Skip to content
Snippets Groups Projects
Unverified Commit 04d85c79 authored by Andrej Shadura's avatar Andrej Shadura
Browse files

Only store the 'info' part of the auth hash in the session


The auth hash can be quite large, and with session storage in cookies,
the cookie can easily reach the 4 KB limit. Work around this issue
by only storing the part of the hash we currently use.

Signed-off-by: Andrej Shadura's avatarAndrej Shadura <andrew.shadura@collabora.co.uk>
parent 1683e170
No related branches found
No related tags found
1 merge request!14SSO implementation
Pipeline #39550 passed
......@@ -46,10 +46,11 @@ class Webui::SessionController < Webui::WebuiController
def sso_callback
@auth_hash = request.env['omniauth.auth']
user = User.find_with_omniauth(@auth_hash)
user = User.find_with_omniauth(@auth_hash['info'])
unless user
session[:auth] = @auth_hash
session[:auth] = @auth_hash['info']
session[:auth]['provider'] = @auth_hash['provider']
redirect_to(sso_confirm_path)
return
end
......@@ -69,19 +70,19 @@ class Webui::SessionController < Webui::WebuiController
def sso_confirm
switch_to_webui2
auth_hash = session[:auth]
auth_info = session[:auth]
if !auth_hash
if !auth_info
redirect_to sso_path
return
end
# Try to derive a username from the information available,
# falling back to full name if nothing else works
@derived_username = auth_hash['info']['username'] ||
auth_hash['info']['nickname'] ||
auth_hash['info']['email'] ||
auth_hash['info']['name']
@derived_username = auth_info['username'] ||
auth_info['nickname'] ||
auth_info['email'] ||
auth_info['name']
# Some providers set username or nickname to an email address
# Derive the username from the local part of the email address,
......@@ -93,9 +94,9 @@ class Webui::SessionController < Webui::WebuiController
def do_sso_confirm
required_parameters :login
auth_hash = session[:auth]
auth_info = session[:auth]
if !auth_hash
if !auth_info
redirect_to sso_path
return
end
......@@ -108,7 +109,7 @@ class Webui::SessionController < Webui::WebuiController
end
begin
user = User.create_with_omniauth(auth_hash, params[:login])
user = User.create_with_omniauth(auth_info, params[:login])
rescue ActiveRecord::ActiveRecordError
flash[:error] = "Invalid username, please try a different one"
redirect_to sso_confirm_path
......
......@@ -226,7 +226,7 @@ class User < ApplicationRecord
def self.find_with_omniauth(auth)
if auth
email = auth['info']['email']
email = auth['email']
user = find_by_email(email)
if user
user.mark_login!
......@@ -238,14 +238,14 @@ class User < ApplicationRecord
def self.create_with_omniauth(auth, login)
provider = CONFIG['sso_auth'][auth['provider']]['description']
email = auth['info']['email']
email = auth['email']
logger.debug("Creating OmniAuth user for #{provider}")
logger.debug("Email: #{email}")
logger.debug("Name : #{auth['info']['name']}")
logger.debug("Name : #{auth['name']}")
user = create_external_user(login: login,
email: email,
realname: auth['info']['name'],
realname: auth['name'],
deprecated_password_hash_type: 'invalid',
adminnote: "User created via #{provider}")
user.mark_login!
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment