Merge pull request #311 from ppworks/master

Improve external provider callbak_url
NoamB · Jun 20, 2012 · 82a33bc · 82a33bc
2 parents 2417e6f + 5c7c77f
commit 82a33bc
Show file tree

Hide file tree

Showing 3 changed files with 53 additions and 11 deletions.
diff --git a/lib/sorcery/controller/submodules/external.rb b/lib/sorcery/controller/submodules/external.rb
@@ -33,6 +33,14 @@ module InstanceMethods
           # after authentication the user is redirected to the callback defined in the provider config
           def login_at(provider, args = {})
             @provider = Config.send(provider)
+            if @provider.callback_url.present? && @provider.callback_url[0] == '/'
+              uri = URI.parse(request.url.gsub(/\?.*$/,''))
+              uri.path = ''
+              uri.query = nil
+              uri.scheme = 'https' if(request.env['HTTP_X_FORWARDED_PROTO'] == 'https')
+              host = uri.to_s
+              @provider.callback_url = "#{host}#{@provider.callback_url}"
+            end
             if @provider.has_callback?
               redirect_to @provider.login_url(params,session)
             else
@@ -68,7 +76,7 @@ def add_provider_to_user(provider)
             user_hash = provider.get_user_hash
             config = user_class.sorcery_config
 
-            user = current_user.send(config.authentications_class.to_s.downcase.pluralize).build(config.provider_uid_attribute_name => user_hash[:uid], config.provider_attribute_name => provider)
+            user = current_user.send(config.authentications_class.to_s.downcase.pluralize).build(config.provider_uid_attribute_name => user_hash[:uid], config.provider_attribute_name => provider_name)
             user.save(:validate => false)
 
             return user

diff --git a/spec/rails3/spec/controller_oauth2_spec.rb b/spec/rails3/spec/controller_oauth2_spec.rb
@@ -64,13 +64,30 @@ def set_external_property
       Authentication.delete_all
     end
 
-    it "login_at redirects correctly" do
+    context "when callback_url begin with /" do 
-      create_new_user
+      before do
-      get :login_at_test2
+        sorcery_controller_external_property_set(:facebook, :callback_url, "/oauth/twitter/callback")
-      response.should be_a_redirect
+      end
-      response.should redirect_to("https://graph.facebook.com/oauth/authorize?response_type=code&client_id=#{::Sorcery::Controller::Config.facebook.key}&redirect_uri=http%3A%2F%2Fblabla.com&scope=email%2Coffline_access&display=page")
+      it "login_at redirects correctly" do
+        create_new_user
+        get :login_at_test2
+        response.should be_a_redirect
+        response.should redirect_to("https://graph.facebook.com/oauth/authorize?response_type=code&client_id=#{::Sorcery::Controller::Config.facebook.key}&redirect_uri=http%3A%2F%2Ftest.host%2Foauth%2Ftwitter%2Fcallback&scope=email%2Coffline_access&display=page")
+      end
+      after do
+        sorcery_controller_external_property_set(:facebook, :callback_url, "http://blabla.com")
+      end
     end
 
+    context "when callback_url begin with http://" do 
+      it "login_at redirects correctly" do
+        create_new_user
+        get :login_at_test2
+        response.should be_a_redirect
+        response.should redirect_to("https://graph.facebook.com/oauth/authorize?response_type=code&client_id=#{::Sorcery::Controller::Config.facebook.key}&redirect_uri=http%3A%2F%2Fblabla.com&scope=email%2Coffline_access&display=page")
+      end
+    end
+
     it "'login_from' logins if user exists" do
       sorcery_model_property_set(:authentications_class, Authentication)
       create_new_external_user(:facebook)

diff --git a/spec/rails3/spec/controller_oauth_spec.rb b/spec/rails3/spec/controller_oauth_spec.rb
@@ -43,11 +43,28 @@ def stub_all_oauth_requests!
       Authentication.delete_all
     end
 
-    it "login_at redirects correctly" do
+    context "when callback_url begin with /" do 
-      create_new_user
+      before do
-      get :login_at_test
+        sorcery_controller_external_property_set(:twitter, :callback_url, "/oauth/twitter/callback")
-      response.should be_a_redirect
+      end
-      response.should redirect_to("http://myapi.com/oauth/authorize?oauth_callback=http%3A%2F%2Fblabla.com&oauth_token=")
+      it "login_at redirects correctly" do
+        create_new_user
+        get :login_at_test
+        response.should be_a_redirect
+        response.should redirect_to("http://myapi.com/oauth/authorize?oauth_callback=http%3A%2F%2Ftest.host%2Foauth%2Ftwitter%2Fcallback&oauth_token=")
+      end
+      after do
+        sorcery_controller_external_property_set(:twitter, :callback_url, "http://blabla.com")
+      end
+    end
+
+    context "when callback_url begin with http://" do 
+      it "login_at redirects correctly" do
+        create_new_user
+        get :login_at_test
+        response.should be_a_redirect
+        response.should redirect_to("http://myapi.com/oauth/authorize?oauth_callback=http%3A%2F%2Fblabla.com&oauth_token=")
+      end
     end
 
     it "logins if user exists" do