Merge pull request #913 from 97jaz/origin-mock-request

Updates mock request phase to use options.origin correctly
2022-11-09 12:31:49 -05:00 · 2017-10-02 13:13:46 -04:00 · 2017-10-02 13:13:46 -04:00 · ef7f7c2349
commit ef7f7c2349
parent e9978e377f 25363559da
2 changed files with 33 additions and 11 deletions
--- a/lib/omniauth/strategy.rb
+++ b/lib/omniauth/strategy.rb
@ -276,10 +276,12 @@ module OmniAuth

      session['omniauth.params'] = request.GET
      OmniAuth.config.before_request_phase.call(env) if OmniAuth.config.before_request_phase
-      if request.params['origin']
-        session['omniauth.origin'] = request.params['origin']
-      elsif env['HTTP_REFERER'] && !env['HTTP_REFERER'].match(/#{request_path}$/)
-        session['omniauth.origin'] = env['HTTP_REFERER']
+      if options.origin_param
+        if request.params[options.origin_param]
+          session['omniauth.origin'] = request.params[options.origin_param]
+        elsif env['HTTP_REFERER'] && !env['HTTP_REFERER'].match(/#{request_path}$/)
+          session['omniauth.origin'] = env['HTTP_REFERER']
+        end
      end

      redirect(callback_url)
--- a/spec/omniauth/strategy_spec.rb
+++ b/spec/omniauth/strategy_spec.rb
@ -689,14 +689,34 @@ describe OmniAuth::Strategy do
        expect(strategy.env['omniauth.error.type']).to eq(:invalid_credentials)
      end

-      it 'sets omniauth.origin on the request phase' do
-        strategy.call(make_env('/auth/test', 'HTTP_REFERER' => 'http://example.com/origin'))
-        expect(strategy.env['rack.session']['omniauth.origin']).to eq('http://example.com/origin')
-      end
+      context 'omniauth.origin' do
+        context 'disabled' do
+          it 'does not set omniauth.origin' do
+            @options = {:origin_param => false}
+            strategy.call(make_env('/auth/test', 'HTTP_REFERER' => 'http://example.com/origin'))
+            expect(strategy.env['rack.session']['omniauth.origin']).to be_nil
+          end
+        end

-      it 'sets omniauth.origin from the params if provided' do
-        strategy.call(make_env('/auth/test', 'QUERY_STRING' => 'origin=/foo'))
-        expect(strategy.env['rack.session']['omniauth.origin']).to eq('/foo')
+        context 'default flow' do
+          it 'sets omniauth.origin to the HTTP_REFERER on the request phase by default' do
+            strategy.call(make_env('/auth/test', 'HTTP_REFERER' => 'http://example.com/origin'))
+            expect(strategy.env['rack.session']['omniauth.origin']).to eq('http://example.com/origin')
+          end
+
+          it 'sets omniauth.origin from the params if provided' do
+            strategy.call(make_env('/auth/test', 'QUERY_STRING' => 'origin=/foo'))
+            expect(strategy.env['rack.session']['omniauth.origin']).to eq('/foo')
+          end
+        end
+
+        context 'custom' do
+          it 'sets omniauth.origin from a custom param' do
+            @options = {:origin_param => 'return'}
+            strategy.call(make_env('/auth/test', 'QUERY_STRING' => 'return=/foo'))
+            expect(strategy.env['rack.session']['omniauth.origin']).to eq('/foo')
+          end
+        end
      end

      it 'turns omniauth.origin into an env variable on the callback phase' do