Guo Xiang Tan
6e46f81123
Add a distributed mutex around user creation via SSO.
...
* When two SSO requests containing the same email in the payload are
sent at the same time, it would sometimes result in two users
being created but one without an email record. Investigations
points to ActiveRecord not generating the right statements but
we have no figured out the reproduction steps yet. We should review
this after upgrading to Rails 5.2.
2018-04-12 16:18:49 +08:00
Sam
fe37ce165d
correct issue where groups was never being blanked
2018-04-10 15:30:18 +10:00
Sam
afaeb20f27
FEATURE: Add option to have sso synchronize group membership
...
In some cases add_groups and remove_groups is too much work, some sites
may wish to simply synchronize group membership based on a list.
When sso_overrides_groups is on all not automatic group membership is
sourced from SSO. Note if you omit to specify groups, they will be cleared
out.
2018-04-10 13:17:23 +10:00
Guo Xiang Tan
d0e7898fa0
Build primary_email
association directly in DiscourseSingleSignOn
.
2018-03-20 19:36:35 +08:00
Michael Brown
1b5549df58
FIX: my sso_overrides_username assumed username was passed
2018-03-13 18:29:11 -04:00
Michael Brown
3c3d205180
FIX: sso_overrides_username may inappropriately change the username if the case changed
2018-03-09 16:06:55 -05:00
Guo Xiang Tan
6b59a2827d
Add more information to SSO user creation logging.
2018-03-02 18:27:15 +08:00
Guo Xiang Tan
bbb30bedf3
Improve output of SSO verbose logging.
2018-02-22 11:26:13 +08:00
Arpit Jalan
b21d5d3633
FIX: SSO email match should be case insensitive
2017-11-08 20:37:41 +05:30
Guo Xiang Tan
9355f92f78
Add more verbose SSO logging.
2017-11-07 19:38:36 +08:00
Guo Xiang Tan
95c891cf11
Raise error if sso record fails to create.
2017-11-07 18:38:38 +08:00
Neil Lalonde
9813f9f0f8
FIX: more cases of case sensitive group membership in sso
2017-08-11 18:09:29 -04:00
Neil Lalonde
3de45ce0cd
FIX: use case insensitive group name search when applying group rules from SSO
2017-08-02 11:30:37 -04:00
Guo Xiang Tan
5012d46cbd
Add rubocop to our build. ( #5004 )
2017-07-28 10:20:09 +09:00
Régis Hanol
d6c63cc5b2
FIX: user's default group should only be set once
...
Setting a user's default groups based on their email address should only be done once, ie. when they confirm their email address.
Previously we were doing this everytime we'd save a user record 🤷
2017-06-14 19:20:18 +02:00
Sam
763f156d91
FIX: require re-activation if SSO changes email and updates it
2017-05-16 16:18:18 -04:00
Viet Hoang
40164ccd4a
Add user title to SSO payload
2017-01-31 16:42:27 -08:00
Arpit Jalan
0791c2c966
FIX: sso_overrides_avatar should override previously set avatar
2017-01-19 10:52:24 +05:30
Sam
3d76ce1421
FEATURE: SSO support for adding and removing a user to groups
...
Use: add_groups with a comma delimited list to ensure a user is in groups (using group names)
Use: remove_groups with a comma delimited list to ensure a user is removed from groups (using group names)
2016-11-11 16:57:31 +11:00
Régis Hanol
750338954c
FIX: download SSO avatars in a background job to prevent hangs when avatars are huge
2016-10-24 19:55:30 +02:00
Sam
33578a2c17
FIX: always import avatars during SSO if they are missing
2016-09-16 09:45:00 +10:00
Sam
0a39ba43ed
FIX: always respect avatar_force_update
2016-09-02 12:04:22 +10:00
Erick Guan
0217973374
FIX: Importing user avatar when new user login by SSO
2016-08-29 20:47:19 +08:00
Sam
9018de39ed
FEATURE: allow shipping bio markdown via SSO
...
- Also adds site setting for sso_overrides_bio to disable bio editing by end users
2016-08-01 15:29:28 +10:00
Régis Hanol
874c18cbc1
FIX: unstage users when using SSO
2016-06-21 11:28:58 +02:00
Sam
b04ab83f12
FIX: refresh automatic group if SSO specifies admin/mod
2016-05-17 17:31:34 +10:00
Sam
19ca08857f
FEATURE: verbose SSO logging
...
By enabling the site setting verbose_sso_logging
you can log information every time a user tries initiates SSO
and during SSO failures
2016-04-08 11:20:01 +10:00
Régis Hanol
97c7b894ce
better logs when an error happens in SSO
2016-02-24 21:57:01 +01:00
Guo Xiang Tan
3142eb76dc
Revert "FIX: find_by_attribute method in Rails 4.5 is case insensitive."
...
This reverts commit 2af587005b
.
2016-02-22 15:55:48 +08:00
Guo Xiang Tan
2af587005b
FIX: find_by_attribute method in Rails 4.5 is case insensitive.
...
* https://github.com/rails/rails/pull/23690
2016-02-15 23:05:16 +08:00
Sam
6451495ec6
FIX: only override sso name / username if it is supplied
2015-08-24 10:24:33 +10:00
Robin Ward
cb94a9000d
Revert "Revert "Extract logic to save external avatar url""
...
This reverts commit 2d20e4c692
.
2015-06-23 15:59:50 -04:00
Robin Ward
2d20e4c692
Revert "Extract logic to save external avatar url"
...
This reverts commit 18b8df3f32
.
2015-06-23 15:45:34 -04:00
Robin Ward
18b8df3f32
Extract logic to save external avatar url
2015-06-23 15:23:19 -04:00
Sam
d1d703718a
Merge pull request #3476 from paulkaplan/sso-distrust-email
...
Add SSO setting to not trust emails automatically
2015-05-20 12:07:14 +10:00
Sam
bd63699d63
FIX: rescue even more errors in case avatar has issues downloading
2015-05-20 10:43:53 +10:00
Paul Kaplan
1c34341f31
Replace site setting with a payload attribute
2015-05-19 11:16:02 -05:00
Paul Kaplan
4c26c4d9bc
Add a SiteSetting to not trust sso emails by default
2015-05-15 12:15:06 -05:00
Sam
b7897d24b1
keep working even if username is blank
2015-05-07 13:52:26 +10:00
Sam
05737effef
FIX: stop stripping dots from SSO names
...
This could upset Louis C.K.
2015-03-27 10:25:51 +11:00
Sam
d80ed94608
more username cycling avoidance
2015-03-27 10:10:53 +11:00
Sam
0c287d7d6b
ensure usernames do not keep cycling
2015-03-27 10:04:16 +11:00
Sam
4566a1e30a
FIX: sso override code not triggered when attaching to existing user
2015-03-27 09:39:35 +11:00
Dan Singerman
e8648350eb
Add an sso option to suppress welcome emails
...
As discussed here: https://meta.discourse.org/t/create-new-sso-users-without-sending-welcome-emails/24894
2015-03-20 17:04:52 +00:00
Robin Ward
005b8bf7c3
FIX: When creating a SSO user via sync, do not user the IP address.
2015-02-25 14:41:23 -05:00
Robin Ward
ca5730018a
FIX: SSO code should respect IP address filters
2015-02-23 16:01:46 -05:00
Régis Hanol
0e5c9b2590
small upload code refactor
2015-02-03 18:44:18 +01:00
Dan Singerman
64c4bd5dbf
Fix force_avatar_update.to_i error as force_avatar_update is a boolean
...
If force_avatar_update is passed in sso attributes it errors on
force_avatar_update.to_i. The SingleSignOn class forces avatar_force_update
to a boolean, so it should be treated as such.
2015-01-30 09:51:38 +00:00
Dan Singerman
dbf2f4efec
Fix bug when sso_overrides_avatar is true but no avatar_url is passed
...
If a user has a current avatar, and sso_overrides_avatar is true, but no avatar_url is
passed in the sso attributes, the current code errors, as it tries to parse a nil
as a URL. It seems to me valid that a third party system may not pass an avatar_url in
some cases (e.g. avatars may not be mandatory, so not all users may have them)
This might warrant a discussion about what should happen in this case; maybe the current
avatar in discourse should be removed? This branch merely stops the login process erroring.
2015-01-28 16:01:39 +00:00
Sam
013f1a6dd0
FEATURE: allow creating admin and moderator accounts via SSO
2014-11-27 12:39:00 +11:00