Warn only on GET requests for login path
This commit is contained in:
parent
481e307347
commit
b72a8db667
|
@ -180,9 +180,10 @@ module OmniAuth
|
||||||
raise(error)
|
raise(error)
|
||||||
end
|
end
|
||||||
|
|
||||||
warn_if_using_get
|
|
||||||
|
|
||||||
@env = env
|
@env = env
|
||||||
|
|
||||||
|
warn_if_using_get_on_request_path
|
||||||
|
|
||||||
@env['omniauth.strategy'] = self if on_auth_path?
|
@env['omniauth.strategy'] = self if on_auth_path?
|
||||||
|
|
||||||
return mock_call!(env) if OmniAuth.config.test_mode
|
return mock_call!(env) if OmniAuth.config.test_mode
|
||||||
|
@ -201,7 +202,8 @@ module OmniAuth
|
||||||
@app.call(env)
|
@app.call(env)
|
||||||
end
|
end
|
||||||
|
|
||||||
def warn_if_using_get
|
def warn_if_using_get_on_request_path
|
||||||
|
return unless on_request_path?
|
||||||
return unless OmniAuth.config.allowed_request_methods.include?(:get)
|
return unless OmniAuth.config.allowed_request_methods.include?(:get)
|
||||||
return if OmniAuth.config.silence_get_warning
|
return if OmniAuth.config.silence_get_warning
|
||||||
|
|
||||||
|
|
|
@ -986,6 +986,9 @@ describe OmniAuth::Strategy do
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'with allowed GET' do
|
context 'with allowed GET' do
|
||||||
|
let(:path) { '/auth/test' }
|
||||||
|
let(:get_env) { make_env(path, 'REQUEST_METHOD' => 'GET') }
|
||||||
|
|
||||||
before(:context) do
|
before(:context) do
|
||||||
@old_allowed_request_methods = OmniAuth.config.allowed_request_methods
|
@old_allowed_request_methods = OmniAuth.config.allowed_request_methods
|
||||||
OmniAuth.config.allowed_request_methods = %i[post get]
|
OmniAuth.config.allowed_request_methods = %i[post get]
|
||||||
|
@ -994,10 +997,27 @@ describe OmniAuth::Strategy do
|
||||||
it 'allows a request without authenticity token' do
|
it 'allows a request without authenticity token' do
|
||||||
expect(strategy).to receive(:fail!).with('Request Phase', kind_of(StandardError))
|
expect(strategy).to receive(:fail!).with('Request Phase', kind_of(StandardError))
|
||||||
|
|
||||||
get_env = make_env('/auth/test', 'REQUEST_METHOD' => 'GET')
|
|
||||||
strategy.call(get_env)
|
strategy.call(get_env)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe 'warning message logging' do
|
||||||
|
before { allow(strategy).to receive(:log) }
|
||||||
|
|
||||||
|
it 'logs warning message' do
|
||||||
|
strategy.call(get_env)
|
||||||
|
expect(strategy).to have_received(:log).with(:warn, a_string_matching('You are using GET as an allowed request method')).once
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'when not login path is requested' do
|
||||||
|
let(:path) { '/example/path' }
|
||||||
|
|
||||||
|
it 'does not log warning message' do
|
||||||
|
strategy.call(get_env)
|
||||||
|
expect(strategy).not_to have_received(:log).with(:warn, a_string_matching('You are using GET as an allowed request method'))
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
after(:context) do
|
after(:context) do
|
||||||
OmniAuth.config.allowed_request_methods = @old_allowed_request_methods
|
OmniAuth.config.allowed_request_methods = @old_allowed_request_methods
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue