foodcoops / foodsoft / 8174402471

coverage: 65.983% (+0.05%) from 65.934%
8174402471

push

github

web-flow 
fix: allow_other_host for discourse plugin redirects (#1043)

0 of 1 new or added line in 1 file covered. (0.0%)

4085 of 6191 relevant lines covered (65.98%)

65.42 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

41.18
/plugins/discourse/app/controllers/discourse_controller.rb
1 
class DiscourseController < ApplicationController
1
2 
  before_action -> { require_plugin_enabled FoodsoftDiscourse }
1
3 









4



  protected




1





5












6



  def valid_signature?




1





7



    return false if params[:sso].blank? || params[:sig].blank?




×







8












9



    get_hmac_hex_string(params[:sso]) == params[:sig]




×







10



  end










11












12



  def redirect_to_with_payload(url, payload)




1





13



    base64_payload = Base64.strict_encode64 payload.to_query




×







14



    sso = CGI.escape base64_payload




×







15



    sig = get_hmac_hex_string base64_payload




×








NEW


16



    redirect_to "#{url}#{url.include?('?') ? '&' : '?'}sso=#{sso}&sig=#{sig}", allow_other_host: true




×







17



  end










18












19



  def parse_payload




1





20



    payload = Rack::Utils.parse_query Base64.decode64(params[:sso])




×







21



    payload.symbolize_keys!




×







22



  end










23












24



  def get_hmac_hex_string(payload)




1





25



    discourse_sso_secret = FoodsoftConfig[:discourse_sso_secret]




×







26



    OpenSSL::HMAC.hexdigest 'sha256', discourse_sso_secret, payload




×







27



  end










28



end
























    

  • 

    •