Skip to content
Snippets Groups Projects
Unverified Commit 04d85c79 authored by Andrej Shadura's avatar Andrej Shadura
Browse files

Only store the 'info' part of the auth hash in the session


The auth hash can be quite large, and with session storage in cookies,
the cookie can easily reach the 4 KB limit. Work around this issue
by only storing the part of the hash we currently use.

Signed-off-by: Andrej Shadura's avatarAndrej Shadura <andrew.shadura@collabora.co.uk>
parent 1683e170
Branches
No related tags found
1 merge request!14SSO implementation
Pipeline #39550 passed
...@@ -46,10 +46,11 @@ class Webui::SessionController < Webui::WebuiController ...@@ -46,10 +46,11 @@ class Webui::SessionController < Webui::WebuiController
def sso_callback def sso_callback
@auth_hash = request.env['omniauth.auth'] @auth_hash = request.env['omniauth.auth']
user = User.find_with_omniauth(@auth_hash) user = User.find_with_omniauth(@auth_hash['info'])
unless user unless user
session[:auth] = @auth_hash session[:auth] = @auth_hash['info']
session[:auth]['provider'] = @auth_hash['provider']
redirect_to(sso_confirm_path) redirect_to(sso_confirm_path)
return return
end end
...@@ -69,19 +70,19 @@ class Webui::SessionController < Webui::WebuiController ...@@ -69,19 +70,19 @@ class Webui::SessionController < Webui::WebuiController
def sso_confirm def sso_confirm
switch_to_webui2 switch_to_webui2
auth_hash = session[:auth] auth_info = session[:auth]
if !auth_hash if !auth_info
redirect_to sso_path redirect_to sso_path
return return
end end
# Try to derive a username from the information available, # Try to derive a username from the information available,
# falling back to full name if nothing else works # falling back to full name if nothing else works
@derived_username = auth_hash['info']['username'] || @derived_username = auth_info['username'] ||
auth_hash['info']['nickname'] || auth_info['nickname'] ||
auth_hash['info']['email'] || auth_info['email'] ||
auth_hash['info']['name'] auth_info['name']
# Some providers set username or nickname to an email address # Some providers set username or nickname to an email address
# Derive the username from the local part of the email address, # Derive the username from the local part of the email address,
...@@ -93,9 +94,9 @@ class Webui::SessionController < Webui::WebuiController ...@@ -93,9 +94,9 @@ class Webui::SessionController < Webui::WebuiController
def do_sso_confirm def do_sso_confirm
required_parameters :login required_parameters :login
auth_hash = session[:auth] auth_info = session[:auth]
if !auth_hash if !auth_info
redirect_to sso_path redirect_to sso_path
return return
end end
...@@ -108,7 +109,7 @@ class Webui::SessionController < Webui::WebuiController ...@@ -108,7 +109,7 @@ class Webui::SessionController < Webui::WebuiController
end end
begin begin
user = User.create_with_omniauth(auth_hash, params[:login]) user = User.create_with_omniauth(auth_info, params[:login])
rescue ActiveRecord::ActiveRecordError rescue ActiveRecord::ActiveRecordError
flash[:error] = "Invalid username, please try a different one" flash[:error] = "Invalid username, please try a different one"
redirect_to sso_confirm_path redirect_to sso_confirm_path
......
...@@ -226,7 +226,7 @@ class User < ApplicationRecord ...@@ -226,7 +226,7 @@ class User < ApplicationRecord
def self.find_with_omniauth(auth) def self.find_with_omniauth(auth)
if auth if auth
email = auth['info']['email'] email = auth['email']
user = find_by_email(email) user = find_by_email(email)
if user if user
user.mark_login! user.mark_login!
...@@ -238,14 +238,14 @@ class User < ApplicationRecord ...@@ -238,14 +238,14 @@ class User < ApplicationRecord
def self.create_with_omniauth(auth, login) def self.create_with_omniauth(auth, login)
provider = CONFIG['sso_auth'][auth['provider']]['description'] provider = CONFIG['sso_auth'][auth['provider']]['description']
email = auth['info']['email'] email = auth['email']
logger.debug("Creating OmniAuth user for #{provider}") logger.debug("Creating OmniAuth user for #{provider}")
logger.debug("Email: #{email}") logger.debug("Email: #{email}")
logger.debug("Name : #{auth['info']['name']}") logger.debug("Name : #{auth['name']}")
user = create_external_user(login: login, user = create_external_user(login: login,
email: email, email: email,
realname: auth['info']['name'], realname: auth['name'],
deprecated_password_hash_type: 'invalid', deprecated_password_hash_type: 'invalid',
adminnote: "User created via #{provider}") adminnote: "User created via #{provider}")
user.mark_login! user.mark_login!
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment