Allow for renaming/disabling of `origin` param.
This commit is contained in:
parent
df95e5c571
commit
867165ab23
|
@ -14,6 +14,7 @@ module OmniAuth
|
||||||
base.class_eval do
|
base.class_eval do
|
||||||
option :setup, false
|
option :setup, false
|
||||||
option :skip_info, false
|
option :skip_info, false
|
||||||
|
option :origin_param, 'origin'
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -200,21 +201,26 @@ module OmniAuth
|
||||||
def request_call # rubocop:disable CyclomaticComplexity, MethodLength, PerceivedComplexity
|
def request_call # rubocop:disable CyclomaticComplexity, MethodLength, PerceivedComplexity
|
||||||
setup_phase
|
setup_phase
|
||||||
log :info, 'Request phase initiated.'
|
log :info, 'Request phase initiated.'
|
||||||
|
|
||||||
# store query params from the request url, extracted in the callback_phase
|
# store query params from the request url, extracted in the callback_phase
|
||||||
session['omniauth.params'] = request.GET
|
session['omniauth.params'] = request.GET
|
||||||
OmniAuth.config.before_request_phase.call(env) if OmniAuth.config.before_request_phase
|
OmniAuth.config.before_request_phase.call(env) if OmniAuth.config.before_request_phase
|
||||||
|
|
||||||
if options.form.respond_to?(:call)
|
if options.form.respond_to?(:call)
|
||||||
log :info, 'Rendering form from supplied Rack endpoint.'
|
log :info, 'Rendering form from supplied Rack endpoint.'
|
||||||
options.form.call(env)
|
options.form.call(env)
|
||||||
elsif options.form
|
elsif options.form
|
||||||
log :info, 'Rendering form from underlying application.'
|
log :info, 'Rendering form from underlying application.'
|
||||||
call_app!
|
call_app!
|
||||||
|
elsif !options.origin_param
|
||||||
|
request_phase
|
||||||
else
|
else
|
||||||
if request.params['origin']
|
if request.params[options.origin_param]
|
||||||
env['rack.session']['omniauth.origin'] = request.params['origin']
|
env['rack.session']['omniauth.origin'] = request.params[options.origin_param]
|
||||||
elsif env['HTTP_REFERER'] && !env['HTTP_REFERER'].match(/#{request_path}$/)
|
elsif env['HTTP_REFERER'] && !env['HTTP_REFERER'].match(/#{request_path}$/)
|
||||||
env['rack.session']['omniauth.origin'] = env['HTTP_REFERER']
|
env['rack.session']['omniauth.origin'] = env['HTTP_REFERER']
|
||||||
end
|
end
|
||||||
|
|
||||||
request_phase
|
request_phase
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -300,42 +300,60 @@ describe OmniAuth::Strategy do
|
||||||
let(:strategy) { ExampleStrategy.new(app, @options || {}) }
|
let(:strategy) { ExampleStrategy.new(app, @options || {}) }
|
||||||
|
|
||||||
context 'omniauth.origin' do
|
context 'omniauth.origin' do
|
||||||
it 'is set on the request phase' do
|
context 'disabled' do
|
||||||
expect { strategy.call(make_env('/auth/test', 'HTTP_REFERER' => 'http://example.com/origin')) }.to raise_error('Request Phase')
|
it 'does not set omniauth.origin' do
|
||||||
expect(strategy.last_env['rack.session']['omniauth.origin']).to eq('http://example.com/origin')
|
@options = { :origin_param => false }
|
||||||
|
expect { strategy.call(make_env('/auth/test', 'QUERY_STRING' => 'return=/foo')) }.to raise_error('Request Phase')
|
||||||
|
expect(strategy.last_env['rack.session']['omniauth.origin']).to eq(nil)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'is turned into an env variable on the callback phase' do
|
context 'custom' do
|
||||||
expect { strategy.call(make_env('/auth/test/callback', 'rack.session' => {'omniauth.origin' => 'http://example.com/origin'})) }.to raise_error('Callback Phase')
|
it 'sets from a custom param' do
|
||||||
expect(strategy.last_env['omniauth.origin']).to eq('http://example.com/origin')
|
@options = { :origin_param => 'return' }
|
||||||
|
expect { strategy.call(make_env('/auth/test', 'QUERY_STRING' => 'return=/foo')) }.to raise_error('Request Phase')
|
||||||
|
expect(strategy.last_env['rack.session']['omniauth.origin']).to eq('/foo')
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'sets from the params if provided' do
|
context 'default flow' do
|
||||||
expect { strategy.call(make_env('/auth/test', 'QUERY_STRING' => 'origin=/foo')) }.to raise_error('Request Phase')
|
it 'is set on the request phase' do
|
||||||
expect(strategy.last_env['rack.session']['omniauth.origin']).to eq('/foo')
|
expect { strategy.call(make_env('/auth/test', 'HTTP_REFERER' => 'http://example.com/origin')) }.to raise_error('Request Phase')
|
||||||
end
|
expect(strategy.last_env['rack.session']['omniauth.origin']).to eq('http://example.com/origin')
|
||||||
|
|
||||||
it 'is set on the failure env' do
|
|
||||||
expect(OmniAuth.config).to receive(:on_failure).and_return(lambda { |env| env })
|
|
||||||
@options = {:failure => :forced_fail}
|
|
||||||
strategy.call(make_env('/auth/test/callback', 'rack.session' => {'omniauth.origin' => '/awesome'}))
|
|
||||||
end
|
|
||||||
|
|
||||||
context 'with script_name' do
|
|
||||||
it 'is set on the request phase, containing full path' do
|
|
||||||
env = {'HTTP_REFERER' => 'http://example.com/sub_uri/origin', 'SCRIPT_NAME' => '/sub_uri'}
|
|
||||||
expect { strategy.call(make_env('/auth/test', env)) }.to raise_error('Request Phase')
|
|
||||||
expect(strategy.last_env['rack.session']['omniauth.origin']).to eq('http://example.com/sub_uri/origin')
|
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'is turned into an env variable on the callback phase, containing full path' do
|
it 'is turned into an env variable on the callback phase' do
|
||||||
env = {
|
expect { strategy.call(make_env('/auth/test/callback', 'rack.session' => {'omniauth.origin' => 'http://example.com/origin'})) }.to raise_error('Callback Phase')
|
||||||
'rack.session' => {'omniauth.origin' => 'http://example.com/sub_uri/origin'},
|
expect(strategy.last_env['omniauth.origin']).to eq('http://example.com/origin')
|
||||||
'SCRIPT_NAME' => '/sub_uri'
|
end
|
||||||
}
|
|
||||||
|
|
||||||
expect { strategy.call(make_env('/auth/test/callback', env)) }.to raise_error('Callback Phase')
|
it 'sets from the params if provided' do
|
||||||
expect(strategy.last_env['omniauth.origin']).to eq('http://example.com/sub_uri/origin')
|
expect { strategy.call(make_env('/auth/test', 'QUERY_STRING' => 'origin=/foo')) }.to raise_error('Request Phase')
|
||||||
|
expect(strategy.last_env['rack.session']['omniauth.origin']).to eq('/foo')
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'is set on the failure env' do
|
||||||
|
expect(OmniAuth.config).to receive(:on_failure).and_return(lambda { |env| env })
|
||||||
|
@options = {:failure => :forced_fail}
|
||||||
|
strategy.call(make_env('/auth/test/callback', 'rack.session' => {'omniauth.origin' => '/awesome'}))
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'with script_name' do
|
||||||
|
it 'is set on the request phase, containing full path' do
|
||||||
|
env = {'HTTP_REFERER' => 'http://example.com/sub_uri/origin', 'SCRIPT_NAME' => '/sub_uri'}
|
||||||
|
expect { strategy.call(make_env('/auth/test', env)) }.to raise_error('Request Phase')
|
||||||
|
expect(strategy.last_env['rack.session']['omniauth.origin']).to eq('http://example.com/sub_uri/origin')
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'is turned into an env variable on the callback phase, containing full path' do
|
||||||
|
env = {
|
||||||
|
'rack.session' => {'omniauth.origin' => 'http://example.com/sub_uri/origin'},
|
||||||
|
'SCRIPT_NAME' => '/sub_uri'
|
||||||
|
}
|
||||||
|
|
||||||
|
expect { strategy.call(make_env('/auth/test/callback', env)) }.to raise_error('Callback Phase')
|
||||||
|
expect(strategy.last_env['omniauth.origin']).to eq('http://example.com/sub_uri/origin')
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue