SSO keeps redirecting suspended users

Hi,

Once a user suspended, the ideal scenario would be to redirect him to a page like “Your account is currently suspended until …”.

Currently, suspended users cause an infinite loop:

  • Discourse redirects the user to the login page (normal).
  • Then the Login page redirects the user to Discourse and normally he should see an error or our community main page…
  • However if the user is suspended, then Discourse will redirect again the user to the login page.
  • As the user is already logged in, he will be redirected to discourse

And so on… In the end, it goes back and forward from the login server to discourse until the browser decides to raise an exception (Too many redirections…).

Is there a way to work around this issue?

Thank you,
Seb

4 Likes

My guess is that this only happens if your site requires login.

It does sound like a legit bug, workarounds are a bit hard, but perhaps listen on a web hook for suspend and then don’t send them back into Discourse if they are suspended.

3 Likes

Thank you for your answer. Any chance of getting a fix?

It’s fairly easy to fix on the SSO provider end, but if it’s not fixed there the forum will appear to be broken.

For fixing it on Discourse, it’s possible to check if the user is suspended and login is required in the sso_login method. If true, redirect them back to the SSO provider, either to an sso_suspended_url that’s added as a site setting, or to the sso_url with some query parameters that the SSO provider can make use of.

1 Like

Do you think it would be possible to get this fixed?

This should do it:

image

https://github.com/discourse/discourse/commit/4b42a0abc9f0fc106db7c928caca593c6052266f

7 Likes

Thx Sam! It would be perfect!

Regards,
Seb

3 Likes

This topic was automatically closed after 25 hours. New replies are no longer allowed.