class OmniAuth::Strategies::Discourse::SSO
Attributes
message[RW]
nonce[RW]
status[RW]
user_info[RW]
Public Class Methods
new(sso_secret, sso_url, return_url, nonce = nil)
click to toggle source
# File lib/omniauth/strategies/discourse/sso.rb, line 9 def initialize(sso_secret, sso_url, return_url, nonce = nil) @sso_secret, @sso_url, @return_url = sso_secret, sso_url, return_url @nonce = nonce ? nonce : generate_nonce! end
Public Instance Methods
generate_nonce!()
click to toggle source
# File lib/omniauth/strategies/discourse/sso.rb, line 14 def generate_nonce! SecureRandom.hex() end
parse(params)
click to toggle source
# File lib/omniauth/strategies/discourse/sso.rb, line 22 def parse(params) #params should be something that looks like: {"sso": "xxxxxx", "sig": "yyyyyy"} if get_hmac_hex_string(params["sso"]) == params["sig"] if base64? params["sso"] decoded_hash = Rack::Utils.parse_query(Base64.decode64(params["sso"])) decoded_hash.symbolize_keys! if decoded_hash[:nonce] == @nonce @status = "success" decoded_hash.delete(:nonce) @user_info = decoded_hash @message = "SSO verification passed." return self else @status = "error" @user_info = nil @message = "SSO verification failed. Nonce mismatch." return nil end else @status = "error" @user_info = nil @message = "The sso string is supposed to be encoded in Base64." return nil end else @status = "error" @user_info = nil @message = "HMAC mismatch. The message may have been tampered with." return nil end end
request_url()
click to toggle source
# File lib/omniauth/strategies/discourse/sso.rb, line 18 def request_url "#{ @sso_url }?sso=#{ url_encoded_payload }&sig=#{ hex_signature }" end
Private Instance Methods
base64?(data)
click to toggle source
# File lib/omniauth/strategies/discourse/sso.rb, line 79 def base64? data !(data =~ /[^a-zA-Z0-9=\r\n\/+]/m) end
base64_encoded_payload()
click to toggle source
# File lib/omniauth/strategies/discourse/sso.rb, line 63 def base64_encoded_payload Base64.encode64(raw_payload) end
get_hmac_hex_string(payload)
click to toggle source
# File lib/omniauth/strategies/discourse/sso.rb, line 75 def get_hmac_hex_string payload OpenSSL::HMAC.hexdigest("sha256", @sso_secret, payload) end
hex_signature()
click to toggle source
# File lib/omniauth/strategies/discourse/sso.rb, line 71 def hex_signature get_hmac_hex_string base64_encoded_payload end
raw_payload()
click to toggle source
# File lib/omniauth/strategies/discourse/sso.rb, line 55 def raw_payload unless @nonce raise "You must generate a nonce by calling generate_nonce! first." else "nonce=#{ @nonce }&return_sso_url=#{ @return_url }" end end
url_encoded_payload()
click to toggle source
# File lib/omniauth/strategies/discourse/sso.rb, line 67 def url_encoded_payload URI.escape(base64_encoded_payload) end