class OmniAuth::Strategies::Discourse::SSO

Attributes

message[RW]
nonce[RW]
status[RW]
user_info[RW]

Public Class Methods

new(sso_secret, sso_url, return_url, nonce = nil) click to toggle source
# File lib/omniauth/strategies/discourse/sso.rb, line 9
def initialize(sso_secret, sso_url, return_url, nonce = nil)
  @sso_secret, @sso_url, @return_url = sso_secret, sso_url, return_url
  @nonce = nonce ? nonce : generate_nonce!
end

Public Instance Methods

generate_nonce!() click to toggle source
# File lib/omniauth/strategies/discourse/sso.rb, line 14
def generate_nonce!
  SecureRandom.hex()
end
parse(params) click to toggle source
# File lib/omniauth/strategies/discourse/sso.rb, line 22
def parse(params)
  #params should be something that looks like: {"sso": "xxxxxx", "sig": "yyyyyy"}
  if get_hmac_hex_string(params["sso"]) == params["sig"] 
    if base64? params["sso"]
      decoded_hash = Rack::Utils.parse_query(Base64.decode64(params["sso"]))
      decoded_hash.symbolize_keys!
      if decoded_hash[:nonce] == @nonce   
        @status = "success"
        decoded_hash.delete(:nonce)
        @user_info = decoded_hash
        @message = "SSO verification passed."
        return self
      else
        @status = "error"
        @user_info = nil
        @message = "SSO verification failed. Nonce mismatch."
        return nil
      end  
    else
      @status = "error"
      @user_info = nil
      @message = "The sso string is supposed to be encoded in Base64."
      return nil       
    end
  else
    @status = "error"
    @user_info = nil
    @message = "HMAC mismatch. The message may have been tampered with."
    return nil          
  end
end
request_url() click to toggle source
# File lib/omniauth/strategies/discourse/sso.rb, line 18
def request_url
  "#{ @sso_url }?sso=#{ url_encoded_payload }&sig=#{ hex_signature }"
end

Private Instance Methods

base64?(data) click to toggle source
# File lib/omniauth/strategies/discourse/sso.rb, line 79
def base64? data
  !(data =~ /[^a-zA-Z0-9=\r\n\/+]/m)
end
base64_encoded_payload() click to toggle source
# File lib/omniauth/strategies/discourse/sso.rb, line 63
def base64_encoded_payload
  Base64.encode64(raw_payload)
end
get_hmac_hex_string(payload) click to toggle source
# File lib/omniauth/strategies/discourse/sso.rb, line 75
def get_hmac_hex_string payload
  OpenSSL::HMAC.hexdigest("sha256", @sso_secret, payload)
end
hex_signature() click to toggle source
# File lib/omniauth/strategies/discourse/sso.rb, line 71
def hex_signature
  get_hmac_hex_string base64_encoded_payload
end
raw_payload() click to toggle source
# File lib/omniauth/strategies/discourse/sso.rb, line 55
def raw_payload
  unless @nonce
    raise "You must generate a nonce by calling generate_nonce! first."
  else
    "nonce=#{ @nonce }&return_sso_url=#{ @return_url }"
  end
end
url_encoded_payload() click to toggle source
# File lib/omniauth/strategies/discourse/sso.rb, line 67
def url_encoded_payload
  URI.escape(base64_encoded_payload)
end