1
0
Fork 0
mirror of https://github.com/omniauth/omniauth.git synced 2022-11-09 12:31:49 -05:00
omniauth--omniauth/spec/omniauth/strategy_spec.rb

1129 lines
39 KiB
Ruby
Raw Normal View History

2013-02-25 19:05:37 -05:00
require 'helper'
2011-09-03 14:08:07 -04:00
def make_env(path = '/auth/test', props = {})
{
'REQUEST_METHOD' => 'POST',
2011-09-03 14:08:07 -04:00
'PATH_INFO' => path,
'rack.session' => {},
'rack.input' => StringIO.new('test=true')
2011-09-03 14:08:07 -04:00
}.merge(props)
end
describe OmniAuth::Strategy do
2014-01-15 23:00:46 -05:00
let(:app) do
lambda { |_env| [404, {}, ['Awesome']] }
2014-01-15 23:00:46 -05:00
end
let(:fresh_strategy) do
c = Class.new
c.send(:include, OmniAuth::Strategy)
end
2014-01-15 23:00:46 -05:00
describe '.default_options' do
it 'is inherited from a parent class' do
superklass = Class.new
superklass.send :include, OmniAuth::Strategy
superklass.configure do |c|
c.foo = 'bar'
end
klass = Class.new(superklass)
expect(klass.default_options.foo).to eq('bar')
end
end
2020-03-02 15:09:14 -05:00
describe 'user_info' do
it 'should default to an empty hash' do
expect(fresh_strategy.new(app, :skip_info => true).user_info).to eq({})
end
end
2014-01-15 23:00:46 -05:00
describe '.configure' do
subject do
c = Class.new
c.send(:include, OmniAuth::Strategy)
end
context 'when block is passed' do
it 'allows for default options setting' do
subject.configure do |c|
c.wakka = 'doo'
end
2014-01-15 23:00:46 -05:00
expect(subject.default_options['wakka']).to eq('doo')
end
it "works when block doesn't evaluate to true" do
environment_variable = nil
subject.configure do |c|
c.abc = '123'
c.hgi = environment_variable
end
2014-01-15 23:00:46 -05:00
expect(subject.default_options['abc']).to eq('123')
end
end
2014-01-15 23:00:46 -05:00
it 'takes a hash and deep merge it' do
subject.configure :abc => {:def => 123}
subject.configure :abc => {:hgi => 456}
2014-01-15 23:00:46 -05:00
expect(subject.default_options['abc']).to eq('def' => 123, 'hgi' => 456)
end
end
2020-03-02 15:09:14 -05:00
describe '#fail!' do
it 'provides exception information when one is provided' do
env = make_env
exception = RuntimeError.new('No session!')
expect(OmniAuth.logger).to receive(:error).with(
"(test) Authentication failure! failed: #{exception.class}, #{exception.message}"
)
ExampleStrategy.new(app, :failure => :failed, :failure_exception => exception).call(env)
end
it 'provides a generic message when not provided an exception' do
env = make_env
expect(OmniAuth.logger).to receive(:error).with(
'(test) Authentication failure! Some Issue encountered.'
)
ExampleStrategy.new(app, :failure => 'Some Issue').call(env)
2020-03-02 15:09:14 -05:00
end
end
2014-01-15 23:00:46 -05:00
describe '#skip_info?' do
it 'is true if options.skip_info is true' do
expect(ExampleStrategy.new(app, :skip_info => true)).to be_skip_info
end
2014-01-15 23:00:46 -05:00
it 'is false if options.skip_info is false' do
expect(ExampleStrategy.new(app, :skip_info => false)).not_to be_skip_info
end
2014-01-15 23:00:46 -05:00
it 'is false by default' do
expect(ExampleStrategy.new(app)).not_to be_skip_info
end
2014-01-15 23:00:46 -05:00
it 'is true if options.skip_info is a callable that evaluates to truthy' do
instance = ExampleStrategy.new(app, :skip_info => lambda { |uid| uid })
2014-01-16 00:04:44 -05:00
expect(instance).to receive(:uid).and_return(true)
expect(instance).to be_skip_info
end
end
2014-01-15 23:00:46 -05:00
describe '.option' do
subject do
c = Class.new
c.send(:include, OmniAuth::Strategy)
end
it 'sets a default value' do
subject.option :abc, 123
expect(subject.default_options.abc).to eq(123)
end
2014-01-15 23:00:46 -05:00
it 'sets the default value to nil if none is provided' do
subject.option :abc
expect(subject.default_options.abc).to be_nil
end
end
2014-01-15 23:00:46 -05:00
describe '.args' do
subject do
c = Class.new
c.send(:include, OmniAuth::Strategy)
end
2014-01-15 23:00:46 -05:00
it 'sets args to the specified argument if there is one' do
2017-09-28 13:07:45 -04:00
subject.args %i[abc def]
expect(subject.args).to eq(%i[abc def])
end
2011-09-28 11:26:27 -04:00
2014-01-15 23:00:46 -05:00
it 'is inheritable' do
2017-09-28 13:07:45 -04:00
subject.args %i[abc def]
2011-09-28 11:26:27 -04:00
c = Class.new(subject)
2017-09-28 13:07:45 -04:00
expect(c.args).to eq(%i[abc def])
2011-09-28 11:26:27 -04:00
end
2014-01-15 23:00:46 -05:00
it 'accepts corresponding options as default arg values' do
2017-09-28 13:07:45 -04:00
subject.args %i[a b]
2014-01-15 23:00:46 -05:00
subject.option :a, '1'
subject.option :b, '2'
2014-01-15 23:00:46 -05:00
expect(subject.new(nil).options.a).to eq '1'
expect(subject.new(nil).options.b).to eq '2'
expect(subject.new(nil, '3', '4').options.b).to eq '4'
expect(subject.new(nil, nil, '4').options.a).to eq nil
end
end
2014-01-15 23:00:46 -05:00
context 'fetcher procs' do
subject { fresh_strategy }
2017-09-28 13:07:45 -04:00
%w[uid info credentials extra].each do |fetcher|
describe ".#{fetcher}" do
2014-01-15 23:00:46 -05:00
it 'sets and retrieve a proc' do
proc = lambda { 'Hello' }
subject.send(fetcher, &proc)
expect(subject.send(fetcher)).to eq(proc)
end
end
end
end
2014-01-15 23:00:46 -05:00
context 'fetcher stacks' do
subject { fresh_strategy }
2017-09-28 13:07:45 -04:00
%w[uid info credentials extra].each do |fetcher|
describe ".#{fetcher}_stack" do
2014-01-15 23:00:46 -05:00
it 'is an array of called ancestral procs' do
fetchy = proc { 'Hello' }
subject.send(fetcher, &fetchy)
2014-01-15 23:00:46 -05:00
expect(subject.send("#{fetcher}_stack", subject.new(app))).to eq(['Hello'])
end
end
end
end
2017-09-28 13:07:45 -04:00
%w[request_phase].each do |abstract_method|
2016-08-08 13:54:52 -04:00
context abstract_method.to_s do
2014-01-15 23:00:46 -05:00
it 'raises a NotImplementedError' do
strat = Class.new
strat.send :include, OmniAuth::Strategy
2014-01-15 23:00:46 -05:00
expect { strat.new(app).send(abstract_method) }.to raise_error(NotImplementedError)
end
end
end
2014-01-15 23:00:46 -05:00
describe '#auth_hash' do
subject do
klass = Class.new
klass.send :include, OmniAuth::Strategy
klass.option :name, 'auth_hasher'
klass
end
2014-01-15 23:00:46 -05:00
let(:instance) { subject.new(app) }
it 'calls through to uid, info, credentials, and extra' do
2014-01-16 00:04:44 -05:00
expect(instance).to receive(:uid)
expect(instance).to receive(:info)
expect(instance).to receive(:credentials).and_return(expires: true).once
expect(instance).to receive(:extra).and_return(something: 'else').once
instance.auth_hash
end
2014-01-15 23:00:46 -05:00
it 'returns an AuthHash' do
2013-07-09 04:08:41 -04:00
allow(instance).to receive(:uid).and_return('123')
allow(instance).to receive(:info).and_return(:name => 'Hal Awesome')
allow(instance).to receive(:credentials).and_return(expires: true)
allow(instance).to receive(:extra).and_return(something: 'else')
hash = instance.auth_hash
expect(hash).to be_kind_of(OmniAuth::AuthHash)
expect(hash.uid).to eq('123')
expect(hash.info.name).to eq('Hal Awesome')
expect(hash.credentials.expires).to eq(true)
expect(hash.extra.something).to eq('else')
end
end
2014-01-15 23:00:46 -05:00
describe '#initialize' do
context 'options extraction' do
it 'is the last argument if the last argument is a Hash' do
expect(ExampleStrategy.new(app, :abc => 123).options[:abc]).to eq(123)
2011-09-03 14:08:07 -04:00
end
2014-01-15 23:00:46 -05:00
it 'is the default options if any are provided' do
2013-07-09 04:08:41 -04:00
allow(ExampleStrategy).to receive(:default_options).and_return(OmniAuth::Strategy::Options.new(:abc => 123))
expect(ExampleStrategy.new(app).options.abc).to eq(123)
end
2011-09-03 14:08:07 -04:00
end
2014-01-15 23:00:46 -05:00
context 'custom args' do
subject do
c = Class.new
c.send(:include, OmniAuth::Strategy)
end
it 'sets options based on the arguments if they are supplied' do
2017-09-28 13:07:45 -04:00
subject.args %i[abc def]
s = subject.new app, 123, 456
expect(s.options[:abc]).to eq(123)
expect(s.options[:def]).to eq(456)
end
end
end
2014-01-15 23:00:46 -05:00
describe '#call' do
it 'duplicates and calls' do
klass = Class.new
klass.send :include, OmniAuth::Strategy
instance = klass.new(app)
2014-01-16 00:04:44 -05:00
expect(instance).to receive(:dup).and_return(instance)
2014-01-15 23:00:46 -05:00
instance.call('rack.session' => {})
end
it 'raises NoSessionError if rack.session isn\'t set' do
klass = Class.new
klass.send :include, OmniAuth::Strategy
instance = klass.new(app)
expect { instance.call({}) }.to raise_error(OmniAuth::NoSessionError)
end
end
2014-01-15 23:00:46 -05:00
describe '#inspect' do
it 'returns the class name' do
expect(ExampleStrategy.new(app).inspect).to eq('#<ExampleStrategy>')
end
2011-09-03 14:08:07 -04:00
end
2014-01-15 23:00:46 -05:00
describe '#redirect' do
it 'uses javascript if :iframe is true' do
response = ExampleStrategy.new(app, :iframe => true).redirect('http://abc.com')
2020-02-28 22:27:14 -05:00
expected_body = "<script type='text/javascript' charset='utf-8'>top.location.href = 'http://abc.com';</script>"
expect(response.last).to include(expected_body)
end
end
2014-01-15 23:00:46 -05:00
describe '#callback_phase' do
subject do
c = Class.new
c.send(:include, OmniAuth::Strategy)
c.new(app)
end
2014-01-15 23:00:46 -05:00
it 'sets the auth hash' do
env = make_env
2013-07-09 04:08:41 -04:00
allow(subject).to receive(:env).and_return(env)
2014-01-15 23:00:46 -05:00
allow(subject).to receive(:auth_hash).and_return('AUTH HASH')
subject.callback_phase
2014-01-15 23:00:46 -05:00
expect(env['omniauth.auth']).to eq('AUTH HASH')
end
end
2014-01-15 23:00:46 -05:00
describe '#full_host' do
let(:strategy) { ExampleStrategy.new(app, {}) }
it 'remains calm when there is a pipe in the URL' do
2011-09-03 14:08:07 -04:00
strategy.call!(make_env('/whatever', 'rack.url_scheme' => 'http', 'SERVER_NAME' => 'facebook.lame', 'QUERY_STRING' => 'code=asofibasf|asoidnasd', 'SCRIPT_NAME' => '', 'SERVER_PORT' => 80))
2014-01-15 23:00:46 -05:00
expect { strategy.full_host }.not_to raise_error
2011-09-03 14:08:07 -04:00
end
end
2014-01-15 23:00:46 -05:00
describe '#uid' do
subject { fresh_strategy }
it "is the current class's uid if one exists" do
2014-01-15 23:00:46 -05:00
subject.uid { 'Hi' }
expect(subject.new(app).uid).to eq('Hi')
end
2014-01-15 23:00:46 -05:00
it 'inherits if it can' do
subject.uid { 'Hi' }
c = Class.new(subject)
2014-01-15 23:00:46 -05:00
expect(c.new(app).uid).to eq('Hi')
end
end
2017-09-28 13:07:45 -04:00
%w[info credentials extra].each do |fetcher|
2014-01-15 23:00:46 -05:00
subject { fresh_strategy }
it "is the current class's proc call if one exists" do
2014-01-15 23:00:46 -05:00
subject.send(fetcher) { {:abc => 123} }
expect(subject.new(app).send(fetcher)).to eq(:abc => 123)
end
2014-01-15 23:00:46 -05:00
it 'inherits by merging with preference for the latest class' do
subject.send(fetcher) { {:abc => 123, :def => 456} }
c = Class.new(subject)
2014-01-15 23:00:46 -05:00
c.send(fetcher) { {:abc => 789} }
expect(c.new(app).send(fetcher)).to eq(:abc => 789, :def => 456)
end
end
2014-01-15 23:00:46 -05:00
describe '#call' do
before(:all) do
@options = nil
end
2014-01-15 23:00:46 -05:00
let(:strategy) { ExampleStrategy.new(app, @options || {}) }
2011-09-03 14:08:07 -04:00
2014-01-15 23:00:46 -05:00
context 'omniauth.origin' do
context 'disabled' do
it 'does not set omniauth.origin' do
2017-09-28 13:07:45 -04:00
@options = {:origin_param => false}
expect(strategy).to receive(:fail!).with('Request Phase', kind_of(StandardError))
strategy.call(make_env('/auth/test', 'QUERY_STRING' => 'return=/foo'))
expect(strategy.last_env['rack.session']['omniauth.origin']).to eq(nil)
end
2011-09-03 14:08:07 -04:00
end
context 'custom' do
it 'sets from a custom param' do
2017-09-28 13:07:45 -04:00
@options = {:origin_param => 'return'}
expect(strategy).to receive(:fail!).with('Request Phase', kind_of(StandardError))
strategy.call(make_env('/auth/test', 'QUERY_STRING' => 'return=/foo'))
expect(strategy.last_env['rack.session']['omniauth.origin']).to eq('/foo')
end
2011-09-03 14:08:07 -04:00
end
context 'default flow' do
it 'is set on the request phase' do
expect(strategy).to receive(:fail!).with("Request Phase", kind_of(StandardError))
strategy.call(make_env('/auth/test', 'HTTP_REFERER' => 'http://example.com/origin'))
expect(strategy.last_env['rack.session']['omniauth.origin']).to eq('http://example.com/origin')
end
2011-09-03 14:08:07 -04:00
it 'is turned into an env variable on the callback phase' do
expect(strategy).to receive(:fail!).with("Callback Phase", kind_of(StandardError))
strategy.call(make_env('/auth/test/callback', 'rack.session' => {'omniauth.origin' => 'http://example.com/origin'}))
expect(strategy.last_env['omniauth.origin']).to eq('http://example.com/origin')
end
2011-09-03 14:08:07 -04:00
it 'sets from the params if provided' do
expect(strategy).to receive(:fail!).with('Request Phase', kind_of(StandardError))
strategy.call(make_env('/auth/test', 'QUERY_STRING' => 'origin=/foo'))
expect(strategy.last_env['rack.session']['omniauth.origin']).to eq('/foo')
2011-09-03 14:08:07 -04:00
end
it 'is set on the failure env' do
expect(OmniAuth.config).to receive(:on_failure).and_return(lambda { |env| env })
@options = {:failure => :forced_fail}
strategy.call(make_env('/auth/test/callback', 'rack.session' => {'omniauth.origin' => '/awesome'}))
end
2011-09-03 14:08:07 -04:00
context 'with script_name' do
it 'is set on the request phase, containing full path' do
env = {'HTTP_REFERER' => 'http://example.com/sub_uri/origin', 'SCRIPT_NAME' => '/sub_uri'}
expect(strategy).to receive(:fail!).with('Request Phase', kind_of(StandardError))
strategy.call(make_env('/auth/test', env))
expect(strategy.last_env['rack.session']['omniauth.origin']).to eq('http://example.com/sub_uri/origin')
end
it 'is turned into an env variable on the callback phase, containing full path' do
env = {
'rack.session' => {'omniauth.origin' => 'http://example.com/sub_uri/origin'},
'SCRIPT_NAME' => '/sub_uri'
}
expect(strategy).to receive(:fail!).with('Callback Phase', kind_of(StandardError))
strategy.call(make_env('/auth/test/callback', env))
expect(strategy.last_env['omniauth.origin']).to eq('http://example.com/sub_uri/origin')
end
2011-09-03 14:08:07 -04:00
end
end
end
2014-01-15 23:00:46 -05:00
context 'default paths' do
it 'uses the default request path' do
expect(strategy).to receive(:fail!).with('Request Phase', kind_of(StandardError))
strategy.call(make_env)
2011-09-03 14:08:07 -04:00
end
2014-01-15 23:00:46 -05:00
it 'is case insensitive on request path' do
expect(strategy).to receive(:fail!).with('Request Phase', kind_of(StandardError))
strategy.call(make_env('/AUTH/Test'))
2011-09-03 14:08:07 -04:00
end
2014-01-15 23:00:46 -05:00
it 'is case insensitive on callback path' do
expect(strategy).to receive(:fail!).with('Callback Phase', kind_of(StandardError))
strategy.call(make_env('/AUTH/TeSt/CaLlBAck'))
2011-09-03 14:08:07 -04:00
end
2014-01-15 23:00:46 -05:00
it 'uses the default callback path' do
expect(strategy).to receive(:fail!).with('Callback Phase', kind_of(StandardError))
strategy.call(make_env('/auth/test/callback'))
2011-09-03 14:08:07 -04:00
end
2014-01-15 23:00:46 -05:00
it 'strips trailing spaces on request' do
expect(strategy).to receive(:fail!).with('Request Phase', kind_of(StandardError))
strategy.call(make_env('/auth/test/'))
2011-09-03 14:08:07 -04:00
end
2014-01-15 23:00:46 -05:00
it 'strips trailing spaces on callback' do
expect(strategy).to receive(:fail!).with('Callback Phase', kind_of(StandardError))
strategy.call(make_env('/auth/test/callback/'))
2011-09-03 14:08:07 -04:00
end
2014-01-15 23:00:46 -05:00
context 'callback_url' do
it 'uses the default callback_path' do
2014-01-16 00:04:44 -05:00
expect(strategy).to receive(:full_host).and_return('http://example.com')
expect(strategy).to receive(:fail!).with('Request Phase', kind_of(StandardError))
2011-09-03 14:08:07 -04:00
strategy.call(make_env)
2011-09-03 14:08:07 -04:00
expect(strategy.callback_url).to eq('http://example.com/auth/test/callback')
2011-09-03 14:08:07 -04:00
end
2014-01-15 23:00:46 -05:00
it 'preserves the query parameters' do
2013-07-09 04:08:41 -04:00
allow(strategy).to receive(:full_host).and_return('http://example.com')
2011-09-03 14:08:07 -04:00
begin
strategy.call(make_env('/auth/test', 'QUERY_STRING' => 'id=5'))
2014-01-15 23:00:46 -05:00
rescue RuntimeError
end
expect(strategy.callback_url).to eq('http://example.com/auth/test/callback?id=5')
2011-09-03 14:08:07 -04:00
end
2014-01-15 23:00:46 -05:00
it 'consider script name' do
2013-07-09 04:08:41 -04:00
allow(strategy).to receive(:full_host).and_return('http://example.com')
2011-09-03 14:08:07 -04:00
begin
strategy.call(make_env('/auth/test', 'SCRIPT_NAME' => '/sub_uri'))
2014-01-15 23:00:46 -05:00
rescue RuntimeError
end
expect(strategy.callback_url).to eq('http://example.com/sub_uri/auth/test/callback')
2011-09-03 14:08:07 -04:00
end
end
end
2014-01-15 23:00:46 -05:00
context ':form option' do
it 'calls through to the supplied form option if one exists' do
strategy.options.form = lambda { |_env| 'Called me!' }
2014-01-15 23:00:46 -05:00
expect(strategy.call(make_env('/auth/test'))).to eq('Called me!')
2011-09-03 14:08:07 -04:00
end
2014-01-15 23:00:46 -05:00
it 'calls through to the app if :form => true is set as an option' do
strategy.options.form = true
expect(strategy.call(make_env('/auth/test'))).to eq(app.call(make_env('/auth/test')))
2011-09-03 14:08:07 -04:00
end
end
2014-01-15 23:00:46 -05:00
context 'dynamic paths' do
it 'runs the request phase if the custom request path evaluator is truthy' do
@options = {:request_path => lambda { |_env| true }}
expect(strategy).to receive(:fail!).with('Request Phase', kind_of(StandardError))
strategy.call(make_env('/asoufibasfi'))
end
2014-01-15 23:00:46 -05:00
it 'runs the callback phase if the custom callback path evaluator is truthy' do
@options = {:callback_path => lambda { |_env| true }}
expect(strategy).to receive(:fail!).with('Callback Phase', kind_of(StandardError))
strategy.call(make_env('/asoufiasod'))
end
2014-01-15 23:00:46 -05:00
it 'provides a custom callback path if request_path evals to a string' do
strategy_instance = fresh_strategy.new(nil, :request_path => lambda { |_env| '/auth/boo/callback/22' })
expect(strategy_instance.callback_path).to eq('/auth/boo/callback/22')
end
2014-01-15 23:00:46 -05:00
it 'correctly reports the callback path when the custom callback path evaluator is truthy' do
2014-08-18 07:21:39 -04:00
strategy_instance = ExampleStrategy.new(app, :callback_path => lambda { |env| env['PATH_INFO'] == '/auth/bish/bosh/callback' })
2020-12-10 23:07:47 -05:00
expect(strategy_instance).to receive(:fail!).with('Callback Phase', kind_of(StandardError))
strategy_instance.call(make_env('/auth/bish/bosh/callback'))
expect(strategy_instance.callback_path).to eq('/auth/bish/bosh/callback')
end
end
2014-01-15 23:00:46 -05:00
context 'custom paths' do
it 'uses a custom request_path if one is provided' do
2011-09-03 14:08:07 -04:00
@options = {:request_path => '/awesome'}
expect(strategy).to receive(:fail!).with('Request Phase', kind_of(StandardError))
strategy.call(make_env('/awesome'))
2011-09-03 14:08:07 -04:00
end
2014-01-15 23:00:46 -05:00
it 'uses a custom callback_path if one is provided' do
2011-09-03 14:08:07 -04:00
@options = {:callback_path => '/radical'}
expect(strategy).to receive(:fail!).with('Callback Phase', kind_of(StandardError))
strategy.call(make_env('/radical'))
2011-09-03 14:08:07 -04:00
end
2014-01-15 23:00:46 -05:00
context 'callback_url' do
it 'uses a custom callback_path if one is provided' do
2011-09-03 14:08:07 -04:00
@options = {:callback_path => '/radical'}
2014-01-16 00:04:44 -05:00
expect(strategy).to receive(:full_host).and_return('http://example.com')
expect(strategy).to receive(:fail!).with('Callback Phase', kind_of(StandardError))
2011-09-03 14:08:07 -04:00
strategy.call(make_env('/radical'))
2011-09-03 14:08:07 -04:00
expect(strategy.callback_url).to eq('http://example.com/radical')
2011-09-03 14:08:07 -04:00
end
2014-01-15 23:00:46 -05:00
it 'preserves the query parameters' do
2011-09-03 14:08:07 -04:00
@options = {:callback_path => '/radical'}
2013-07-09 04:08:41 -04:00
allow(strategy).to receive(:full_host).and_return('http://example.com')
2011-09-03 14:08:07 -04:00
begin
strategy.call(make_env('/auth/test', 'QUERY_STRING' => 'id=5'))
2014-01-15 23:00:46 -05:00
rescue RuntimeError
end
expect(strategy.callback_url).to eq('http://example.com/radical?id=5')
2011-09-03 14:08:07 -04:00
end
end
end
2014-01-15 23:00:46 -05:00
context 'custom prefix' do
2011-09-03 14:08:07 -04:00
before do
@options = {:path_prefix => '/wowzers'}
end
2014-01-15 23:00:46 -05:00
it 'uses a custom prefix for request' do
expect(strategy).to receive(:fail!).with('Request Phase', kind_of(StandardError))
strategy.call(make_env('/wowzers/test'))
2011-09-03 14:08:07 -04:00
end
2014-01-15 23:00:46 -05:00
it 'uses a custom prefix for callback' do
expect(strategy).to receive(:fail!).with('Callback Phase', kind_of(StandardError))
strategy.call(make_env('/wowzers/test/callback'))
2011-09-03 14:08:07 -04:00
end
2014-01-15 23:00:46 -05:00
context 'callback_url' do
it 'uses a custom prefix' do
2014-01-16 00:04:44 -05:00
expect(strategy).to receive(:full_host).and_return('http://example.com')
expect(strategy).to receive(:fail!).with('Request Phase', kind_of(StandardError))
strategy.call(make_env('/wowzers/test'))
2011-09-03 14:08:07 -04:00
expect(strategy.callback_url).to eq('http://example.com/wowzers/test/callback')
2011-09-03 14:08:07 -04:00
end
2014-01-15 23:00:46 -05:00
it 'preserves the query parameters' do
2013-07-09 04:08:41 -04:00
allow(strategy).to receive(:full_host).and_return('http://example.com')
2011-09-03 14:08:07 -04:00
begin
strategy.call(make_env('/auth/test', 'QUERY_STRING' => 'id=5'))
2014-01-15 23:00:46 -05:00
rescue RuntimeError
end
expect(strategy.callback_url).to eq('http://example.com/wowzers/test/callback?id=5')
2011-09-03 14:08:07 -04:00
end
end
end
context 'with relative url root' do
2020-12-10 12:23:40 -05:00
let(:props) { {'SCRIPT_NAME' => '/myapp'} }
it 'accepts the request' do
2020-12-10 12:23:40 -05:00
expect(strategy).to receive(:fail!).with('Request Phase', kind_of(StandardError))
strategy.call(make_env('/auth/test', props))
expect(strategy.request_path).to eq('/myapp/auth/test')
end
it 'accepts the callback' do
2020-12-10 12:23:40 -05:00
expect(strategy).to receive(:fail!).with('Callback Phase', kind_of(StandardError))
strategy.call(make_env('/auth/test/callback', props))
end
context 'callback_url' do
it 'redirects to the correctly prefixed callback' do
expect(strategy).to receive(:full_host).and_return('http://example.com')
2020-12-10 12:23:40 -05:00
expect(strategy).to receive(:fail!).with('Request Phase', kind_of(StandardError))
2020-12-10 12:23:40 -05:00
strategy.call(make_env('/auth/test', props))
expect(strategy.callback_url).to eq('http://example.com/myapp/auth/test/callback')
end
end
context 'custom request' do
before do
@options = {:request_path => '/myapp/override', :callback_path => '/myapp/override/callback'}
end
it 'does not prefix a custom request path' do
expect(strategy).to receive(:full_host).and_return('http://example.com')
2020-12-10 12:23:40 -05:00
expect(strategy).to receive(:fail!).with('Request Phase', kind_of(StandardError))
expect(strategy.request_path).to eq('/myapp/override')
2020-12-10 12:23:40 -05:00
strategy.call(make_env('/override', props))
expect(strategy.callback_url).to eq('http://example.com/myapp/override/callback')
end
end
context 'error during call_app!' do
class OtherPhaseStrategy < ExampleStrategy
def other_phase
call_app!
end
end
class AppError < StandardError; end
let(:app) { ->(_env) { raise(AppError.new('Some error in the app!')) } }
let(:strategy) { OtherPhaseStrategy.new(app) }
it 'raises the application error' do
expect { strategy.call(make_env('/some/path')) }.to raise_error(AppError, 'Some error in the app!')
end
end
context 'error during auth phase' do
class SomeStrategy < ExampleStrategy
def request_phase
raise AuthError.new('Some error in authentication')
end
end
class AuthError < StandardError; end
let(:strategy) { SomeStrategy.new(app) }
it 'passes the error to fail!()' do
expect(strategy).to receive(:fail!).with('Some error in authentication', kind_of(AuthError))
strategy.call(make_env('/auth/test', props))
end
end
end
2014-01-15 23:00:46 -05:00
context 'request method restriction' do
before(:context) do
OmniAuth.config.allowed_request_methods = %i[put post]
2011-09-03 14:08:07 -04:00
end
2014-01-15 23:00:46 -05:00
it 'does not allow a request method of the wrong type' do
expect { strategy.call(make_env('/auth/test', 'REQUEST_METHOD' => 'GET')) }.not_to raise_error
2011-09-03 14:08:07 -04:00
end
2014-01-15 23:00:46 -05:00
it 'allows a request method of the correct type' do
expect(strategy).to receive(:fail!).with('Request Phase', kind_of(StandardError))
strategy.call(make_env('/auth/test'))
2011-09-03 14:08:07 -04:00
end
after(:context) do
OmniAuth.config.allowed_request_methods = %i[post]
2011-09-03 14:08:07 -04:00
end
end
2014-01-15 23:00:46 -05:00
context 'receiving an OPTIONS request' do
shared_examples_for 'an OPTIONS request' do
it 'responds with 200' do
expect(response[0]).to eq(200)
end
2014-01-15 23:00:46 -05:00
it 'sets the Allow header properly' do
expect(response[1]['Allow']).to eq('POST')
end
end
2014-01-15 23:00:46 -05:00
context 'to the request path' do
let(:response) { strategy.call(make_env('/auth/test', 'REQUEST_METHOD' => 'OPTIONS')) }
2014-01-15 23:00:46 -05:00
it_behaves_like 'an OPTIONS request'
end
2014-01-15 23:00:46 -05:00
context 'to the request path' do
let(:response) { strategy.call(make_env('/auth/test/callback', 'REQUEST_METHOD' => 'OPTIONS')) }
2014-01-15 23:00:46 -05:00
it_behaves_like 'an OPTIONS request'
end
2014-01-15 23:00:46 -05:00
context 'to some other path' do
it 'does not short-circuit the request' do
env = make_env('/other', 'REQUEST_METHOD' => 'OPTIONS')
expect(strategy.call(env)).to eq(app.call(env))
end
end
end
2015-11-12 12:57:59 -05:00
context 'options mutation' do
before do
@options = {:dup => true}
2015-11-12 12:57:59 -05:00
end
context 'in request phase' do
it 'does not affect original options' do
2016-08-08 13:54:19 -04:00
@options[:test_option] = true
@options[:mutate_on_request] = proc { |options| options.delete(:test_option) }
strategy.call(make_env)
2015-11-12 12:57:59 -05:00
expect(strategy.options).to have_key(:test_option)
end
it 'does not affect deep options' do
2016-08-08 13:54:19 -04:00
@options[:deep_option] = {:test_option => true}
@options[:mutate_on_request] = proc { |options| options[:deep_option].delete(:test_option) }
strategy.call(make_env)
2015-11-12 12:57:59 -05:00
expect(strategy.options[:deep_option]).to have_key(:test_option)
end
end
context 'in callback phase' do
it 'does not affect original options' do
2016-08-08 13:54:19 -04:00
@options[:test_option] = true
@options[:mutate_on_callback] = proc { |options| options.delete(:test_option) }
strategy.call(make_env('/auth/test/callback', 'REQUEST_METHOD' => 'POST'))
2015-11-12 12:57:59 -05:00
expect(strategy.options).to have_key(:test_option)
end
it 'does not affect deep options' do
2016-08-08 13:54:19 -04:00
@options[:deep_option] = {:test_option => true}
@options[:mutate_on_callback] = proc { |options| options[:deep_option].delete(:test_option) }
strategy.call(make_env('/auth/test/callback', 'REQUEST_METHOD' => 'POST'))
2015-11-12 12:57:59 -05:00
expect(strategy.options[:deep_option]).to have_key(:test_option)
end
end
end
2014-01-15 23:00:46 -05:00
context 'test mode' do
let(:app) do
# In test mode, the underlying app shouldn't be called on request phase.
lambda { |_env| [404, {'Content-Type' => 'text/html'}, []] }
end
2011-09-03 14:08:07 -04:00
before do
OmniAuth.config.test_mode = true
end
2014-01-15 23:00:46 -05:00
it 'short circuits the request phase entirely' do
2011-09-03 14:08:07 -04:00
response = strategy.call(make_env)
expect(response[0]).to eq(302)
expect(response[1]['Location']).to eq('/auth/test/callback')
2011-09-03 14:08:07 -04:00
end
it "doesn't short circuit the request if request method is not allowed" do
2017-02-12 01:57:45 -05:00
response = strategy.call(make_env('/auth/test', 'REQUEST_METHOD' => 'DELETE'))
expect(response[0]).to eq(404)
end
2014-01-15 23:00:46 -05:00
it 'is case insensitive on request path' do
expect(strategy.call(make_env('/AUTH/Test'))[0]).to eq(302)
2011-09-03 14:08:07 -04:00
end
2014-01-15 23:00:46 -05:00
it 'respects SCRIPT_NAME (a.k.a. BaseURI)' do
2011-09-03 14:08:07 -04:00
response = strategy.call(make_env('/auth/test', 'SCRIPT_NAME' => '/sub_uri'))
expect(response[1]['Location']).to eq('/sub_uri/auth/test/callback')
2011-09-03 14:08:07 -04:00
end
2014-01-15 23:00:46 -05:00
it 'redirects on failure' do
response = OmniAuth.config.on_failure.call(make_env('/auth/test', 'omniauth.error.type' => 'error'))
expect(response[0]).to eq(302)
expect(response[1]['Location']).to eq('/auth/failure?message=error')
end
2014-01-15 23:00:46 -05:00
it 'respects SCRIPT_NAME (a.k.a. BaseURI) on failure' do
response = OmniAuth.config.on_failure.call(make_env('/auth/test', 'SCRIPT_NAME' => '/sub_uri', 'omniauth.error.type' => 'error'))
expect(response[0]).to eq(302)
expect(response[1]['Location']).to eq('/sub_uri/auth/failure?message=error')
end
2014-01-15 23:00:46 -05:00
it 'is case insensitive on callback path' do
expect(strategy.call(make_env('/AUTH/TeSt/CaLlBAck')).first).to eq(strategy.call(make_env('/auth/test/callback')).first)
2011-09-03 14:08:07 -04:00
end
2014-01-15 23:00:46 -05:00
it 'maintains host and port' do
2020-02-28 22:27:14 -05:00
response = strategy.call(make_env('/auth/test', 'rack.url_scheme' => 'http', 'SERVER_NAME' => 'example.org', 'SERVER_PORT' => 9292))
expect(response[1]['Location']).to eq('http://example.org:9292/auth/test/callback')
end
2014-01-15 23:00:46 -05:00
it 'maintains query string parameters' do
2011-09-03 14:08:07 -04:00
response = strategy.call(make_env('/auth/test', 'QUERY_STRING' => 'cheese=stilton'))
expect(response[1]['Location']).to eq('/auth/test/callback?cheese=stilton')
2011-09-03 14:08:07 -04:00
end
2014-01-15 23:00:46 -05:00
it 'does not short circuit requests outside of authentication' do
expect(strategy.call(make_env('/'))).to eq(app.call(make_env('/')))
2011-09-03 14:08:07 -04:00
end
2014-01-15 23:00:46 -05:00
it 'responds with the default hash if none is set' do
2012-01-11 09:58:29 -05:00
OmniAuth.config.mock_auth[:test] = nil
2011-09-03 14:08:07 -04:00
strategy.call make_env('/auth/test/callback')
expect(strategy.env['omniauth.auth']['uid']).to eq('1234')
2011-09-03 14:08:07 -04:00
end
2014-01-15 23:00:46 -05:00
it 'responds with a provider-specific hash if one is set' do
2011-09-03 14:08:07 -04:00
OmniAuth.config.mock_auth[:test] = {
2015-12-18 22:14:29 -05:00
'uid' => 'abc'
2011-09-03 14:08:07 -04:00
}
strategy.call make_env('/auth/test/callback')
expect(strategy.env['omniauth.auth']['uid']).to eq('abc')
2011-09-03 14:08:07 -04:00
end
2014-01-15 23:00:46 -05:00
it 'simulates login failure if mocked data is set as a symbol' do
2011-09-03 14:08:07 -04:00
OmniAuth.config.mock_auth[:test] = :invalid_credentials
strategy.call make_env('/auth/test/callback')
expect(strategy.env['omniauth.error.type']).to eq(:invalid_credentials)
2011-09-03 14:08:07 -04:00
end
context 'omniauth.origin' do
context 'disabled' do
it 'does not set omniauth.origin' do
@options = {:origin_param => false}
strategy.call(make_env('/auth/test', 'HTTP_REFERER' => 'http://example.com/origin'))
expect(strategy.env['rack.session']['omniauth.origin']).to be_nil
end
end
context 'default flow' do
it 'sets omniauth.origin to the HTTP_REFERER on the request phase by default' do
strategy.call(make_env('/auth/test', 'HTTP_REFERER' => 'http://example.com/origin'))
expect(strategy.env['rack.session']['omniauth.origin']).to eq('http://example.com/origin')
end
2011-09-03 14:08:07 -04:00
it 'sets omniauth.origin from the params if provided' do
strategy.call(make_env('/auth/test', 'QUERY_STRING' => 'origin=/foo'))
expect(strategy.env['rack.session']['omniauth.origin']).to eq('/foo')
end
end
context 'custom' do
it 'sets omniauth.origin from a custom param' do
@options = {:origin_param => 'return'}
strategy.call(make_env('/auth/test', 'QUERY_STRING' => 'return=/foo'))
expect(strategy.env['rack.session']['omniauth.origin']).to eq('/foo')
end
end
2011-09-03 14:08:07 -04:00
end
2014-01-15 23:00:46 -05:00
it 'turns omniauth.origin into an env variable on the callback phase' do
2011-09-03 14:08:07 -04:00
OmniAuth.config.mock_auth[:test] = {}
strategy.call(make_env('/auth/test/callback', 'rack.session' => {'omniauth.origin' => 'http://example.com/origin'}))
expect(strategy.env['omniauth.origin']).to eq('http://example.com/origin')
2011-09-03 14:08:07 -04:00
end
2012-01-11 09:58:29 -05:00
2014-01-15 23:00:46 -05:00
it 'executes callback hook on the callback phase' do
OmniAuth.config.mock_auth[:test] = {}
OmniAuth.config.before_callback_phase do |env|
2014-01-15 23:00:46 -05:00
env['foobar'] = 'baz'
end
strategy.call(make_env('/auth/test/callback', 'rack.session' => {'omniauth.origin' => 'http://example.com/origin'}))
expect(strategy.env['foobar']).to eq('baz')
end
it 'sets omniauth.params with query params on the request phase' do
OmniAuth.config.mock_auth[:test] = {}
strategy.call(make_env('/auth/test', 'QUERY_STRING' => 'foo=bar'))
2014-01-15 23:00:46 -05:00
expect(strategy.env['rack.session']['omniauth.params']).to eq('foo' => 'bar')
end
it 'does not set body parameters of POST request on the request phase' do
OmniAuth.config.mock_auth[:test] = {}
props = {
'REQUEST_METHOD' => 'POST',
'rack.input' => StringIO.new('foo=bar')
}
strategy.call(make_env('/auth/test', props))
expect(strategy.env['rack.session']['omniauth.params']).to eq({})
end
2014-01-15 23:00:46 -05:00
it 'executes request hook on the request phase' do
OmniAuth.config.mock_auth[:test] = {}
OmniAuth.config.before_request_phase do |env|
2014-01-15 23:00:46 -05:00
env['foobar'] = 'baz'
end
strategy.call(make_env('/auth/test', 'QUERY_STRING' => 'foo=bar'))
expect(strategy.env['foobar']).to eq('baz')
end
2014-01-15 23:00:46 -05:00
it 'turns omniauth.params into an env variable on the callback phase' do
OmniAuth.config.mock_auth[:test] = {}
strategy.call(make_env('/auth/test/callback', 'rack.session' => {'omniauth.params' => {'foo' => 'bar'}}))
2014-01-15 23:00:46 -05:00
expect(strategy.env['omniauth.params']).to eq('foo' => 'bar')
end
2020-12-10 23:07:38 -05:00
it 'rescues errors in request_call' do
allow(strategy).to receive(:mock_request_call).and_raise(StandardError.new('Oh no'))
expect(strategy).to receive(:fail!).with('Oh no', kind_of(StandardError))
strategy.call(make_env)
end
2011-10-26 02:21:38 -04:00
after do
OmniAuth.config.test_mode = false
end
2011-09-03 14:08:07 -04:00
end
2014-01-15 23:00:46 -05:00
context 'custom full_host' do
2011-10-26 02:21:38 -04:00
before do
OmniAuth.config.test_mode = true
end
2012-01-11 09:58:29 -05:00
2014-01-15 23:00:46 -05:00
it 'is the string when a string is there' do
2011-09-03 14:08:07 -04:00
OmniAuth.config.full_host = 'my.host.com'
expect(strategy.full_host).to eq('my.host.com')
2011-09-03 14:08:07 -04:00
end
2014-01-15 23:00:46 -05:00
it 'runs the proc with the env when it is a proc' do
OmniAuth.config.full_host = proc { |env| env['HOST'] }
2011-09-03 14:08:07 -04:00
strategy.call(make_env('/auth/test', 'HOST' => 'my.host.net'))
expect(strategy.full_host).to eq('my.host.net')
2011-09-03 14:08:07 -04:00
end
2012-01-11 09:58:29 -05:00
it "is based on the request if it's not a string nor a proc" do
OmniAuth.config.full_host = nil
strategy.call(make_env('/whatever', 'rack.url_scheme' => 'http', 'SERVER_NAME' => 'my.host.net', 'SERVER_PORT' => 80))
expect(strategy.full_host).to eq('http://my.host.net')
end
2014-01-16 00:04:44 -05:00
it 'honors HTTP_X_FORWARDED_PROTO if present' do
OmniAuth.config.full_host = nil
2014-01-15 23:00:46 -05:00
strategy.call(make_env('/whatever', 'HTTP_X_FORWARDED_PROTO' => 'https', 'rack.url_scheme' => 'http', 'SERVER_NAME' => 'my.host.net', 'SERVER_PORT' => 443))
expect(strategy.full_host).to eq('https://my.host.net')
end
2011-10-26 02:21:38 -04:00
after do
OmniAuth.config.full_host = nil
2011-10-26 02:21:38 -04:00
OmniAuth.config.test_mode = false
end
2011-09-03 14:08:07 -04:00
end
context 'authenticity validation' do
let(:app) { lambda { |_env| [200, {}, ['reached our target']] } }
let(:strategy) { ExampleStrategy.new(app, :request_path => '/auth/test') }
before do
OmniAuth.config.request_validation_phase = OmniAuth::AuthenticityTokenProtection
end
context 'with default POST only request methods' do
let!(:csrf_token) { SecureRandom.base64(32) }
let(:escaped_token) { URI.encode_www_form_component(csrf_token, Encoding::UTF_8) }
it 'allows a request with matching authenticity_token' do
expect(strategy).to receive(:fail!).with('Request Phase', kind_of(StandardError))
post_env = make_env('/auth/test', 'rack.session' => {:csrf => csrf_token}, 'rack.input' => StringIO.new("authenticity_token=#{escaped_token}"))
strategy.call(post_env)
end
it 'does not allow a request without a matching authenticity token' do
post_env = make_env('/auth/test', 'rack.input' => StringIO.new("authenticity_token=#{escaped_token}"))
expect(strategy.call(post_env)[0]).to eq(302)
expect(strategy.call(post_env)[2]).to eq(['302 Moved'])
end
end
context 'with allowed GET' do
let(:path) { '/auth/test' }
let(:get_env) { make_env(path, 'REQUEST_METHOD' => 'GET') }
before(:context) do
@old_allowed_request_methods = OmniAuth.config.allowed_request_methods
OmniAuth.config.allowed_request_methods = %i[post get]
end
it 'allows a request without authenticity token' do
expect(strategy).to receive(:fail!).with('Request Phase', kind_of(StandardError))
strategy.call(get_env)
end
describe 'warning message logging' do
before { allow(strategy).to receive(:log) }
it 'logs warning message' do
strategy.call(get_env)
expect(strategy).to have_received(:log).with(:warn, a_string_matching('You are using GET as an allowed request method')).once
end
context 'when not login path is requested' do
let(:path) { '/example/path' }
it 'does not log warning message' do
strategy.call(get_env)
expect(strategy).not_to have_received(:log).with(:warn, a_string_matching('You are using GET as an allowed request method'))
end
end
end
after(:context) do
OmniAuth.config.allowed_request_methods = @old_allowed_request_methods
end
end
context 'with custom allow_if proc' do
before do
OmniAuth.config.request_validation_phase = OmniAuth::AuthenticityTokenProtection.new(allow_if: ->(env) { true })
end
it 'allows a valid request' do
expect(strategy).to receive(:fail!).with('Request Phase', kind_of(StandardError))
post_env = make_env('/auth/test')
strategy.call(post_env)
end
end
after do
OmniAuth.config.request_validation_phase = nil
end
end
it 'calls fail! when encountering an unhandled exception' do
2020-12-10 23:07:47 -05:00
allow(strategy).to receive(:request_phase).and_raise(Errno::ECONNREFUSED)
expect(strategy).to receive(:fail!).with('Connection refused', kind_of(Errno::ECONNREFUSED))
strategy.call(make_env)
end
it 'redirects to the fail! result when encountering an unhandled exception' do
OmniAuth.config.test_mode = false
expect(strategy.call(make_env).first).to eq 302
end
context 'when in test mode and path not on request path' do
let(:path) { '/foo/bar' }
before do
OmniAuth.config.test_mode = true
OmniAuth.config.request_validation_phase = OmniAuth::AuthenticityTokenProtection
allow(OmniAuth::AuthenticityTokenProtection).to receive(:call).and_raise(OmniAuth::AuthenticityError)
end
it 'does not verify token' do
expect(strategy).not_to receive(:fail!)
strategy.call(make_env(path))
end
after do
OmniAuth.config.test_mode = false
OmniAuth.config.request_validation_phase = false
end
end
2011-09-03 14:08:07 -04:00
end
2014-01-15 23:00:46 -05:00
context 'setup phase' do
2011-10-26 02:21:38 -04:00
before do
OmniAuth.config.test_mode = true
end
2012-01-11 09:58:29 -05:00
2014-01-15 23:00:46 -05:00
context 'when options[:setup] = true' do
let(:strategy) do
ExampleStrategy.new(app, :setup => true)
end
let(:app) do
lambda do |env|
env['omniauth.strategy'].options[:awesome] = 'sauce' if env['PATH_INFO'] == '/auth/test/setup'
[404, {}, 'Awesome']
end
end
2011-09-03 14:08:07 -04:00
2014-01-15 23:00:46 -05:00
it 'calls through to /auth/:provider/setup' do
2011-09-03 14:08:07 -04:00
strategy.call(make_env('/auth/test'))
expect(strategy.options[:awesome]).to eq('sauce')
2011-09-03 14:08:07 -04:00
end
2014-01-15 23:00:46 -05:00
it 'does not call through on a non-omniauth endpoint' do
2011-09-03 14:08:07 -04:00
strategy.call(make_env('/somewhere/else'))
expect(strategy.options[:awesome]).not_to eq('sauce')
2011-09-03 14:08:07 -04:00
end
end
2014-01-15 23:00:46 -05:00
context 'when options[:setup] is an app' do
2011-09-03 14:08:07 -04:00
let(:setup_proc) do
2014-01-15 23:00:46 -05:00
proc do |env|
2011-09-03 14:08:07 -04:00
env['omniauth.strategy'].options[:awesome] = 'sauce'
end
end
let(:strategy) { ExampleStrategy.new(app, :setup => setup_proc) }
2011-09-03 14:08:07 -04:00
2014-01-15 23:00:46 -05:00
it 'does not call the app on a non-omniauth endpoint' do
2011-09-03 14:08:07 -04:00
strategy.call(make_env('/somehwere/else'))
expect(strategy.options[:awesome]).not_to eq('sauce')
2011-09-03 14:08:07 -04:00
end
2014-01-15 23:00:46 -05:00
it 'calls the rack app' do
2011-09-03 14:08:07 -04:00
strategy.call(make_env('/auth/test'))
expect(strategy.options[:awesome]).to eq('sauce')
2011-09-03 14:08:07 -04:00
end
end
2012-01-11 09:58:29 -05:00
2011-10-26 02:21:38 -04:00
after do
OmniAuth.config.test_mode = false
end
2011-09-03 14:08:07 -04:00
end
end