github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-06-02 15:54:43 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: Ensure that user has been authenticated.

Browse Source
This commit is contained in:
Guo Xiang Tan
2017-02-24 10:27:41 +08:00
parent 3754b038e8
commit fbe51d68a7
3 changed files with 42 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
spec/components/auth/user_authenticator_spec.rb Normal file
View File

@ -0,0 +1,36 @@
require 'rails_helper'
RSpec.describe UserAuthenticator do
let(:user) { Fabricate(:user, email: 'test@discourse.org') }
describe "#finish" do
before do
SiteSetting.enable_google_oauth2_logins = true
end
it "should execute provider's callback" do
user.update!(email: 'test@gmail.com')
authenticator = UserAuthenticator.new(user, { authentication: {
authenticator_name: Auth::GoogleOAuth2Authenticator.new.name,
email: user.email,
email_valid: true,
extra_data: { google_user_id: 1 }
}})
expect { authenticator.finish }.to change { GoogleUserInfo.count }.by(1)
end
describe "when session's email is different from user's email" do
it "should not execute provider's callback" do
authenticator = UserAuthenticator.new(user, { authentication: {
authenticator_name: Auth::GoogleOAuth2Authenticator.new.name,
email: 'test@gmail.com',
email_valid: true
}})
expect { authenticator.finish }.to_not change { GoogleUserInfo.count }
end
end
end
end