Basic SSO login using rubybench discourse forums (#264)

* Basic SSO login using rubybench discourse forums

* Fix rubocop

Author: OsamaSayegh

Gemfile

@@ -22,6 +22,7 @@ gem 'msgpack'
 gem 'octokit'
 gem 'bootstrap_sb_admin_base_v2'
 gem 'activerecord-import'
+gem 'discourse_api'
 
 group :development do
   gem 'spring'

Gemfile.lock

@@ -91,6 +91,10 @@ GEM
     crass (1.0.3)
     database_cleaner (1.5.3)
     debug_inspector (0.0.2)
+    discourse_api (0.35.0)
+      faraday (~> 0.9)
+      faraday_middleware (~> 0.10)
+      rack (>= 1.6)
     erubis (2.7.0)
     execjs (2.7.0)
     factory_girl (4.7.0)
@@ -100,6 +104,8 @@ GEM
       railties (>= 3.0.0)
     faraday (0.12.1)
       multipart-post (>= 1.2, < 3)
+    faraday_middleware (0.13.1)
+      faraday (>= 0.7.4, < 1.0)
     ffi (1.9.14)
     font-awesome-rails (4.7.0.2)
       railties (>= 3.2, < 5.2)
@@ -124,7 +130,7 @@ GEM
     kgio (2.10.0)
     launchy (2.4.3)
       addressable (~> 2.3)
-    logster (1.2.6)
+    logster (2.3.0)
     loofah (2.2.2)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
@@ -320,6 +326,7 @@ DEPENDENCIES
   capybara-screenshot
   coffee-rails
   database_cleaner
+  discourse_api
   factory_girl_rails
   haml
   highstock-rails

app/assets/stylesheets/modules/_navbar.scss

@@ -9,17 +9,25 @@
   width: 160px;
 }
 
-.navbar-header {
-  margin: 10px 0;
-}
-
 .navbar-nav {
   .current {
     border-top: 4px solid $brand-primary;
     padding-top: 11px;
   }
 }
 
+.navbar {
+  .current-user {
+    float: right;
+    margin-right: 15px;
+  }
+  .container {
+    .navbar-header {
+      margin: 10px 0;
+    }
+  }
+}
+
 .navbar-toggle:hover .icon-bar {
   background-color: #fff;
 }

app/controllers/application_controller.rb

@@ -1,4 +1,6 @@
 class ApplicationController < ActionController::Base
+  include ApplicationHelper
+
   # Prevent CSRF attacks by raising an exception.
   # For APIs, you may want to use :null_session instead.
   protect_from_forgery with: :exception

app/controllers/session_controller.rb

@@ -0,0 +1,26 @@
+class SessionController < ApplicationController
+  def sso
+    sso = DiscourseApi::SingleSignOn.parse(request.query_string, Rails.application.secrets.sso_secret)
+    return_url = $redis.get(sso.nonce)
+    if return_url.present?
+      session[:user] = {
+        username: sso.username,
+        email: sso.email,
+        external_id: sso.external_id
+      }
+      redirect_to return_url
+    else
+      render plain: "Couldn't authenticate via SSO.", status: 422
+    end
+  end
+
+  def login
+    sso = DiscourseApi::SingleSignOn.new
+    sso.sso_secret = Rails.application.secrets.sso_secret
+    sso.return_sso_url = "#{request.base_url}/sso"
+    sso.nonce = SecureRandom.hex
+    sso.sso_url = "#{AppSettings.forum_url}/session/sso_provider"
+    $redis.setex(sso.nonce, 10.minutes.to_i, '/')
+    redirect_to sso.to_url
+  end
+end

app/helpers/application_helper.rb

@@ -1,2 +1,9 @@
 module ApplicationHelper
+  def current_user
+    return @current_user if @current_user
+    user = session[:user] || {}
+    if user[:external_id].present? || user['external_id'].present?
+      @current_user = OpenStruct.new(user)
+    end
+  end
 end

app/views/layouts/_top_nav.html.haml

@@ -20,3 +20,6 @@
           = link_to t('top_nav.sponsors'), sponsors_path
         %li
           = link_to t('top_nav.discuss'), AppSettings.forum_url, target: '_blank'
+    - if current_user
+      .current-user
+        = current_user.username

config/routes.rb

@@ -21,6 +21,9 @@
   get ':organization_name/:repo_name/commits' => 'repos#commits', as: :commits
   get ':organization_name/:repo_name/releases' => 'repos#releases', as: :releases
 
+  get 'login' => 'session#login'
+  get 'sso' => 'session#sso'
+
   namespace :admin do
     resources :groups, except: [:show]
 

config/secrets.yml

@@ -23,13 +23,15 @@ development:
   admin_password: '12345'
   github_api_token: <%= ENV["GITHUB_API_TOKEN"] %>
   secret_key_base: 836fa3665997a860728bcb9e9a1e704d427cfc920e79d847d79c8a9a907b9e965defa4154b2b86bdec6930adbe33f21364523a6f6ce363865724549fdfc08553
+  sso_secret: '0123456789abc'
 
 test:
   <<: *shared
   api_name: 'test'
   api_password: '12345'
   github_api_token: <%= ENV["GITHUB_API_TOKEN"] %>
   secret_key_base: 5a37811464e7d378488b0f073e2193b093682e4e21f5d6f3ae0a4e1781e61a351fdc878a843424e81c73fb484a40d23f92c8dafac4870e74ede6e5e174423010
+  sso_secret: '0123456789abc'
 
 # Do not keep production secrets in the repository,
 # instead read values from the environment.
@@ -41,3 +43,4 @@ production:
   ga: <%= ENV["GA"] %>
   admin_password: <%= ENV["ADMIN_PASSWORD"] %>
   github_api_token: <%= ENV["GITHUB_API_TOKEN"] %>
+  sso_secret: <%= ENV["RUBYBENCH_SSO_SECRET"] %>

config/settings.yml

@@ -5,7 +5,8 @@ test:
   <<: *shared
 
 development:
-  <<: *shared
+  # change to match your local discourse instance
+  forum_url: 'http://l.discourse'
 
 production:
   <<: *shared