From 030f4f63eda5dec4f7c2bfab74b486ceb17a021c Mon Sep 17 00:00:00 2001
From: Maikel Linke <mkllnk@web.de>
Date: Thu, 7 Jan 2016 12:23:39 +1100
Subject: [PATCH] SingleSignOn controller with routes and config

---
 app/controllers/discourse_sso_controller.rb | 38 +++++++++++++++++++++
 config/application.yml.example              |  4 +++
 config/routes.rb                            |  2 ++
 lib/discourse/single_sign_on.rb             |  2 +-
 4 files changed, 45 insertions(+), 1 deletion(-)
 create mode 100644 app/controllers/discourse_sso_controller.rb

diff --git a/app/controllers/discourse_sso_controller.rb b/app/controllers/discourse_sso_controller.rb
new file mode 100644
index 0000000000..1aa18969e7
--- /dev/null
+++ b/app/controllers/discourse_sso_controller.rb
@@ -0,0 +1,38 @@
+require 'discourse/single_sign_on'
+
+class DiscourseSsoController < ApplicationController
+  include SharedHelper
+
+  def sso
+    if spree_current_user
+      begin
+        redirect_to sso_url
+      rescue TypeError
+        render text: "Bad SingleSignOn request.", status: :bad_request
+      end
+    else
+      redirect_to login_path
+    end
+  end
+
+  def sso_url
+    secret = ENV['DISCOURSE_SSO_SECRET'] or raise 'Missing SSO secret'
+    discourse_url = ENV['DISCOURSE_SSO_URL'] or raise 'Missing Discourse SSO login URL.'
+    sso = Discourse::SingleSignOn.parse(request.query_string, secret)
+    sso.email = spree_current_user.email
+    sso.username = spree_current_user.login
+    sso.external_id = spree_current_user.id
+    sso.sso_secret = secret
+    sso.admin = admin_user?
+    sso.require_activation = require_activation?
+    sso.to_url(discourse_url)
+  end
+
+  def require_activation?
+    !admin_user? && !email_validated?
+  end
+
+  def email_validated?
+    spree_current_user.confirmed.map(&:email).include?(spree_current_user.email)
+  end
+end
diff --git a/config/application.yml.example b/config/application.yml.example
index 45fface302..b76e8d2936 100644
--- a/config/application.yml.example
+++ b/config/application.yml.example
@@ -13,3 +13,7 @@ LOCALE: en
 CHECKOUT_ZONE: Australia
 # Find currency codes at http://en.wikipedia.org/wiki/ISO_4217.
 CURRENCY: AUD
+
+# SingleSignOn login for Discourse
+#DISCOURSE_SSO_SECRET: ""
+#DISCOURSE_SSO_URL: "https://community.openfoodnetwork.org/session/sso_login"
diff --git a/config/routes.rb b/config/routes.rb
index c8771560e9..229357276f 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -11,6 +11,8 @@ Openfoodnetwork::Application.routes.draw do
   get "/#/login", to: "home#index", as: :spree_login
   get "/login", to: redirect("/#/login")
 
+  get "/sso", to: "discourse_sso#sso"
+
   get "/map", to: "map#index", as: :map
 
   get "/register", to: "registration#index", as: :registration
diff --git a/lib/discourse/single_sign_on.rb b/lib/discourse/single_sign_on.rb
index 2dc323c7f5..046a2d677c 100644
--- a/lib/discourse/single_sign_on.rb
+++ b/lib/discourse/single_sign_on.rb
@@ -1,6 +1,6 @@
 # This class is the reference implementation of a SSO provider from Discourse.
 
-module OpenFoodNetwork
+module Discourse
   class SingleSignOn
     ACCESSORS = [:nonce, :name, :username, :email, :avatar_url, :avatar_force_update, :require_activation,
                  :about_me, :external_id, :return_sso_url, :admin, :moderator, :suppress_welcome_message]