From 837baaf2e1d951c3b26ad233f8ada09cf6ab5441 Mon Sep 17 00:00:00 2001
From: Jordan Owens <jkowens@gmail.com>
Date: Tue, 19 Jan 2021 13:19:55 -0500
Subject: [PATCH] Update omniauthable tests for OmniAuth 2.0 (#5331)

---
 Gemfile                                 |  2 +-
 Gemfile.lock                            | 35 +++++++++++++-------
 app/views/devise/shared/_links.html.erb |  2 +-
 test/integration/omniauthable_test.rb   | 44 +++++++++++++++----------
 4 files changed, 52 insertions(+), 31 deletions(-)

diff --git a/Gemfile b/Gemfile
index 37dc67d9..3f122750 100644
--- a/Gemfile
+++ b/Gemfile
@@ -17,7 +17,7 @@ gem "responders", "~> 3.0"
 
 group :test do
   gem "omniauth-facebook"
-  gem "omniauth-openid"
+  gem "omniauth-openid", git: 'https://github.com/jkowens/omniauth-openid', branch: 'patch-1'
   gem "timecop"
   gem "webrat", "0.7.3", require: false
   gem "mocha", "~> 1.1", require: false
diff --git a/Gemfile.lock b/Gemfile.lock
index 6696760e..13b7ccf0 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,5 +1,5 @@
 GIT
-  remote: https://github.com/rails/activemodel-serializers-xml.git
+  remote: git://github.com/rails/activemodel-serializers-xml.git
   revision: 694f4071c6b16e4c8597cc323c241b5f787b3ea8
   specs:
     activemodel-serializers-xml (1.0.2)
@@ -8,7 +8,7 @@ GIT
       builder (~> 3.1)
 
 GIT
-  remote: https://github.com/rails/rails-controller-testing.git
+  remote: git://github.com/rails/rails-controller-testing.git
   revision: 4b15c86e82ee380f2a7cc009e470368f7520560a
   specs:
     rails-controller-testing (1.0.5)
@@ -16,6 +16,15 @@ GIT
       actionview (>= 5.0.1.rc1)
       activesupport (>= 5.0.1.rc1)
 
+GIT
+  remote: https://github.com/jkowens/omniauth-openid
+  revision: c70d35f266a814340b01f6f5649bb664a78743f4
+  branch: patch-1
+  specs:
+    omniauth-openid (2.0.0)
+      omniauth (>= 1.0, < 3.0)
+      rack-openid (~> 1.4.0)
+
 PATH
   remote: .
   specs:
@@ -89,8 +98,11 @@ GEM
     concurrent-ruby (1.1.7)
     crass (1.0.6)
     erubi (1.9.0)
-    faraday (1.0.1)
+    faraday (1.3.0)
+      faraday-net_http (~> 1.0)
       multipart-post (>= 1.2, < 3)
+      ruby2_keywords
+    faraday-net_http (1.0.1)
     globalid (0.4.2)
       activesupport (>= 4.2.0)
     hashie (4.1.0)
@@ -122,22 +134,22 @@ GEM
       multi_json (~> 1.3)
       multi_xml (~> 0.5)
       rack (>= 1.2, < 3)
-    omniauth (1.9.1)
+    omniauth (2.0.1)
       hashie (>= 3.4.6)
       rack (>= 1.6.2, < 3)
+      rack-protection
     omniauth-facebook (7.0.0)
       omniauth-oauth2 (~> 1.2)
-    omniauth-oauth2 (1.7.0)
+    omniauth-oauth2 (1.7.1)
       oauth2 (~> 1.4)
-      omniauth (~> 1.9)
-    omniauth-openid (1.0.1)
-      omniauth (~> 1.0)
-      rack-openid (~> 1.3.1)
+      omniauth (>= 1.9, < 3)
     orm_adapter (0.5.0)
     rack (2.2.3)
-    rack-openid (1.3.1)
+    rack-openid (1.4.2)
       rack (>= 1.1.0)
       ruby-openid (>= 2.1.8)
+    rack-protection (2.1.0)
+      rack
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
     rails (6.0.3.3)
@@ -172,6 +184,7 @@ GEM
       actionpack (>= 5.0)
       railties (>= 5.0)
     ruby-openid (2.9.2)
+    ruby2_keywords (0.0.2)
     sprockets (4.0.2)
       concurrent-ruby (~> 1.0)
       rack (> 1, < 3)
@@ -206,7 +219,7 @@ DEPENDENCIES
   omniauth
   omniauth-facebook
   omniauth-oauth2
-  omniauth-openid
+  omniauth-openid!
   rails (~> 6.0.0)
   rails-controller-testing!
   rdoc
diff --git a/app/views/devise/shared/_links.html.erb b/app/views/devise/shared/_links.html.erb
index 084af701..96a94124 100644
--- a/app/views/devise/shared/_links.html.erb
+++ b/app/views/devise/shared/_links.html.erb
@@ -20,6 +20,6 @@
 
 <%- if devise_mapping.omniauthable? %>
   <%- resource_class.omniauth_providers.each do |provider| %>
-    <%= link_to "Sign in with #{OmniAuth::Utils.camelize(provider)}", omniauth_authorize_path(resource_name, provider) %><br />
+    <%= link_to "Sign in with #{OmniAuth::Utils.camelize(provider)}", omniauth_authorize_path(resource_name, provider), method: :post %><br />
   <% end %>
 <% end %>
diff --git a/test/integration/omniauthable_test.rb b/test/integration/omniauthable_test.rb
index 6c989f0c..1b14911d 100644
--- a/test/integration/omniauthable_test.rb
+++ b/test/integration/omniauthable_test.rb
@@ -23,6 +23,9 @@ class OmniauthableIntegrationTest < Devise::IntegrationTest
       "extra" => {"user_hash" => FACEBOOK_INFO}
     }
     OmniAuth.config.add_camelization 'facebook', 'FaceBook'
+    if OmniAuth.config.respond_to?(:request_validation_phase)
+      OmniAuth.config.request_validation_phase = ->(env) {}
+    end
   end
 
   teardown do
@@ -45,8 +48,8 @@ class OmniauthableIntegrationTest < Devise::IntegrationTest
   test "omniauth sign in should not run model validations" do
     stub_action!(:sign_in_facebook) do
       create_user
-      visit "/users/sign_in"
-      click_link "Sign in with FaceBook"
+      post "/users/auth/facebook"
+      follow_redirect!
       assert warden.authenticated?(:user)
 
       refute User.validations_performed
@@ -54,8 +57,8 @@ class OmniauthableIntegrationTest < Devise::IntegrationTest
   end
 
   test "can access omniauth.auth in the env hash" do
-    visit "/users/sign_in"
-    click_link "Sign in with FaceBook"
+    post "/users/auth/facebook"
+    follow_redirect!
 
     json = ActiveSupport::JSON.decode(response.body)
 
@@ -68,8 +71,8 @@ class OmniauthableIntegrationTest < Devise::IntegrationTest
 
   test "cleans up session on sign up" do
     assert_no_difference "User.count" do
-      visit "/users/sign_in"
-      click_link "Sign in with FaceBook"
+      post "/users/auth/facebook"
+      follow_redirect!
     end
 
     assert session["devise.facebook_data"]
@@ -89,8 +92,8 @@ class OmniauthableIntegrationTest < Devise::IntegrationTest
 
   test "cleans up session on cancel" do
     assert_no_difference "User.count" do
-      visit "/users/sign_in"
-      click_link "Sign in with FaceBook"
+      post "/users/auth/facebook"
+      follow_redirect!
     end
 
     assert session["devise.facebook_data"]
@@ -100,8 +103,8 @@ class OmniauthableIntegrationTest < Devise::IntegrationTest
 
   test "cleans up session on sign in" do
     assert_no_difference "User.count" do
-      visit "/users/sign_in"
-      click_link "Sign in with FaceBook"
+      post "/users/auth/facebook"
+      follow_redirect!
     end
 
     assert session["devise.facebook_data"]
@@ -110,23 +113,28 @@ class OmniauthableIntegrationTest < Devise::IntegrationTest
   end
 
   test "sign in and send remember token if configured" do
-    visit "/users/sign_in"
-    click_link "Sign in with FaceBook"
+    post "/users/auth/facebook"
+    follow_redirect!
     assert_nil warden.cookies["remember_user_token"]
 
     stub_action!(:sign_in_facebook) do
       create_user
-      visit "/users/sign_in"
-      click_link "Sign in with FaceBook"
+      post "/users/auth/facebook"
+      follow_redirect!
       assert warden.authenticated?(:user)
       assert warden.cookies["remember_user_token"]
     end
   end
 
+  test "generates a link to authenticate with provider" do
+    visit "/users/sign_in"
+    assert_select "a[href=?][data-method='post']", "/users/auth/facebook", text: "Sign in with FaceBook"
+  end
+
   test "generates a proper link when SCRIPT_NAME is set" do
     header 'SCRIPT_NAME', '/q'
     visit "/users/sign_in"
-    assert_select "a", href: "/q/users/auth/facebook"
+    assert_select "a[href=?][data-method='post']", "/q/users/auth/facebook", text: "Sign in with FaceBook"
   end
 
   test "handles callback error parameter according to the specification" do
@@ -139,10 +147,10 @@ class OmniauthableIntegrationTest < Devise::IntegrationTest
   test "handles other exceptions from OmniAuth" do
     OmniAuth.config.mock_auth[:facebook] = :invalid_credentials
 
-    visit "/users/sign_in"
-    click_link "Sign in with FaceBook"
+    post "/users/auth/facebook"
+    follow_redirect!
+    follow_redirect!
 
-    assert_current_url "/users/sign_in"
     assert_contain 'Could not authenticate you from FaceBook because "Invalid credentials".'
   end
 end