IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 18:55:32 -06:00
Code Issues Packages Projects Releases Wiki Activity

FIX: Return a 404 if the auth session is not present

Browse Source
This commit is contained in:
Robin Ward 2017-05-04 15:35:03 -04:00
parent c182dcc64c
commit 777f1f0f47
2 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/controllers/users/omniauth_callbacks_controller.rb
View File

@ -31,6 +31,8 @@ class Users::OmniauthCallbacksController < ApplicationController
def complete def complete
auth = request.env["omniauth.auth"] auth = request.env["omniauth.auth"]
raise Discourse::NotFound unless request.env["omniauth.auth"]
auth[:session] = session auth[:session] = session
authenticator = self.class.find_authenticator(params[:provider]) authenticator = self.class.find_authenticator(params[:provider])

7
spec/integration/omniauth_callbacks_spec.rb
View File

@ -16,6 +16,13 @@ RSpec.describe "OmniAuth Callbacks" do
SiteSetting.enable_google_oauth2_logins = true SiteSetting.enable_google_oauth2_logins = true
end end
context "without an `omniauth.auth` env" do
it "should return a 404" do
get "/auth/eviltrout/callback"
expect(response).not_to be_success
end
end
describe 'when user has been verified' do describe 'when user has been verified' do
before do before do
OmniAuth.config.mock_auth[:google_oauth2] = OmniAuth::AuthHash.new( OmniAuth.config.mock_auth[:google_oauth2] = OmniAuth::AuthHash.new(