill"
+    user.username.should == "Hokli"
+
+  end
+
 end