mirror of
https://github.com/discourse/discourse.git
synced 2024-12-15 19:23:41 +08:00
c7c56af397
Previously the 'reconnect' process was a bit magic - IF you were already logged into discourse, and followed the auth flow, your account would be reconnected and you would be 'logged in again'. Now, we explicitly check for a reconnect=true parameter when the flow is started, store it in the session, and then only follow the reconnect logic if that variable is present. Setting this parameter also skips the 'logged in again' step, which means reconnect now works with 2fa enabled.
37 lines
1.1 KiB
Ruby
37 lines
1.1 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
# omniauth loves spending lots cycles in its magic middleware stack
|
|
# this middleware bypasses omniauth middleware and only hits it when needed
|
|
class Middleware::OmniauthBypassMiddleware
|
|
|
|
def initialize(app, options = {})
|
|
@app = app
|
|
|
|
Discourse.plugins.each(&:notify_before_auth)
|
|
|
|
# if you need to test this and are having ssl issues see:
|
|
# http://stackoverflow.com/questions/6756460/openssl-error-using-omniauth-specified-ssl-path-but-didnt-work
|
|
# OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE if Rails.env.development?
|
|
@omniauth = OmniAuth::Builder.new(app) do
|
|
Discourse.authenticators.each do |authenticator|
|
|
authenticator.register_middleware(self)
|
|
end
|
|
end
|
|
|
|
@omniauth.before_request_phase do |env|
|
|
# If the user is trying to reconnect to an existing account, store in session
|
|
request = ActionDispatch::Request.new(env)
|
|
request.session[:auth_reconnect] = !!request.params["reconnect"]
|
|
end
|
|
end
|
|
|
|
def call(env)
|
|
if env["PATH_INFO"].start_with?("/auth")
|
|
@omniauth.call(env)
|
|
else
|
|
@app.call(env)
|
|
end
|
|
end
|
|
|
|
end
|