osr-plastic/osr-discourse-src
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
This repository has been archived on 2023-03-18. You can view files and clone it, but cannot push or open issues or pull requests.
ad2aa7b52c
osr-discourse-src/spec
History
Matt Marjanović ad2aa7b52c
FEATURE: Add logout functionality to SSO Provider protocol (#8816) 
This commit adds support for an optional "logout" parameter in the
payload of the /session/sso_provider endpoint.  If an SSO Consumer
adds a "logout=true" parameter to the encoded/signed "sso" payload,
then Discourse will treat the request as a logout request instead
of an authentication request.  The logout flow works something like
this:

 * User requests logout at SSO-Consumer site (e.g., clicks "Log me out!"
   on web browser).
 * SSO-Consumer site does whatever it does to destroy User's session on
   the SSO-Consumer site.
 * SSO-Consumer then redirects browser to the Discourse sso_provider
   endpoint, with a signed request bearing "logout=true" in addition
   to the usual nonce and the "return_sso_url".
 * Discourse destroys User's discourse session and redirects browser back
   to the "return_sso_url".
 * SSO-Consumer site does whatever it does --- notably, it cannot request
   SSO credentials from Discourse without the User being prompted to login
   again.
2020-02-03 12:53:14 -05:00
..
components FIX: Use updated_at in the S3 inventory job (#8823) 2020-01-31 11:02:44 +01:00
fabricators FIX: Mitigate issue where legacy pre-secure hotlinked media would not be redownloaded (#8802) 2020-01-29 10:11:38 +10:00
fixtures REFACTOR: Restoring of backups and migration of uploads to S3 2020-01-14 11:41:35 +01:00
helpers DEV: Add test for categories_breadcrumb (#8791) 2020-01-28 12:50:27 +02:00
import_export FIX: Import sub-sub-categories (#8810) 2020-01-30 18:46:33 +02:00
integration UX: Include public groups in mentionable groups set (#8516) 2019-12-12 13:13:40 +02:00
integrity DEV: Update markdown-it from 8.4.1 to 10.0.0 (#8164) 2019-10-08 13:00:22 +02:00
jobs FEATURE: Send suspect users to the review queue (#8811) 2020-01-29 15:38:27 -03:00
lib FEATURE: Update upload security status on post move, topic conversion, category change (#8731) 2020-01-23 12:01:10 +10:00
mailers DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
models Remove redundant spec in TopicConverter 2020-02-03 15:08:11 +10:00
multisite FIX: parallel spec system needs a dedicated upload folder for each worker. (#8547) 2019-12-18 11:21:57 +05:30
requests FEATURE: Add logout functionality to SSO Provider protocol (#8816) 2020-02-03 12:53:14 -05:00
serializers FIX: Admin user list not showing 2FA icon for only security keys enabled (#8839) 2020-02-03 14:37:46 +10:00
services FIX: suppress notification flood when post is edited (#8838) 2020-02-03 11:27:18 +11:00
support FIX: Mitigate issue where legacy pre-secure hotlinked media would not be redownloaded (#8802) 2020-01-29 10:11:38 +10:00
tasks DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
views/omniauth_callbacks FEATURE: Use full page redirection for all external auth methods (#8092) 2019-10-08 12:10:43 +01:00
rails_helper.rb SECURITY: 2FA with U2F / TOTP 2020-01-15 11:27:12 +01:00