class Discourse::SsoController < ApplicationController
  before_action :authenticate_user!

  def connect
    secret = Setting.discourse_connect_secret
    sso = DiscourseApi::SingleSignOn.parse(request.query_string, secret)
    sso.external_id = current_user.id
    sso.email = current_user.email
    sso.username = current_user.cn
    sso.name = current_user.display_name
    if current_user.avatar.attached?
      sso.avatar_url = helpers.image_url_for(current_user.avatar)
    end
    sso.admin = current_user.is_admin?
    sso.sso_secret = secret

    redirect_to sso.to_url("#{Setting.discourse_public_url}/session/sso_login"),
                allow_other_host: true
  end
end