From c8493bbed456dc601dc83afada6a85ff14a61bf4 Mon Sep 17 00:00:00 2001
From: Bruno Perles <bruno@atnos.com>
Date: Tue, 14 Nov 2023 12:51:57 +0000
Subject: [PATCH] Add missing allow host and unlock_access

---
 app/controllers/saml_controller.rb | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/app/controllers/saml_controller.rb b/app/controllers/saml_controller.rb
index 2437706a..6ac3074a 100644
--- a/app/controllers/saml_controller.rb
+++ b/app/controllers/saml_controller.rb
@@ -8,7 +8,7 @@ def metadata
 
   def sso
     request = OneLogin::RubySaml::Authrequest.new
-    redirect_to(request.create(settings))
+    redirect_to(request.create(settings), allow_other_host: true)
   end
 
   def consume
@@ -23,6 +23,7 @@ def consume
         user = User.create!(email:, password:, password_confirmation: password)
         user.is_user = true
         user.save
+        user.unlock_access!
       end
       sign_in(:user, user)
 
@@ -34,7 +35,7 @@ def consume
       )
 
       # redirect_to  frontrnd
-      redirect_to "#{ENV['SSO_FRONTEND_REDIRECTION']}/#/?sso_token=#{access_token.token}"
+      redirect_to "#{ENV['SSO_FRONTEND_REDIRECTION']}/#/?sso_token=#{access_token.token}", allow_other_host: true
     else
       logger.info "Response Invalid. Errors: #{response.errors}"
       @errors = response.errors
@@ -50,7 +51,7 @@ def logout
 
     settings.name_identifier_value = session[:nameid] if settings.name_identifier_value.nil?
 
-    redirect_to(logout_request.create(settings))
+    redirect_to(logout_request.create(settings), allow_other_host: true)
   end
 
   # Handle the SLO response from the IdP
@@ -73,7 +74,7 @@ def slo
       session[:nameid] = nil
       session[:transaction_id] = nil
 
-      redirect_to ENV['SSO_FRONTEND_REDIRECTION']
+      redirect_to ENV['SSO_FRONTEND_REDIRECTION'], allow_other_host: true
     end
   end