diff --git a/app/controllers/users/omniauth_callbacks_controller.rb b/app/controllers/users/omniauth_callbacks_controller.rb index 9a57c58eb4e..e1be38da8c2 100644 --- a/app/controllers/users/omniauth_callbacks_controller.rb +++ b/app/controllers/users/omniauth_callbacks_controller.rb @@ -1,9 +1,15 @@ # -*- encoding : utf-8 -*- require_dependency 'email' +require_dependency 'enum' + class Users::OmniauthCallbacksController < ApplicationController layout false + def self.types + @types ||= Enum.new(:facebook, :twitter, :google, :yahoo, :github, :persona) + end + # need to be able to call this skip_before_filter :check_xhr @@ -11,19 +17,15 @@ class Users::OmniauthCallbacksController < ApplicationController skip_before_filter :verify_authenticity_token, :only => :complete def complete - auth_token = env["omniauth.auth"] - case params[:provider] - when "facebook" - create_or_sign_on_user_using_facebook(auth_token) - when "twitter" - create_or_sign_on_user_using_twitter(auth_token) - when "google", "yahoo" - create_or_sign_on_user_using_openid(auth_token) - when "github" - create_or_sign_on_user_using_github(auth_token) - when "persona" - create_or_sign_on_user_using_persona(auth_token) - end + # Make sure we support that provider + provider = params[:provider] + raise Discourse::InvalidAccess.new unless self.class.types.include?(provider.to_sym) + + # Check if the provider is enabled + raise Discourse::InvalidAccess.new("provider is not enabled") unless SiteSetting.send("enable_#{provider}_logins?") + + # Call the appropriate logic + send("create_or_sign_on_user_using_#{provider}", request.env["omniauth.auth"]) respond_to do |format| format.html @@ -80,7 +82,6 @@ class Users::OmniauthCallbacksController < ApplicationController username = User.suggest_username(name) - session[:authentication] = { facebook: { facebook_user_id: fb_uid , @@ -179,6 +180,9 @@ class Users::OmniauthCallbacksController < ApplicationController end + alias_method :create_or_sign_on_user_using_yahoo, :create_or_sign_on_user_using_openid + alias_method :create_or_sign_on_user_using_google, :create_or_sign_on_user_using_openid + def create_or_sign_on_user_using_github(auth_token) data = auth_token[:info] diff --git a/spec/controllers/omniauth_callbacks_controller_spec.rb b/spec/controllers/omniauth_callbacks_controller_spec.rb new file mode 100644 index 00000000000..4c6984475d1 --- /dev/null +++ b/spec/controllers/omniauth_callbacks_controller_spec.rb @@ -0,0 +1,134 @@ +require 'spec_helper' + +describe Users::OmniauthCallbacksController do + + let(:auth) { {info: {email: 'eviltrout@made.up.email', name: 'Robin Ward', uid: 123456789}, "extra" => {"raw_info" => {} } } } + + describe 'invalid provider' do + + it "fails" do + request.env["omniauth.auth"] = auth + get :complete, provider: 'hackprovider' + response.should_not be_success + end + + end + + describe 'twitter' do + + before do + request.env["omniauth.auth"] = auth + end + + it "fails when twitter logins are disabled" do + SiteSetting.stubs(:enable_twitter_logins?).returns(false) + get :complete, provider: 'twitter' + response.should_not be_success + end + + it "succeeds when twitter logins are enabled" do + SiteSetting.stubs(:enable_twitter_logins?).returns(true) + get :complete, provider: 'twitter' + response.should be_success + end + + end + + describe 'facebook' do + + before do + request.env["omniauth.auth"] = auth + end + + it "fails when facebook logins are disabled" do + SiteSetting.stubs(:enable_facebook_logins?).returns(false) + get :complete, provider: 'facebook' + response.should_not be_success + end + + it "succeeds when facebook logins are enabled" do + SiteSetting.stubs(:enable_facebook_logins?).returns(true) + get :complete, provider: 'facebook' + response.should be_success + end + + end + + + describe 'open id handler' do + + before do + request.env["omniauth.auth"] = { info: {email: 'eviltrout@made.up.email'}, extra: {identity_url: 'http://eviltrout.com'}} + end + + describe "google" do + it "fails when google logins are disabled" do + SiteSetting.stubs(:enable_google_logins?).returns(false) + get :complete, provider: 'google' + response.should_not be_success + end + + it "succeeds when google logins are enabled" do + SiteSetting.stubs(:enable_google_logins?).returns(true) + get :complete, provider: 'google' + response.should be_success + end + end + + describe "yahoo" do + it "fails when yahoo logins are disabled" do + SiteSetting.stubs(:enable_yahoo_logins?).returns(false) + get :complete, provider: 'yahoo' + response.should_not be_success + end + + it "succeeds when yahoo logins are enabled" do + SiteSetting.stubs(:enable_yahoo_logins?).returns(true) + get :complete, provider: 'yahoo' + response.should be_success + end + end + + end + + describe 'github' do + + before do + request.env["omniauth.auth"] = auth + end + + it "fails when github logins are disabled" do + SiteSetting.stubs(:enable_github_logins?).returns(false) + get :complete, provider: 'github' + response.should_not be_success + end + + it "succeeds when github logins are enabled" do + SiteSetting.stubs(:enable_github_logins?).returns(true) + get :complete, provider: 'github' + response.should be_success + end + + end + + describe 'persona' do + + before do + request.env["omniauth.auth"] = auth + end + + it "fails when persona logins are disabled" do + SiteSetting.stubs(:enable_persona_logins?).returns(false) + get :complete, provider: 'persona' + response.should_not be_success + end + + it "succeeds when persona logins are enabled" do + SiteSetting.stubs(:enable_persona_logins?).returns(true) + get :complete, provider: 'persona' + response.should be_success + end + + end + +end