diff --git a/.gitignore b/.gitignore index f61f58b..5723c41 100644 --- a/.gitignore +++ b/.gitignore @@ -16,3 +16,4 @@ test/tmp test/version_tmp tmp *.swp +vendor/bundle diff --git a/lib/omniauth/strategies/oauth2.rb b/lib/omniauth/strategies/oauth2.rb index e593f03..cd1f778 100644 --- a/lib/omniauth/strategies/oauth2.rb +++ b/lib/omniauth/strategies/oauth2.rb @@ -89,12 +89,16 @@ def callback_phase # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexi fail!(error, CallbackError.new(request.params["error"], request.params["error_description"] || request.params["error_reason"], request.params["error_uri"])) else self.access_token = build_access_token - self.access_token = access_token.refresh! if access_token.expired? - super + if access_token + self.access_token = access_token.refresh! if access_token.expired? + super + else + fail!(:invalid_credentials, CallbackError.new(:invalid_credentials, "Failed to build access token")) + end end rescue ::OAuth2::Error, CallbackError => e fail!(:invalid_credentials, e) - rescue ::Timeout::Error, ::Errno::ETIMEDOUT, OAuth2::TimeoutError, OAuth2::ConnectionError => e + rescue ::Timeout::Error, ::Errno::ETIMEDOUT, ::OAuth2::TimeoutError, ::OAuth2::ConnectionError => e fail!(:timeout, e) rescue ::SocketError => e fail!(:failed_to_connect, e) diff --git a/spec/omniauth/strategies/oauth2_spec.rb b/spec/omniauth/strategies/oauth2_spec.rb index 68b5d62..a4b7f9e 100644 --- a/spec/omniauth/strategies/oauth2_spec.rb +++ b/spec/omniauth/strategies/oauth2_spec.rb @@ -140,6 +140,15 @@ def app expect(instance).to receive(:fail!).with(:csrf_detected, anything) instance.callback_phase end + + it "handles the case when build_access_token returns nil" do + params.delete("error") + params.delete("error_reason") + allow(instance).to receive(:build_access_token).and_return(nil) + + expect(instance).to receive(:fail!).with(:invalid_credentials, anything) + instance.callback_phase + end end end