github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-26 04:33:38 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: protect against future regressions of google omniauth

Browse Source
This commit is contained in:
Sam
2016-11-07 12:48:00 +11:00
parent 6a720b6011
commit 2ddabc3928
2 changed files with 34 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lib/auth/google_oauth2_authenticator.rb
View File

@ -18,9 +18,12 @@ class Auth::GoogleOAuth2Authenticator < Auth::Authenticator
user_info = GoogleUserInfo.find_by(google_user_id: google_hash[:google_user_id]) user_info = GoogleUserInfo.find_by(google_user_id: google_hash[:google_user_id])
result.user = user_info.try(:user) result.user = user_info.try(:user)
if !result.user && !result.email.blank? && result.user = User.find_by_email(result.email) if !result.user && !result.email.blank? && result.email_valid
result.user = User.find_by_email(result.email)
if result.user
GoogleUserInfo.create({user_id: result.user.id}.merge(google_hash)) GoogleUserInfo.create({user_id: result.user.id}.merge(google_hash))
end end
end
result result
end end

35
spec/components/auth/google_oauth2_authenticator_spec.rb
View File

@ -6,9 +6,11 @@ load 'auth/google_oauth2_authenticator.rb'
describe Auth::GoogleOAuth2Authenticator do describe Auth::GoogleOAuth2Authenticator do
context 'after_authenticate' do it 'does not look up user unless email is verified' do
it 'can authenticate and create a user record for already existing users' do # note, emails that come back from google via omniauth are always valid
authenticator = described_class.new # this protects against future regressions
authenticator = Auth::GoogleOAuth2Authenticator.new
user = Fabricate(:user) user = Fabricate(:user)
hash = { hash = {
@ -19,7 +21,32 @@ describe Auth::GoogleOAuth2Authenticator do
}, },
:extra => { :extra => {
:raw_info => { :raw_info => {
:email => "user@domain.example.com", :email => user.email,
:email_verified => false,
:name => "John Doe"
}
}
}
result = authenticator.after_authenticate(hash)
expect(result.user).to eq(nil)
end
context 'after_authenticate' do
it 'can authenticate and create a user record for already existing users' do
authenticator = Auth::GoogleOAuth2Authenticator.new
user = Fabricate(:user)
hash = {
:uid => "123456789",
:info => {
:name => "John Doe",
:email => user.email
},
:extra => {
:raw_info => {
:email => user.email,
:email_verified => true, :email_verified => true,
:name => "John Doe" :name => "John Doe"
} }