Commit Graph

67 Commits

Author SHA1 Message Date
Guo Xiang Tan
6e46f81123 Add a distributed mutex around user creation via SSO.
* When two SSO requests containing the same email in the payload are
  sent at the same time, it would sometimes result in two users
  being created but one without an email record. Investigations
  points to ActiveRecord not generating the right statements but
  we have no figured out the reproduction steps yet. We should review
  this after upgrading to Rails 5.2.
2018-04-12 16:18:49 +08:00
Sam
fe37ce165d correct issue where groups was never being blanked 2018-04-10 15:30:18 +10:00
Sam
afaeb20f27 FEATURE: Add option to have sso synchronize group membership
In some cases add_groups and remove_groups is too much work, some sites
may wish to simply synchronize group membership based on a list.

When sso_overrides_groups is on all not automatic group membership is
sourced from SSO. Note if you omit to specify groups, they will be cleared
out.
2018-04-10 13:17:23 +10:00
Guo Xiang Tan
d0e7898fa0 Build primary_email association directly in DiscourseSingleSignOn. 2018-03-20 19:36:35 +08:00
Michael Brown
1b5549df58 FIX: my sso_overrides_username assumed username was passed 2018-03-13 18:29:11 -04:00
Michael Brown
3c3d205180 FIX: sso_overrides_username may inappropriately change the username if the case changed 2018-03-09 16:06:55 -05:00
Guo Xiang Tan
6b59a2827d Add more information to SSO user creation logging. 2018-03-02 18:27:15 +08:00
Guo Xiang Tan
bbb30bedf3 Improve output of SSO verbose logging. 2018-02-22 11:26:13 +08:00
Arpit Jalan
b21d5d3633 FIX: SSO email match should be case insensitive 2017-11-08 20:37:41 +05:30
Guo Xiang Tan
9355f92f78 Add more verbose SSO logging. 2017-11-07 19:38:36 +08:00
Guo Xiang Tan
95c891cf11 Raise error if sso record fails to create. 2017-11-07 18:38:38 +08:00
Neil Lalonde
9813f9f0f8 FIX: more cases of case sensitive group membership in sso 2017-08-11 18:09:29 -04:00
Neil Lalonde
3de45ce0cd FIX: use case insensitive group name search when applying group rules from SSO 2017-08-02 11:30:37 -04:00
Guo Xiang Tan
5012d46cbd Add rubocop to our build. (#5004) 2017-07-28 10:20:09 +09:00
Régis Hanol
d6c63cc5b2 FIX: user's default group should only be set once
Setting a user's default groups based on their email address should only be done once, ie. when they confirm their email address.
Previously we were doing this everytime we'd save a user record 🤷
2017-06-14 19:20:18 +02:00
Sam
763f156d91 FIX: require re-activation if SSO changes email and updates it 2017-05-16 16:18:18 -04:00
Viet Hoang
40164ccd4a Add user title to SSO payload 2017-01-31 16:42:27 -08:00
Arpit Jalan
0791c2c966 FIX: sso_overrides_avatar should override previously set avatar 2017-01-19 10:52:24 +05:30
Sam
3d76ce1421 FEATURE: SSO support for adding and removing a user to groups
Use: add_groups with a comma delimited list to ensure a user is in groups (using group names)

Use: remove_groups with a comma delimited list to ensure a user is removed from groups (using group names)
2016-11-11 16:57:31 +11:00
Régis Hanol
750338954c FIX: download SSO avatars in a background job to prevent hangs when avatars are huge 2016-10-24 19:55:30 +02:00
Sam
33578a2c17 FIX: always import avatars during SSO if they are missing 2016-09-16 09:45:00 +10:00
Sam
0a39ba43ed FIX: always respect avatar_force_update 2016-09-02 12:04:22 +10:00
Erick Guan
0217973374
FIX: Importing user avatar when new user login by SSO 2016-08-29 20:47:19 +08:00
Sam
9018de39ed FEATURE: allow shipping bio markdown via SSO
- Also adds site setting for sso_overrides_bio to disable bio editing by end users
2016-08-01 15:29:28 +10:00
Régis Hanol
874c18cbc1 FIX: unstage users when using SSO 2016-06-21 11:28:58 +02:00
Sam
b04ab83f12 FIX: refresh automatic group if SSO specifies admin/mod 2016-05-17 17:31:34 +10:00
Sam
19ca08857f FEATURE: verbose SSO logging
By enabling the site setting verbose_sso_logging
you can log information every time a user tries initiates SSO
and during SSO failures
2016-04-08 11:20:01 +10:00
Régis Hanol
97c7b894ce better logs when an error happens in SSO 2016-02-24 21:57:01 +01:00
Guo Xiang Tan
3142eb76dc Revert "FIX: find_by_attribute method in Rails 4.5 is case insensitive."
This reverts commit 2af587005b.
2016-02-22 15:55:48 +08:00
Guo Xiang Tan
2af587005b FIX: find_by_attribute method in Rails 4.5 is case insensitive.
* https://github.com/rails/rails/pull/23690
2016-02-15 23:05:16 +08:00
Sam
6451495ec6 FIX: only override sso name / username if it is supplied 2015-08-24 10:24:33 +10:00
Robin Ward
cb94a9000d Revert "Revert "Extract logic to save external avatar url""
This reverts commit 2d20e4c692.
2015-06-23 15:59:50 -04:00
Robin Ward
2d20e4c692 Revert "Extract logic to save external avatar url"
This reverts commit 18b8df3f32.
2015-06-23 15:45:34 -04:00
Robin Ward
18b8df3f32 Extract logic to save external avatar url 2015-06-23 15:23:19 -04:00
Sam
d1d703718a Merge pull request #3476 from paulkaplan/sso-distrust-email
Add SSO setting to not trust emails automatically
2015-05-20 12:07:14 +10:00
Sam
bd63699d63 FIX: rescue even more errors in case avatar has issues downloading 2015-05-20 10:43:53 +10:00
Paul Kaplan
1c34341f31 Replace site setting with a payload attribute 2015-05-19 11:16:02 -05:00
Paul Kaplan
4c26c4d9bc Add a SiteSetting to not trust sso emails by default 2015-05-15 12:15:06 -05:00
Sam
b7897d24b1 keep working even if username is blank 2015-05-07 13:52:26 +10:00
Sam
05737effef FIX: stop stripping dots from SSO names
This could upset Louis C.K.
2015-03-27 10:25:51 +11:00
Sam
d80ed94608 more username cycling avoidance 2015-03-27 10:10:53 +11:00
Sam
0c287d7d6b ensure usernames do not keep cycling 2015-03-27 10:04:16 +11:00
Sam
4566a1e30a FIX: sso override code not triggered when attaching to existing user 2015-03-27 09:39:35 +11:00
Dan Singerman
e8648350eb Add an sso option to suppress welcome emails
As discussed here: https://meta.discourse.org/t/create-new-sso-users-without-sending-welcome-emails/24894
2015-03-20 17:04:52 +00:00
Robin Ward
005b8bf7c3 FIX: When creating a SSO user via sync, do not user the IP address. 2015-02-25 14:41:23 -05:00
Robin Ward
ca5730018a FIX: SSO code should respect IP address filters 2015-02-23 16:01:46 -05:00
Régis Hanol
0e5c9b2590 small upload code refactor 2015-02-03 18:44:18 +01:00
Dan Singerman
64c4bd5dbf Fix force_avatar_update.to_i error as force_avatar_update is a boolean
If force_avatar_update is passed in sso attributes it errors on
force_avatar_update.to_i. The SingleSignOn class forces avatar_force_update
to a boolean, so it should be treated as such.
2015-01-30 09:51:38 +00:00
Dan Singerman
dbf2f4efec Fix bug when sso_overrides_avatar is true but no avatar_url is passed
If a user has a current avatar, and sso_overrides_avatar is true, but no avatar_url is
passed in the sso attributes, the current code errors, as it tries to parse a nil
as a URL. It seems to me valid that a third party system may not pass an avatar_url in
some cases (e.g. avatars may not be mandatory, so not all users may have them)

This might warrant a discussion about what should happen in this case; maybe the current
avatar in discourse should be removed? This branch merely stops the login process erroring.
2015-01-28 16:01:39 +00:00
Sam
013f1a6dd0 FEATURE: allow creating admin and moderator accounts via SSO 2014-11-27 12:39:00 +11:00