Permalink
Browse files

Add the feature that callback_url could begin with /.

  • Loading branch information...
1 parent a1b365b commit 4606faf8b3dc79f7690f397b39cab8156a1a8511 @ppworks ppworks committed Jun 16, 2012
@@ -33,6 +33,14 @@ module InstanceMethods
# after authentication the user is redirected to the callback defined in the provider config
def login_at(provider, args = {})
@provider = Config.send(provider)
+ if @provider.callback_url.present? && @provider.callback_url[0] == '/'
+ uri = URI.parse(request.url.gsub(/\?.*$/,''))
+ uri.path = ''
+ uri.query = nil
+ uri.scheme = 'https' if(request.env['HTTP_X_FORWARDED_PROTO'] == 'https')
+ host = uri.to_s
+ @provider.callback_url = "#{host}#{@provider.callback_url}"
+ end
if @provider.has_callback?
redirect_to @provider.login_url(params,session)
else
@@ -64,13 +64,30 @@ def set_external_property
Authentication.delete_all
end
- it "login_at redirects correctly" do
- create_new_user
- get :login_at_test2
- response.should be_a_redirect
- response.should redirect_to("https://graph.facebook.com/oauth/authorize?response_type=code&client_id=#{::Sorcery::Controller::Config.facebook.key}&redirect_uri=http%3A%2F%2Fblabla.com&scope=email%2Coffline_access&display=page")
+ context "when callback_url begin with /" do
+ before do
+ sorcery_controller_external_property_set(:facebook, :callback_url, "/oauth/twitter/callback")
+ end
+ it "login_at redirects correctly" do
+ create_new_user
+ get :login_at_test2
+ response.should be_a_redirect
+ response.should redirect_to("https://graph.facebook.com/oauth/authorize?response_type=code&client_id=#{::Sorcery::Controller::Config.facebook.key}&redirect_uri=http%3A%2F%2Ftest.host%2Foauth%2Ftwitter%2Fcallback&scope=email%2Coffline_access&display=page")
+ end
+ after do
+ sorcery_controller_external_property_set(:facebook, :callback_url, "http://blabla.com")
+ end
end
+ context "when callback_url begin with http://" do
+ it "login_at redirects correctly" do
+ create_new_user
+ get :login_at_test2
+ response.should be_a_redirect
+ response.should redirect_to("https://graph.facebook.com/oauth/authorize?response_type=code&client_id=#{::Sorcery::Controller::Config.facebook.key}&redirect_uri=http%3A%2F%2Fblabla.com&scope=email%2Coffline_access&display=page")
+ end
+ end
+
it "'login_from' logins if user exists" do
sorcery_model_property_set(:authentications_class, Authentication)
create_new_external_user(:facebook)
@@ -43,11 +43,28 @@ def stub_all_oauth_requests!
Authentication.delete_all
end
- it "login_at redirects correctly" do
- create_new_user
- get :login_at_test
- response.should be_a_redirect
- response.should redirect_to("http://myapi.com/oauth/authorize?oauth_callback=http%3A%2F%2Fblabla.com&oauth_token=")
+ context "when callback_url begin with /" do
+ before do
+ sorcery_controller_external_property_set(:twitter, :callback_url, "/oauth/twitter/callback")
+ end
+ it "login_at redirects correctly" do
+ create_new_user
+ get :login_at_test
+ response.should be_a_redirect
+ response.should redirect_to("http://myapi.com/oauth/authorize?oauth_callback=http%3A%2F%2Ftest.host%2Foauth%2Ftwitter%2Fcallback&oauth_token=")
+ end
+ after do
+ sorcery_controller_external_property_set(:twitter, :callback_url, "http://blabla.com")
+ end
+ end
+
+ context "when callback_url begin with http://" do
+ it "login_at redirects correctly" do
+ create_new_user
+ get :login_at_test
+ response.should be_a_redirect
+ response.should redirect_to("http://myapi.com/oauth/authorize?oauth_callback=http%3A%2F%2Fblabla.com&oauth_token=")
+ end
end
it "logins if user exists" do

0 comments on commit 4606faf

Please sign in to comment.