diff --git a/Gemfile b/Gemfile
index 37dc67d9..3f122750 100644
--- a/Gemfile
+++ b/Gemfile
@@ -17,7 +17,7 @@ gem "responders", "~> 3.0"
group :test do
gem "omniauth-facebook"
- gem "omniauth-openid"
+ gem "omniauth-openid", git: 'https://github.com/jkowens/omniauth-openid', branch: 'patch-1'
gem "timecop"
gem "webrat", "0.7.3", require: false
gem "mocha", "~> 1.1", require: false
diff --git a/Gemfile.lock b/Gemfile.lock
index 6696760e..13b7ccf0 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,5 +1,5 @@
GIT
- remote: https://github.com/rails/activemodel-serializers-xml.git
+ remote: git://github.com/rails/activemodel-serializers-xml.git
revision: 694f4071c6b16e4c8597cc323c241b5f787b3ea8
specs:
activemodel-serializers-xml (1.0.2)
@@ -8,7 +8,7 @@ GIT
builder (~> 3.1)
GIT
- remote: https://github.com/rails/rails-controller-testing.git
+ remote: git://github.com/rails/rails-controller-testing.git
revision: 4b15c86e82ee380f2a7cc009e470368f7520560a
specs:
rails-controller-testing (1.0.5)
@@ -16,6 +16,15 @@ GIT
actionview (>= 5.0.1.rc1)
activesupport (>= 5.0.1.rc1)
+GIT
+ remote: https://github.com/jkowens/omniauth-openid
+ revision: c70d35f266a814340b01f6f5649bb664a78743f4
+ branch: patch-1
+ specs:
+ omniauth-openid (2.0.0)
+ omniauth (>= 1.0, < 3.0)
+ rack-openid (~> 1.4.0)
+
PATH
remote: .
specs:
@@ -89,8 +98,11 @@ GEM
concurrent-ruby (1.1.7)
crass (1.0.6)
erubi (1.9.0)
- faraday (1.0.1)
+ faraday (1.3.0)
+ faraday-net_http (~> 1.0)
multipart-post (>= 1.2, < 3)
+ ruby2_keywords
+ faraday-net_http (1.0.1)
globalid (0.4.2)
activesupport (>= 4.2.0)
hashie (4.1.0)
@@ -122,22 +134,22 @@ GEM
multi_json (~> 1.3)
multi_xml (~> 0.5)
rack (>= 1.2, < 3)
- omniauth (1.9.1)
+ omniauth (2.0.1)
hashie (>= 3.4.6)
rack (>= 1.6.2, < 3)
+ rack-protection
omniauth-facebook (7.0.0)
omniauth-oauth2 (~> 1.2)
- omniauth-oauth2 (1.7.0)
+ omniauth-oauth2 (1.7.1)
oauth2 (~> 1.4)
- omniauth (~> 1.9)
- omniauth-openid (1.0.1)
- omniauth (~> 1.0)
- rack-openid (~> 1.3.1)
+ omniauth (>= 1.9, < 3)
orm_adapter (0.5.0)
rack (2.2.3)
- rack-openid (1.3.1)
+ rack-openid (1.4.2)
rack (>= 1.1.0)
ruby-openid (>= 2.1.8)
+ rack-protection (2.1.0)
+ rack
rack-test (1.1.0)
rack (>= 1.0, < 3)
rails (6.0.3.3)
@@ -172,6 +184,7 @@ GEM
actionpack (>= 5.0)
railties (>= 5.0)
ruby-openid (2.9.2)
+ ruby2_keywords (0.0.2)
sprockets (4.0.2)
concurrent-ruby (~> 1.0)
rack (> 1, < 3)
@@ -206,7 +219,7 @@ DEPENDENCIES
omniauth
omniauth-facebook
omniauth-oauth2
- omniauth-openid
+ omniauth-openid!
rails (~> 6.0.0)
rails-controller-testing!
rdoc
diff --git a/app/views/devise/shared/_links.html.erb b/app/views/devise/shared/_links.html.erb
index 084af701..96a94124 100644
--- a/app/views/devise/shared/_links.html.erb
+++ b/app/views/devise/shared/_links.html.erb
@@ -20,6 +20,6 @@
<%- if devise_mapping.omniauthable? %>
<%- resource_class.omniauth_providers.each do |provider| %>
- <%= link_to "Sign in with #{OmniAuth::Utils.camelize(provider)}", omniauth_authorize_path(resource_name, provider) %>
+ <%= link_to "Sign in with #{OmniAuth::Utils.camelize(provider)}", omniauth_authorize_path(resource_name, provider), method: :post %>
<% end %>
<% end %>
diff --git a/test/integration/omniauthable_test.rb b/test/integration/omniauthable_test.rb
index 6c989f0c..1b14911d 100644
--- a/test/integration/omniauthable_test.rb
+++ b/test/integration/omniauthable_test.rb
@@ -23,6 +23,9 @@ class OmniauthableIntegrationTest < Devise::IntegrationTest
"extra" => {"user_hash" => FACEBOOK_INFO}
}
OmniAuth.config.add_camelization 'facebook', 'FaceBook'
+ if OmniAuth.config.respond_to?(:request_validation_phase)
+ OmniAuth.config.request_validation_phase = ->(env) {}
+ end
end
teardown do
@@ -45,8 +48,8 @@ class OmniauthableIntegrationTest < Devise::IntegrationTest
test "omniauth sign in should not run model validations" do
stub_action!(:sign_in_facebook) do
create_user
- visit "/users/sign_in"
- click_link "Sign in with FaceBook"
+ post "/users/auth/facebook"
+ follow_redirect!
assert warden.authenticated?(:user)
refute User.validations_performed
@@ -54,8 +57,8 @@ class OmniauthableIntegrationTest < Devise::IntegrationTest
end
test "can access omniauth.auth in the env hash" do
- visit "/users/sign_in"
- click_link "Sign in with FaceBook"
+ post "/users/auth/facebook"
+ follow_redirect!
json = ActiveSupport::JSON.decode(response.body)
@@ -68,8 +71,8 @@ class OmniauthableIntegrationTest < Devise::IntegrationTest
test "cleans up session on sign up" do
assert_no_difference "User.count" do
- visit "/users/sign_in"
- click_link "Sign in with FaceBook"
+ post "/users/auth/facebook"
+ follow_redirect!
end
assert session["devise.facebook_data"]
@@ -89,8 +92,8 @@ class OmniauthableIntegrationTest < Devise::IntegrationTest
test "cleans up session on cancel" do
assert_no_difference "User.count" do
- visit "/users/sign_in"
- click_link "Sign in with FaceBook"
+ post "/users/auth/facebook"
+ follow_redirect!
end
assert session["devise.facebook_data"]
@@ -100,8 +103,8 @@ class OmniauthableIntegrationTest < Devise::IntegrationTest
test "cleans up session on sign in" do
assert_no_difference "User.count" do
- visit "/users/sign_in"
- click_link "Sign in with FaceBook"
+ post "/users/auth/facebook"
+ follow_redirect!
end
assert session["devise.facebook_data"]
@@ -110,23 +113,28 @@ class OmniauthableIntegrationTest < Devise::IntegrationTest
end
test "sign in and send remember token if configured" do
- visit "/users/sign_in"
- click_link "Sign in with FaceBook"
+ post "/users/auth/facebook"
+ follow_redirect!
assert_nil warden.cookies["remember_user_token"]
stub_action!(:sign_in_facebook) do
create_user
- visit "/users/sign_in"
- click_link "Sign in with FaceBook"
+ post "/users/auth/facebook"
+ follow_redirect!
assert warden.authenticated?(:user)
assert warden.cookies["remember_user_token"]
end
end
+ test "generates a link to authenticate with provider" do
+ visit "/users/sign_in"
+ assert_select "a[href=?][data-method='post']", "/users/auth/facebook", text: "Sign in with FaceBook"
+ end
+
test "generates a proper link when SCRIPT_NAME is set" do
header 'SCRIPT_NAME', '/q'
visit "/users/sign_in"
- assert_select "a", href: "/q/users/auth/facebook"
+ assert_select "a[href=?][data-method='post']", "/q/users/auth/facebook", text: "Sign in with FaceBook"
end
test "handles callback error parameter according to the specification" do
@@ -139,10 +147,10 @@ class OmniauthableIntegrationTest < Devise::IntegrationTest
test "handles other exceptions from OmniAuth" do
OmniAuth.config.mock_auth[:facebook] = :invalid_credentials
- visit "/users/sign_in"
- click_link "Sign in with FaceBook"
+ post "/users/auth/facebook"
+ follow_redirect!
+ follow_redirect!
- assert_current_url "/users/sign_in"
assert_contain 'Could not authenticate you from FaceBook because "Invalid credentials".'
end
end