github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-30 07:11:34 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: hide sso payload behind a button click and log views (#12110)

Browse Source
This commit is contained in:
Arpit Jalan
2021-02-17 21:27:51 +05:30
committed by GitHub
parent 431c6de480
commit a174c8b8d4
8 changed files with 81 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
spec/requests/users_controller_spec.rb
View File

@ -2782,6 +2782,34 @@ describe UsersController do
end
end
describe '#check_sso_payload' do
it 'raises an error when not logged in' do
get "/u/zogstrip/sso-payload.json"
expect(response.status).to eq(403)
end
context 'while logged in' do
let(:sign_in_admin) { sign_in(Fabricate(:admin)) }
let(:user) { Fabricate(:user) }
it "raises an error when you aren't allowed to check sso payload" do
sign_in(Fabricate(:user))
get "/u/#{user.username}/sso-payload.json"
expect(response).to be_forbidden
end
it "returns SSO payload when you're allowed to see" do
user.single_sign_on_record = SingleSignOnRecord.create(user_id: user.id, external_email: "foobar@example.com", external_id: "example", last_payload: "foobar")
sign_in_admin
get "/u/#{user.username}/sso-payload.json"
expect(response.status).to eq(200)
expect(response.parsed_body["payload"]).to eq("foobar")
end
end
end
describe '#update_primary_email' do
fab!(:user) { Fabricate(:user) }
fab!(:user_email) { user.primary_email }