kotovalexarian-likes-github
/
omniauth--omniauth
mirror of https://github.com/omniauth/omniauth.git
1
0
Fork 0
Code Releases Activity

Allow for renaming/disabling of `origin` param.

This commit is contained in:
tmilewski 2017-09-28 12:22:16 -04:00
parent df95e5c571
commit 867165ab23
No known key found for this signature in database
GPG Key ID: 60478E252CC674E7
2 changed files with 55 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lib/omniauth/strategy.rb
View File

@ -14,6 +14,7 @@ module OmniAuth
base.class_eval do base.class_eval do
option :setup, false option :setup, false
option :skip_info, false option :skip_info, false
option :origin_param, 'origin'
end end
end end
@ -200,21 +201,26 @@ module OmniAuth
def request_call # rubocop:disable CyclomaticComplexity, MethodLength, PerceivedComplexity def request_call # rubocop:disable CyclomaticComplexity, MethodLength, PerceivedComplexity
setup_phase setup_phase
log :info, 'Request phase initiated.' log :info, 'Request phase initiated.'
# store query params from the request url, extracted in the callback_phase # store query params from the request url, extracted in the callback_phase
session['omniauth.params'] = request.GET session['omniauth.params'] = request.GET
OmniAuth.config.before_request_phase.call(env) if OmniAuth.config.before_request_phase OmniAuth.config.before_request_phase.call(env) if OmniAuth.config.before_request_phase
if options.form.respond_to?(:call) if options.form.respond_to?(:call)
log :info, 'Rendering form from supplied Rack endpoint.' log :info, 'Rendering form from supplied Rack endpoint.'
options.form.call(env) options.form.call(env)
elsif options.form elsif options.form
log :info, 'Rendering form from underlying application.' log :info, 'Rendering form from underlying application.'
call_app! call_app!
elsif !options.origin_param
request_phase
else else
if request.params['origin'] if request.params[options.origin_param]
env['rack.session']['omniauth.origin'] = request.params['origin'] env['rack.session']['omniauth.origin'] = request.params[options.origin_param]
elsif env['HTTP_REFERER'] && !env['HTTP_REFERER'].match(/#{request_path}$/) elsif env['HTTP_REFERER'] && !env['HTTP_REFERER'].match(/#{request_path}$/)
env['rack.session']['omniauth.origin'] = env['HTTP_REFERER'] env['rack.session']['omniauth.origin'] = env['HTTP_REFERER']
end end
request_phase request_phase
end end
end end

76
spec/omniauth/strategy_spec.rb
View File

@ -300,42 +300,60 @@ describe OmniAuth::Strategy do
let(:strategy) { ExampleStrategy.new(app, @options || {}) } let(:strategy) { ExampleStrategy.new(app, @options || {}) }
context 'omniauth.origin' do context 'omniauth.origin' do
it 'is set on the request phase' do context 'disabled' do
expect { strategy.call(make_env('/auth/test', 'HTTP_REFERER' => 'http://example.com/origin')) }.to raise_error('Request Phase') it 'does not set omniauth.origin' do
expect(strategy.last_env['rack.session']['omniauth.origin']).to eq('http://example.com/origin') @options = { :origin_param => false }
expect { strategy.call(make_env('/auth/test', 'QUERY_STRING' => 'return=/foo')) }.to raise_error('Request Phase')
expect(strategy.last_env['rack.session']['omniauth.origin']).to eq(nil)
end
end end
it 'is turned into an env variable on the callback phase' do context 'custom' do
expect { strategy.call(make_env('/auth/test/callback', 'rack.session' => {'omniauth.origin' => 'http://example.com/origin'})) }.to raise_error('Callback Phase') it 'sets from a custom param' do
expect(strategy.last_env['omniauth.origin']).to eq('http://example.com/origin') @options = { :origin_param => 'return' }
expect { strategy.call(make_env('/auth/test', 'QUERY_STRING' => 'return=/foo')) }.to raise_error('Request Phase')
expect(strategy.last_env['rack.session']['omniauth.origin']).to eq('/foo')
end
end end
it 'sets from the params if provided' do context 'default flow' do
expect { strategy.call(make_env('/auth/test', 'QUERY_STRING' => 'origin=/foo')) }.to raise_error('Request Phase') it 'is set on the request phase' do
expect(strategy.last_env['rack.session']['omniauth.origin']).to eq('/foo') expect { strategy.call(make_env('/auth/test', 'HTTP_REFERER' => 'http://example.com/origin')) }.to raise_error('Request Phase')
end expect(strategy.last_env['rack.session']['omniauth.origin']).to eq('http://example.com/origin')
it 'is set on the failure env' do
expect(OmniAuth.config).to receive(:on_failure).and_return(lambda { |env| env })
@options = {:failure => :forced_fail}
strategy.call(make_env('/auth/test/callback', 'rack.session' => {'omniauth.origin' => '/awesome'}))
end
context 'with script_name' do
it 'is set on the request phase, containing full path' do
env = {'HTTP_REFERER' => 'http://example.com/sub_uri/origin', 'SCRIPT_NAME' => '/sub_uri'}
expect { strategy.call(make_env('/auth/test', env)) }.to raise_error('Request Phase')
expect(strategy.last_env['rack.session']['omniauth.origin']).to eq('http://example.com/sub_uri/origin')
end end
it 'is turned into an env variable on the callback phase, containing full path' do it 'is turned into an env variable on the callback phase' do
env = { expect { strategy.call(make_env('/auth/test/callback', 'rack.session' => {'omniauth.origin' => 'http://example.com/origin'})) }.to raise_error('Callback Phase')
'rack.session' => {'omniauth.origin' => 'http://example.com/sub_uri/origin'}, expect(strategy.last_env['omniauth.origin']).to eq('http://example.com/origin')
'SCRIPT_NAME' => '/sub_uri' end
}
expect { strategy.call(make_env('/auth/test/callback', env)) }.to raise_error('Callback Phase') it 'sets from the params if provided' do
expect(strategy.last_env['omniauth.origin']).to eq('http://example.com/sub_uri/origin') expect { strategy.call(make_env('/auth/test', 'QUERY_STRING' => 'origin=/foo')) }.to raise_error('Request Phase')
expect(strategy.last_env['rack.session']['omniauth.origin']).to eq('/foo')
end
it 'is set on the failure env' do
expect(OmniAuth.config).to receive(:on_failure).and_return(lambda { |env| env })
@options = {:failure => :forced_fail}
strategy.call(make_env('/auth/test/callback', 'rack.session' => {'omniauth.origin' => '/awesome'}))
end
context 'with script_name' do
it 'is set on the request phase, containing full path' do
env = {'HTTP_REFERER' => 'http://example.com/sub_uri/origin', 'SCRIPT_NAME' => '/sub_uri'}
expect { strategy.call(make_env('/auth/test', env)) }.to raise_error('Request Phase')
expect(strategy.last_env['rack.session']['omniauth.origin']).to eq('http://example.com/sub_uri/origin')
end
it 'is turned into an env variable on the callback phase, containing full path' do
env = {
'rack.session' => {'omniauth.origin' => 'http://example.com/sub_uri/origin'},
'SCRIPT_NAME' => '/sub_uri'
}
expect { strategy.call(make_env('/auth/test/callback', env)) }.to raise_error('Callback Phase')
expect(strategy.last_env['omniauth.origin']).to eq('http://example.com/sub_uri/origin')
end
end end
end end
end end