2022-11-11 04:50:17 -06:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
describe "Facebook OAuth2" do
|
|
|
|
let(:access_token) { "facebook_access_token_448" }
|
|
|
|
let(:app_id) { "432489234823984" }
|
|
|
|
let(:app_secret) { "adddcccdddd99922" }
|
|
|
|
let(:temp_code) { "facebook_temp_code_544254" }
|
|
|
|
let(:appsecret_proof) do
|
2023-12-06 16:25:00 -06:00
|
|
|
OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new("SHA256"), app_secret, access_token)
|
2023-01-09 05:18:21 -06:00
|
|
|
end
|
2022-11-11 04:50:17 -06:00
|
|
|
|
|
|
|
fab!(:user1) { Fabricate(:user) }
|
|
|
|
|
|
|
|
def setup_facebook_email_stub(email:)
|
|
|
|
body = {
|
|
|
|
id: "4923489839597234",
|
|
|
|
name: "Robot Lizard",
|
|
|
|
first_name: "Robot",
|
|
|
|
last_name: "Lizard",
|
|
|
|
}
|
|
|
|
body[:email] = email if email
|
|
|
|
|
|
|
|
stub_request(
|
|
|
|
:get,
|
|
|
|
"https://graph.facebook.com/v5.0/me?appsecret_proof=#{appsecret_proof}&fields=name,first_name,last_name,email",
|
|
|
|
).with(headers: { "Authorization" => "OAuth #{access_token}" }).to_return(
|
|
|
|
status: 200,
|
|
|
|
body: JSON.dump(body),
|
|
|
|
headers: {
|
|
|
|
"Content-Type" => "application/json",
|
|
|
|
},
|
|
|
|
)
|
|
|
|
end
|
|
|
|
|
|
|
|
before do
|
|
|
|
SiteSetting.enable_facebook_logins = true
|
|
|
|
SiteSetting.facebook_app_id = app_id
|
|
|
|
SiteSetting.facebook_app_secret = app_secret
|
|
|
|
|
|
|
|
stub_request(:post, "https://graph.facebook.com/v5.0/oauth/access_token").with(
|
|
|
|
body:
|
|
|
|
hash_including(
|
|
|
|
"client_id" => app_id,
|
|
|
|
"client_secret" => app_secret,
|
|
|
|
"code" => temp_code,
|
|
|
|
"grant_type" => "authorization_code",
|
|
|
|
"redirect_uri" => "http://test.localhost/auth/facebook/callback",
|
|
|
|
),
|
|
|
|
).to_return(
|
|
|
|
status: 200,
|
2023-01-09 05:18:21 -06:00
|
|
|
body:
|
2022-11-11 04:50:17 -06:00
|
|
|
Rack::Utils.build_query(access_token: access_token, scope: "email", token_type: "Bearer"),
|
|
|
|
headers: {
|
|
|
|
"Content-Type" => "application/x-www-form-urlencoded",
|
|
|
|
},
|
|
|
|
)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "signs in the user if the API response from facebook includes an email (implies it's verified) and the email matches an existing user's" do
|
|
|
|
post "/auth/facebook"
|
|
|
|
expect(response.status).to eq(302)
|
|
|
|
expect(response.location).to start_with("https://www.facebook.com/v5.0/dialog/oauth")
|
|
|
|
|
|
|
|
setup_facebook_email_stub(email: user1.email)
|
|
|
|
|
|
|
|
post "/auth/facebook/callback", params: { state: session["omniauth.state"], code: temp_code }
|
|
|
|
|
|
|
|
expect(response.status).to eq(302)
|
|
|
|
expect(response.location).to eq("http://test.localhost/")
|
|
|
|
expect(session[:current_user_id]).to eq(user1.id)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "doesn't sign in anyone if the API response from facebook doesn't include an email (implying the user's email on facebook isn't verified)" do
|
|
|
|
post "/auth/facebook"
|
|
|
|
expect(response.status).to eq(302)
|
|
|
|
expect(response.location).to start_with("https://www.facebook.com/v5.0/dialog/oauth")
|
|
|
|
|
|
|
|
setup_facebook_email_stub(email: nil)
|
|
|
|
|
|
|
|
post "/auth/facebook/callback", params: { state: session["omniauth.state"], code: temp_code }
|
|
|
|
|
|
|
|
expect(response.status).to eq(302)
|
|
|
|
expect(response.location).to eq("http://test.localhost/")
|
|
|
|
expect(session[:current_user_id]).to be_blank
|
|
|
|
end
|
|
|
|
end
|