Commit Graph

68 Commits

Author SHA1 Message Date
Andrei Prigorshnev
88ecb83382
FEATURE: stop using email as source for username and name suggestions for Single Sign On (#14541)
We don't want to be using emails as source for username and name suggestions in cases when it's possible that a user have no chance to intervene and correct a suggested username. It risks exposing email addresses.
2021-10-12 17:25:54 +04:00
Andrei Prigorshnev
e68dc0c598
DEV: add test cases that prove that sso can override username from "bob1" to "bob" (#14555)
The problem was reported a long time ago (https://meta.discourse.org/t/cannot-change-username-with-sso-enabled/31307). It's hard to say if this bag didn't exist or was fixed later, but test cases in this PR prove that this works now.
2021-10-07 22:29:24 +04:00
Arpit Jalan
7db3888f17
FIX: log proper error message when SSO nonce verification fails (#14077) 2021-08-18 18:44:12 +05:30
David Taylor
0902e56162
FEATURE: Flag to disable DiscourseConnect CSRF protection (#12356)
This is not recommended. But if you have other protections in place for CSRF mitigation, you may wish to disable Discourse's implementation. This site setting is not visible in the UI, and must be changed via the console.
2021-03-11 10:38:34 +00:00
David Taylor
13d2a1f82c
SECURITY: Attach DiscourseConnect (SSO) nonce to current session (#12124) 2021-02-18 10:35:10 +00:00
David Taylor
821bb1e8cb
FEATURE: Rename 'Discourse SSO' to DiscourseConnect (#11978)
The 'Discourse SSO' protocol is being rebranded to DiscourseConnect. This should help to reduce confusion when 'SSO' is used in the generic sense.

This commit aims to:
- Rename `sso_` site settings. DiscourseConnect specific ones are prefixed `discourse_connect_`. Generic settings are prefixed `auth_`
- Add (server-side-only) backwards compatibility for the old setting names, with deprecation notices
- Copy `site_settings` database records to the new names
- Rename relevant translation keys
- Update relevant translations

This commit does **not** aim to:
- Rename any Ruby classes or methods. This might be done in a future commit
- Change any URLs. This would break existing integrations
- Make any changes to the protocol. This would break existing integrations
- Change any functionality. Further normalization across DiscourseConnect and other auth methods will be done separately

The risks are:
- There is no backwards compatibility for site settings on the client-side. Accessing auth-related site settings in Javascript is fairly rare, and an error on the client side would not be security-critical.
- If a plugin is monkey-patching parts of the auth process, changes to locale keys could cause broken error messages. This should also be unlikely. The old site setting names remain functional, so security-related overrides will remain working.

A follow-up commit will be made with a post-deploy migration to delete the old `site_settings` rows.
2021-02-08 10:04:33 +00:00
mentalstring
67f3fe14aa
FEATURE: support SSO website and location overrides
Add location and website + the ability to override using SSO using the `sso_overrides_location` and `sso_overrides_website` site settings.
2020-04-28 16:06:35 +10:00
Sam Saffron
7b17eb06da FEATURE: ban any SSO attempts with invalid external id
We now treat any external_id of blank string (" " or "     " or "", etc) or a
invalid word (none, nil, blank, null) - case insensitive - as invalid.

In this case the client will see "please contact admin" the logs will explain
the reason clearly.
2019-06-11 10:04:26 +10:00
Daniel Waterworth
e219588142 DEV: Prefabrication (test optimization) (#7414)
* Introduced fab!, a helper that creates database state for a group

It's almost identical to let_it_be, except:

 1. It creates a new object for each test by default,
 2. You can disable it using PREFABRICATION=0
2019-05-07 13:12:20 +10:00
Guo Xiang Tan
24347ace10 FIX: Properly associate user_profiles background urls via upload id.
`Upload#url` is more likely and can change from time to time. When it
does changes, we don't want to have to look through multiple tables to
ensure that the URLs are all up to date. Instead, we simply associate
uploads properly to `UserProfile` so that it does not have to replicate
the URLs in the table.
2019-05-02 14:58:24 +08:00
Sam Saffron
4ea21fa2d0 DEV: use #frozen_string_literal: true on all spec
This change both speeds up specs (less strings to allocate) and helps catch
cases where methods in Discourse are mutating inputs.

Overall we will be migrating everything to use #frozen_string_literal: true
it will take a while, but this is the first and safest move in this direction
2019-04-30 10:27:42 +10:00
Robin Ward
cab83596ec FIX: Sites with SSO that required approval were not creating reviewables 2019-04-10 12:53:50 -04:00
David Taylor
3987691b5e DEV: Correct specs which had exceptions raised in jobs 2019-04-08 16:00:33 +01:00
Robin Ward
fa5a158683 REFACTOR: Move queue_jobs out of SiteSetting
It is not a setting, and only relevant in specs. The new API is:

```
Jobs.run_later!        # jobs will be thrown on the queue
Jobs.run_immediately!  # jobs will run right away, avoid the queue
```
2019-03-14 10:47:38 -04:00
Robin Ward
d1d9a4f128 Add new run_jobs_synchronously! helper for tests
Previously if you wanted to have jobs execute in test mode, you'd have
to do `SiteSetting.queue_jobs = false`, because the opposite of queue
is to execute.

I found this very confusing, so I created a test helper called
`run_jobs_synchronously!` which is much more clear about what it does.
2019-03-11 16:58:35 -04:00
Sam
e64402cb3b SECURITY: correct edge case when SSO provides unvalidated emails 2018-09-11 08:24:02 +10:00
Sam
e6970151a6 FEATURE: allow specifying locale via SSO
Use:

locale
locale_force_update

To force user locale on users where SiteSetting.allow_user_locale is enabled

Note: If an invalid locale is specified no action will occur
2018-08-30 09:58:03 +10:00
David Lee
4644d777bd FEATURE: add website field to SSO 2018-06-25 16:09:39 +10:00
Michael Brown
ae5d255f83 FIX: Reference example.com instead of somesite.com in examples
* somesite.com actually exists...
* example.com should be used in examples and is harmless to visit
2018-06-19 10:37:24 -04:00
Guo Xiang Tan
7fc8a36529 DEV: Take 2 Queue jobs in tests by default.
On my machine this cuts the time taken to run our test suite
from ~11mins to ~9mins.
2018-05-31 16:23:23 +08:00
Guo Xiang Tan
56e9ff6853 Revert "DEV: Queue jobs in tests by default."
Too risky for now

This reverts commit be28154d3b.
2018-05-31 15:34:46 +08:00
Guo Xiang Tan
be28154d3b DEV: Queue jobs in tests by default. 2018-05-31 14:45:47 +08:00
Misaka 0x4e21
ff6be3c2e3 FEATURE: add profile_background fields into SSO (#5701)
Add profile_background and card_background fields into Discourse SSO.
2018-05-07 10:03:26 +02:00
Sam
fe37ce165d correct issue where groups was never being blanked 2018-04-10 15:30:18 +10:00
Sam
afaeb20f27 FEATURE: Add option to have sso synchronize group membership
In some cases add_groups and remove_groups is too much work, some sites
may wish to simply synchronize group membership based on a list.

When sso_overrides_groups is on all not automatic group membership is
sourced from SSO. Note if you omit to specify groups, they will be cleared
out.
2018-04-10 13:17:23 +10:00
Guo Xiang Tan
142571bba0 Remove use of rescue nil.
* `rescue nil` is a really bad pattern to use in our code base.
  We should rescue errors that we expect the code to throw and
  not rescue everything because we're unsure of what errors the
  code would throw. This would reduce the amount of pain we face
  when debugging why something isn't working as expexted. I've
  been bitten countless of times by errors being swallowed as a
  result during debugging sessions.
2018-04-02 13:52:51 +08:00
Michael Brown
6f40037ba5 Add test guarding against the SSO logic I broke 2018-03-13 18:39:39 -04:00
Michael Brown
3c3d205180 FIX: sso_overrides_username may inappropriately change the username if the case changed 2018-03-09 16:06:55 -05:00
Arpit Jalan
ef4c6c67ba fix the build 2017-12-23 14:42:40 +05:30
Arpit Jalan
b21d5d3633 FIX: SSO email match should be case insensitive 2017-11-08 20:37:41 +05:30
Neil Lalonde
9813f9f0f8 FIX: more cases of case sensitive group membership in sso 2017-08-11 18:09:29 -04:00
Neil Lalonde
3de45ce0cd FIX: use case insensitive group name search when applying group rules from SSO 2017-08-02 11:30:37 -04:00
Guo Xiang Tan
5012d46cbd Add rubocop to our build. (#5004) 2017-07-28 10:20:09 +09:00
Leo McArdle
d0b027d88d FEATURE: phase 1 of supporting multiple email addresses 2017-07-20 11:22:27 +09:00
Guo Xiang Tan
a338a7a53e Fix the build. 2017-07-10 11:12:21 +09:00
Guo Xiang Tan
80e348d226 PERF: Speed up slow tests in our test suite.
Before

```
Finished in 7 minutes 23 seconds (files took 4.15 seconds to load)
7145 examples, 0 failures, 10 pending
```

After

```
Finished in 6 minutes 12 seconds (files took 4.41 seconds to load)
7145 examples, 0 failures, 10 pending
```
2017-06-22 11:23:31 +09:00
Sam
763f156d91 FIX: require re-activation if SSO changes email and updates it 2017-05-16 16:18:18 -04:00
Sam
27362c5a4b improve spec 2017-05-10 15:47:11 -04:00
Guo Xiang Tan
7cf0f39066 Require Sidekiq::Testing in rails helper. 2017-03-29 11:10:25 +08:00
Sam
49e7124a5e clarify override semantics in spec 2017-02-07 10:41:27 -05:00
Viet Hoang
40164ccd4a Add user title to SSO payload 2017-01-31 16:42:27 -08:00
Sam
3d76ce1421 FEATURE: SSO support for adding and removing a user to groups
Use: add_groups with a comma delimited list to ensure a user is in groups (using group names)

Use: remove_groups with a comma delimited list to ensure a user is removed from groups (using group names)
2016-11-11 16:57:31 +11:00
Régis Hanol
750338954c FIX: download SSO avatars in a background job to prevent hangs when avatars are huge 2016-10-24 19:55:30 +02:00
Sam
33578a2c17 FIX: always import avatars during SSO if they are missing 2016-09-16 09:45:00 +10:00
Sam
0a39ba43ed FIX: always respect avatar_force_update 2016-09-02 12:04:22 +10:00
Erick Guan
0217973374
FIX: Importing user avatar when new user login by SSO 2016-08-29 20:47:19 +08:00
Sam
9018de39ed FEATURE: allow shipping bio markdown via SSO
- Also adds site setting for sso_overrides_bio to disable bio editing by end users
2016-08-01 15:29:28 +10:00
Régis Hanol
874c18cbc1 FIX: unstage users when using SSO 2016-06-21 11:28:58 +02:00
Sam
b04ab83f12 FIX: refresh automatic group if SSO specifies admin/mod 2016-05-17 17:31:34 +10:00
Andy Waite
3e50313fdc Prepare for separation of RSpec helper files
Since rspec-rails 3, the default installation creates two helper files:
* `spec_helper.rb`
* `rails_helper.rb`

`spec_helper.rb` is intended as a way of running specs that do not
require Rails, whereas `rails_helper.rb` loads Rails (as Discourse's
current `spec_helper.rb` does).

For more information:

https://www.relishapp.com/rspec/rspec-rails/docs/upgrade#default-helper-files

In this commit, I've simply replaced all instances of `spec_helper` with
`rails_helper`, and renamed the original `spec_helper.rb`.

This brings the Discourse project closer to the standard usage of RSpec
in a Rails app.

At present, every spec relies on loading Rails, but there are likely
many that don't need to. In a future pull request, I hope to introduce a
separate, minimal `spec_helper.rb` which can be used in tests which
don't rely on Rails.
2015-12-01 20:39:42 +00:00