Respond with :service_unavailable to SSL errors

- covers both request and callback phase
jwang · Aug 14, 2011 · 886186c · 886186c
1 parent 181931c
commit 886186c
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 4 deletions.
diff --git a/oa-oauth/lib/omniauth/strategies/oauth.rb b/oa-oauth/lib/omniauth/strategies/oauth.rb
@@ -40,7 +40,7 @@ def request_phase
 
       rescue ::Timeout::Error => e
         fail!(:timeout, e)
-      rescue ::Net::HTTPFatalError => e
+      rescue ::Net::HTTPFatalError, ::OpenSSL::SSL::SSLError => e
         fail!(:service_unavailable, e)
       end
 
@@ -60,9 +60,7 @@ def callback_phase
         super
       rescue ::Timeout::Error => e
         fail!(:timeout, e)
-      rescue ::Net::HTTPFatalError => e
-        fail!(:service_unavailable, e)
-      rescue ::OpenSSL::SSL::SSLError => e
+      rescue ::Net::HTTPFatalError, ::OpenSSL::SSL::SSLError => e
         fail!(:service_unavailable, e)
       rescue ::OAuth::Unauthorized => e
         fail!(:invalid_credentials, e)

diff --git a/oa-oauth/spec/omniauth/strategies/oauth/oauth_spec.rb b/oa-oauth/spec/omniauth/strategies/oauth/oauth_spec.rb
@@ -57,6 +57,19 @@ def session
         last_request.env['omniauth.error'].should be_kind_of(::Net::HTTPFatalError)
         last_request.env['omniauth.error.type'] = :service_unavailable
       end
+
+      context "SSL failure" do
+        before do
+          stub_request(:post, 'https://api.example.org/oauth/request_token').
+             to_raise(::OpenSSL::SSL::SSLError.new("SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed"))
+          get '/auth/example.org'
+        end
+
+        it 'should call fail! with :service_unavailable' do
+          last_request.env['omniauth.error'].should be_kind_of(::OpenSSL::SSL::SSLError)
+          last_request.env['omniauth.error.type'] = :service_unavailable
+        end
+      end
     end
   end