class SSODiscourse(auth.CacheMixin, base.BaseHandler):
- def _get_discourse_params(self):
+ @base.ratelimit(minutes=24*60, requests=100)
+ @tornado.web.authenticated
+ def get(self):
# Fetch Discourse's parameters
sso = self.get_argument("sso")
sig = self.get_argument("sig")
# Decode payload
try:
- return self.accounts.decode_discourse_payload(sso, sig)
+ params = self.accounts.decode_discourse_payload(sso, sig)
# Raise bad request if the signature is invalid
except ValueError:
raise tornado.web.HTTPError(400)
- def _redirect_user_to_discourse(self, account, nonce, return_sso_url):
- """
- Redirects the user back to Discourse passing some
- attributes of the user account to Discourse
- """
+ # Redirect back if user is already logged in
args = {
- "nonce" : nonce,
- "external_id" : account.uid,
+ "nonce" : params.get("nonce"),
+ "external_id" : self.current_user.uid,
# Pass email address
- "email" : account.email,
+ "email" : self.current_user.email,
"require_activation" : "false",
# More details about the user
- "username" : account.uid,
- "name" : "%s" % account,
- "bio" : account.description or "",
+ "username" : self.current_user.uid,
+ "name" : "%s" % self.current_user,
+ "bio" : self.current_user.description or "",
# Avatar
- "avatar_url" : account.avatar_url(),
+ "avatar_url" : self.current_user.avatar_url(),
"avatar_force_update" : "true",
# Send a welcome message
"suppress_welcome_message" : "false",
# Group memberships
- "admin" : "true" if account.is_admin() else "false",
- "moderator" : "true" if account.is_moderator() else "false",
+ "admin" : "true" if self.current_user.is_admin() else "false",
+ "moderator" : "true" if self.current_user.is_moderator() else "false",
}
# Format payload and sign it
})
# Redirect user
- self.redirect("%s?%s" % (return_sso_url, qs))
-
- @base.ratelimit(minutes=24*60, requests=100)
- def get(self):
- params = self._get_discourse_params()
-
- # Redirect back if user is already logged in
- if self.current_user:
- return self._redirect_user_to_discourse(self.current_user, **params)
-
- # Otherwise the user needs to authenticate
- self.render("auth/login.html", next=None)
-
- @base.ratelimit(minutes=24*60, requests=100)
- def post(self):
- params = self._get_discourse_params()
-
- # Get credentials
- username = self.get_argument("username")
- password = self.get_argument("password")
-
- # Check credentials
- account = self.accounts.auth(username, password)
- if not account:
- raise tornado.web.HTTPError(401, "Unknown user or invalid password: %s" % username)
-
- # If the user has been authenticated, we will redirect to Discourse
- self._redirect_user_to_discourse(account, **params)
+ self.redirect("%s?%s" % (params.get("return_sso_url"), qs))
class NewAccountsModule(ui_modules.UIModule):