Improve external provider callbak_url #311

Merged
merged 2 commits into from Jun 20, 2012
@@ -33,6 +33,14 @@ module InstanceMethods
# after authentication the user is redirected to the callback defined in the provider config
def login_at(provider, args = {})
@provider = Config.send(provider)
+ if @provider.callback_url.present? && @provider.callback_url[0] == '/'
+ uri = URI.parse(request.url.gsub(/\?.*$/,''))
+ uri.path = ''
+ uri.query = nil
+ uri.scheme = 'https' if(request.env['HTTP_X_FORWARDED_PROTO'] == 'https')
+ host = uri.to_s
+ @provider.callback_url = "#{host}#{@provider.callback_url}"
+ end
if @provider.has_callback?
redirect_to @provider.login_url(params,session)
else
@@ -68,7 +76,7 @@ def add_provider_to_user(provider)
user_hash = provider.get_user_hash
config = user_class.sorcery_config
- user = current_user.send(config.authentications_class.to_s.downcase.pluralize).build(config.provider_uid_attribute_name => user_hash[:uid], config.provider_attribute_name => provider)
+ user = current_user.send(config.authentications_class.to_s.downcase.pluralize).build(config.provider_uid_attribute_name => user_hash[:uid], config.provider_attribute_name => provider_name)
user.save(:validate => false)
return user
@@ -64,13 +64,30 @@ def set_external_property
Authentication.delete_all
end
- it "login_at redirects correctly" do
- create_new_user
- get :login_at_test2
- response.should be_a_redirect
- response.should redirect_to("https://graph.facebook.com/oauth/authorize?response_type=code&client_id=#{::Sorcery::Controller::Config.facebook.key}&redirect_uri=http%3A%2F%2Fblabla.com&scope=email%2Coffline_access&display=page")
+ context "when callback_url begin with /" do
+ before do
+ sorcery_controller_external_property_set(:facebook, :callback_url, "/oauth/twitter/callback")
+ end
+ it "login_at redirects correctly" do
+ create_new_user
+ get :login_at_test2
+ response.should be_a_redirect
+ response.should redirect_to("https://graph.facebook.com/oauth/authorize?response_type=code&client_id=#{::Sorcery::Controller::Config.facebook.key}&redirect_uri=http%3A%2F%2Ftest.host%2Foauth%2Ftwitter%2Fcallback&scope=email%2Coffline_access&display=page")
+ end
+ after do
+ sorcery_controller_external_property_set(:facebook, :callback_url, "http://blabla.com")
+ end
end
+ context "when callback_url begin with http://" do
+ it "login_at redirects correctly" do
+ create_new_user
+ get :login_at_test2
+ response.should be_a_redirect
+ response.should redirect_to("https://graph.facebook.com/oauth/authorize?response_type=code&client_id=#{::Sorcery::Controller::Config.facebook.key}&redirect_uri=http%3A%2F%2Fblabla.com&scope=email%2Coffline_access&display=page")
+ end
+ end
+
it "'login_from' logins if user exists" do
sorcery_model_property_set(:authentications_class, Authentication)
create_new_external_user(:facebook)
@@ -43,11 +43,28 @@ def stub_all_oauth_requests!
Authentication.delete_all
end
- it "login_at redirects correctly" do
- create_new_user
- get :login_at_test
- response.should be_a_redirect
- response.should redirect_to("http://myapi.com/oauth/authorize?oauth_callback=http%3A%2F%2Fblabla.com&oauth_token=")
+ context "when callback_url begin with /" do
+ before do
+ sorcery_controller_external_property_set(:twitter, :callback_url, "/oauth/twitter/callback")
+ end
+ it "login_at redirects correctly" do
+ create_new_user
+ get :login_at_test
+ response.should be_a_redirect
+ response.should redirect_to("http://myapi.com/oauth/authorize?oauth_callback=http%3A%2F%2Ftest.host%2Foauth%2Ftwitter%2Fcallback&oauth_token=")
+ end
+ after do
+ sorcery_controller_external_property_set(:twitter, :callback_url, "http://blabla.com")
+ end
+ end
+
+ context "when callback_url begin with http://" do
+ it "login_at redirects correctly" do
+ create_new_user
+ get :login_at_test
+ response.should be_a_redirect
+ response.should redirect_to("http://myapi.com/oauth/authorize?oauth_callback=http%3A%2F%2Fblabla.com&oauth_token=")
+ end
end
it "logins if user exists" do