arona/PyRIGS
1
0
Fork 0
mirror of https://github.com/nottinghamtec/PyRIGS.git synced 2026-01-21 15:32:14 +00:00
Code Issues Projects Releases Wiki Activity

Fixed penguins of death due to infinite loop of SSO login redirects

Browse Source
This commit is contained in:
David Taylor
2016-11-02 23:50:49 +00:00
parent 01f754ad53
commit 0ad3aa7d3f
3 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
RIGS/discourse/discourse.py
View File

@@ -73,8 +73,11 @@ class DiscourseAuth(BaseAuth):
def auth_complete(self, *args, **kwargs):
"""Completes login process, must return user instance."""
if not self.sso.validate(self.data['sso'], self.data['sig']):
raise Exception("Someone wants to hack us!")
try:
if not self.sso.validate(self.data['sso'], self.data['sig']):
raise Exception("Someone wants to hack us!")
except KeyError:
raise Exception("SSO Error, please try again")
nonce = self.sso.get_nonce(self.data['sso'])
nonce_obj = self.get_nonce(nonce)

2
RIGS/discourse/sso.py
View File

@@ -15,7 +15,7 @@ class DiscourseSSO:
payload.encode(),
sha256
).hexdigest()
print(type(computed_sig), type(sig))
return hmac.compare_digest(unicode(computed_sig), sig)
def get_nonce(self, payload):