From 9a045c216c3e1905f832ccf41b692705c541ea83 Mon Sep 17 00:00:00 2001
From: Arpit Jalan <arpit@techapj.com>
Date: Wed, 6 Apr 2016 11:12:47 +0530
Subject: [PATCH] FIX: verify that sso_url setting includes protocol

---
 config/locales/server.en.yml | 2 +-
 config/site_settings.yml     | 4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/config/locales/server.en.yml b/config/locales/server.en.yml
index 3fa0922f1..d48aea1b1 100644
--- a/config/locales/server.en.yml
+++ b/config/locales/server.en.yml
@@ -944,7 +944,7 @@ en:
 
     enable_sso: "Enable single sign on via an external site (WARNING: USERS' EMAIL ADDRESSES *MUST* BE VALIDATED BY THE EXTERNAL SITE!)"
     enable_sso_provider: "Implement Discourse SSO provider protocol at the /session/sso_provider endpoint, requires sso_secret to be set"
-    sso_url: "URL of single sign on endpoint"
+    sso_url: "URL of single sign on endpoint (must include http:// or https://)"
     sso_secret: "Secret string used to cryptographically authenticate SSO information, be sure it is 10 characters or longer"
     sso_overrides_email: "Overrides local email with external site email from SSO payload on every login, and prevent local changes. (WARNING: discrepancies can occur due to normalization of local emails)"
     sso_overrides_username: "Overrides local username with external site username from SSO payload on every login, and prevent local changes. (WARNING: discrepancies can occur due to differences in username length/requirements)"
diff --git a/config/site_settings.yml b/config/site_settings.yml
index 3a4bc825f..16c07a246 100644
--- a/config/site_settings.yml
+++ b/config/site_settings.yml
@@ -266,7 +266,9 @@ login:
     client: true
     default: false
   enable_sso_provider: false
-  sso_url: ''
+  sso_url:
+    default: ''
+    regex: '^https?:\/\/.+[^\/]$'
   sso_secret: ''
   sso_overrides_email: false
   sso_overrides_username: false