require_dependency 'single_sign_on' class DiscourseSingleSignOn < SingleSignOn def self.sso_url SiteSetting.sso_url end def self.sso_secret SiteSetting.sso_secret end def self.generate_url(return_path="/") sso = new sso.nonce = SecureRandom.hex sso.register_nonce(return_path) sso.to_url end def register_nonce(return_path) if nonce $redis.setex(nonce_key, NONCE_EXPIRY_TIME, return_path) end end def nonce_valid? nonce && $redis.get(nonce_key).present? end def return_path $redis.get(nonce_key) || "/" end def expire_nonce! if nonce $redis.del nonce_key end end def nonce_key "SSO_NONCE_#{nonce}" end def lookup_or_create_user sso_record = SingleSignOnRecord.where(external_id: external_id).first if sso_record && sso_record.user sso_record.last_payload = unsigned_payload sso_record.save else user = User.where(email: Email.downcase(email)).first user_params = { email: email, name: User.suggest_name(name || username || email), username: UserNameSuggester.suggest(username || name || email), } if user || user = User.create(user_params) if sso_record = user.single_sign_on_record sso_record.last_payload = unsigned_payload sso_record.external_id = external_id sso_record.save! else sso_record = user.create_single_sign_on_record(last_payload: unsigned_payload, external_id: external_id) end end end if sso_record && (user = sso_record.user) && !user.active user.active = true user.save user.enqueue_welcome_message('welcome_user') end sso_record && sso_record.user end end