1
0
Fork 0
mirror of https://github.com/omniauth/omniauth.git synced 2022-11-09 12:31:49 -05:00

Merge pull request #1033 from jsdalton/fix-mock-call

Ensure mock call verifies authenticity tokens with same logic as real call
This commit is contained in:
Bobby McDonald 2021-02-02 10:53:01 -05:00 committed by GitHub
commit 6c822c0c95
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 23 additions and 1 deletions

View file

@ -299,7 +299,6 @@ module OmniAuth
# in test mode.
def mock_call!(*)
begin
OmniAuth.config.request_validation_phase.call(env) if OmniAuth.config.request_validation_phase
return mock_request_call if on_request_path? && OmniAuth.config.allowed_request_methods.include?(request.request_method.downcase.to_sym)
return mock_callback_call if on_callback_path?
rescue StandardError => e
@ -313,7 +312,10 @@ module OmniAuth
setup_phase
session['omniauth.params'] = request.GET
OmniAuth.config.request_validation_phase.call(env) if OmniAuth.config.request_validation_phase
OmniAuth.config.before_request_phase.call(env) if OmniAuth.config.before_request_phase
if options.origin_param
if request.params[options.origin_param]
session['omniauth.origin'] = request.params[options.origin_param]

View file

@ -1001,6 +1001,26 @@ describe OmniAuth::Strategy do
OmniAuth.config.test_mode = false
expect(strategy.call(make_env).first).to eq 302
end
context 'when in test mode and path not on request path' do
let(:path) { '/foo/bar' }
before do
OmniAuth.config.test_mode = true
OmniAuth.config.request_validation_phase = OmniAuth::AuthenticityTokenProtection
allow(OmniAuth::AuthenticityTokenProtection).to receive(:call).and_raise(OmniAuth::AuthenticityError)
end
it 'does not verify token' do
expect(strategy).not_to receive(:fail!)
strategy.call(make_env(path))
end
after do
OmniAuth.config.test_mode = false
OmniAuth.config.request_validation_phase = false
end
end
end
context 'setup phase' do