Revert "Revert "SECURITY: Ensure oAuth authenticated email is the same as created user's email.""

This reverts commit 0e3def7d2b78053bb84cc432afc65228e66143aa.
2025-05-28 23:27:46 +08:00 · 2017-02-28 11:27:14 +08:00
parent 41c850f31d
commit e6d75f6844
3 changed files with 42 additions and 1 deletions
--- a/spec/components/auth/user_authenticator_spec.rb
+++ b/spec/components/auth/user_authenticator_spec.rb
@ -0,0 +1,36 @@
+require 'rails_helper'
+
+RSpec.describe UserAuthenticator do
+  let(:user) { Fabricate(:user, email: 'test@discourse.org') }
+
+  describe "#finish" do
+    before do
+      SiteSetting.enable_google_oauth2_logins = true
+    end
+
+    it "should execute provider's callback" do
+      user.update!(email: 'test@gmail.com')
+
+      authenticator = UserAuthenticator.new(user, { authentication: {
+        authenticator_name: Auth::GoogleOAuth2Authenticator.new.name,
+        email: user.email,
+        email_valid: true,
+        extra_data: { google_user_id: 1 }
+      }})
+
+      expect { authenticator.finish }.to change { GoogleUserInfo.count }.by(1)
+    end
+
+    describe "when session's email is different from user's email" do
+      it "should not execute provider's callback" do
+        authenticator = UserAuthenticator.new(user, { authentication: {
+          authenticator_name: Auth::GoogleOAuth2Authenticator.new.name,
+          email: 'test@gmail.com',
+          email_valid: true
+        }})
+
+        expect { authenticator.finish }.to_not change { GoogleUserInfo.count }
+      end
+    end
+  end
+end