Redirects user to the original page they were targeting (#191)

emory-libraries · Jul 27, 2020 · 16a6f08 · 16a6f08
1 parent 1057f43
commit 16a6f08
Show file tree

Hide file tree

Showing 4 changed files with 56 additions and 40 deletions.
diff --git a/app/controllers/omniauth_callbacks_controller.rb b/app/controllers/omniauth_callbacks_controller.rb
@@ -8,7 +8,8 @@ def shibboleth
     @user = User.from_omniauth(request.env["omniauth.auth"])
     cookie_pot
     set_flash_message :notice, :success, kind: "Emory"
-    sign_in_and_redirect @user
+    sign_in @user
+    redirect_to request.env["omniauth.origin"] || root_path
   end
 
   def cookie_pot

diff --git a/spec/controllers/omniauth_callbacks_controller_spec.rb b/spec/controllers/omniauth_callbacks_controller_spec.rb
@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+require 'rails_helper'
+
+RSpec.describe OmniauthCallbacksController do
+  before do
+    User.create(provider:     'shibboleth',
+                uid:          'brianbboys1967',
+                display_name: 'Brian Wilson')
+    request.env["devise.mapping"] = Devise.mappings[:user]
+    request.env["omniauth.auth"] = OmniAuth.config.mock_auth[:shib]
+    post :shibboleth
+  end
+  OmniAuth.config.mock_auth[:shib] =
+    OmniAuth::AuthHash.new(
+      provider: 'shibboleth',
+      uid:      "P0000001",
+      info:     {
+        display_name: "Brian Wilson",
+        uid:          'brianbboys1967'
+      }
+    )
+
+  context "when origin is present" do
+    before do
+      request.env["omniauth.origin"] = '/example'
+      post :shibboleth
+    end
+
+    it "redirects to origin" do
+      expect(response.redirect_url).to eq 'http://test.host/example'
+    end
+  end
+
+  context "when origin is missing" do
+    it "redirects to home" do
+      expect(response.redirect_url).to include 'http://test.host/'
+    end
+  end
+
+  it "sets a cookie" do
+    expect(response.cookies).to include "bearer_token"
+    expect(decrypt_string(response.cookies["bearer_token"])).to eq 1.day.from_now.to_s
+  end
+
+  def decrypt_string(encrypted_str)
+    cipher_salt1 = ENV["IIIF_COOKIE_SALT_1"] || 'some-random-salt-'
+    cipher_salt2 = ENV["IIIF_COOKIE_SALT_2"] || 'another-random-salt-'
+    cipher = OpenSSL::Cipher.new('AES-128-ECB').decrypt
+    cipher.key = OpenSSL::PKCS5.pbkdf2_hmac_sha1(cipher_salt1, cipher_salt2, 20_000, cipher.key_len)
+    decrypted = [encrypted_str].pack('H*').unpack('C*').pack('c*')
+    cipher.update(decrypted) + cipher.final
+  end
+end
diff --git a/spec/rails_helper.rb b/spec/rails_helper.rb
@@ -64,4 +64,5 @@
   config.filter_rails_from_backtrace!
   # arbitrary gems may also be filtered via:
   # config.filter_gems_from_backtrace("gem name")
+  config.include Devise::Test::ControllerHelpers, type: :controller
 end
diff --git a/spec/requests/omniauth_callbacks_requests_spec.rb b/spec/requests/omniauth_callbacks_requests_spec.rb