forked from increments/mastodon
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request increments#75 from tomoasleep/fix/oauth-redirection
Qiitaログイン時のリダイレクト先を修正
- Loading branch information
Showing
9 changed files
with
311 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
# frozen_string_literal: true | ||
|
||
module AfterSignInPathLeadable | ||
extend ActiveSupport::Concern | ||
|
||
protected | ||
|
||
def after_sign_in_path_for(resource) | ||
after_sign_in_path = resolve_url(location_after_sign_in) | ||
|
||
if home_paths(resource).include?((after_sign_in_path || '').split('?').first) | ||
root_path | ||
else | ||
after_sign_in_path || root_path | ||
end | ||
end | ||
|
||
private | ||
|
||
def home_paths(resource) | ||
paths = [about_path] | ||
if single_user_mode? && resource.is_a?(User) | ||
paths << short_account_path(username: resource.account) | ||
end | ||
paths | ||
end | ||
|
||
def resolve_url(url) | ||
uri = URI.parse(url) | ||
if !uri.host || uri.host == request.host | ||
uri.query ? "#{uri.path}?#{uri.query}" : uri.path | ||
else | ||
nil | ||
end | ||
rescue URI::InvalidURIError => e | ||
nil | ||
end | ||
|
||
def location_after_sign_in | ||
fail NotImplementedError | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
124 changes: 124 additions & 0 deletions
124
spec/controllers/auth/omniauth_callbacks_controller_spec.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,124 @@ | ||
# frozen_string_literal: true | ||
|
||
require 'rails_helper' | ||
|
||
describe Auth::OmniauthCallbacksController, type: :controller do | ||
describe 'GET #qiita' do | ||
include_context 'mock qiita omniauth' | ||
|
||
let(:omniauth_auth) { qiita_auth } | ||
before do | ||
request.env['devise.mapping'] = Devise.mappings[:user] | ||
request.env['omniauth.auth'] = omniauth_auth | ||
request.env['omniauth.origin'] = try(:omniauth_origin) | ||
end | ||
|
||
subject { -> { get :qiita } } | ||
|
||
context 'when signed in' do | ||
before { sign_in(user) } | ||
let(:user) { Fabricate(:user) } | ||
|
||
context 'and current user is not linked to an qiita account' do | ||
it 'links the user to the qiita account' do | ||
is_expected.to change { user.reload.qiita_authorization }.from(nil).to(be_truthy) | ||
end | ||
end | ||
|
||
context 'and omniauth.origin is empty' do | ||
it 'redirect_to root_path' do | ||
subject.call | ||
expect(response).to be_redirect | ||
expect(response).to redirect_to(root_path) | ||
end | ||
end | ||
|
||
context 'and omniauth.origin is about_url' do | ||
let(:omniauth_origin) { about_url } | ||
|
||
it 'redirect_to root_path' do | ||
subject.call | ||
expect(response).to be_redirect | ||
expect(response).to redirect_to(root_path) | ||
end | ||
end | ||
|
||
context 'and omniauth.origin is settings_qiita_authorizations_url' do | ||
let(:omniauth_origin) { settings_qiita_authorizations_url } | ||
|
||
it 'redirect_to settings_qiita_authorizations_path' do | ||
subject.call | ||
expect(response).to be_redirect | ||
expect(response).to redirect_to(settings_qiita_authorizations_path) | ||
end | ||
end | ||
end | ||
|
||
context 'when not signed in' do | ||
context 'and there are a user linked to the qiita account' do | ||
let(:user) { Fabricate(:user) } | ||
let!(:qiita_authorization) { Fabricate(:qiita_authorization, uid: omniauth_auth[:uid], user: user) } | ||
|
||
it 'logs the user in' do | ||
subject.call | ||
expect(controller.current_user).to eq user | ||
end | ||
|
||
context 'and omniauth.origin is empty' do | ||
it 'redirect_to root_path' do | ||
subject.call | ||
expect(response).to be_redirect | ||
expect(response).to redirect_to(root_path) | ||
end | ||
end | ||
|
||
context 'and omniauth.origin is about_url' do | ||
let(:omniauth_origin) { about_url } | ||
|
||
it 'redirect_to root_path' do | ||
subject.call | ||
expect(response).to be_redirect | ||
expect(response).to redirect_to(root_path) | ||
end | ||
end | ||
|
||
context 'and omniauth.origin is settings_qiita_authorizations_url' do | ||
let(:omniauth_origin) { settings_qiita_authorizations_url } | ||
|
||
it 'redirect_to settings_qiita_authorizations_path' do | ||
subject.call | ||
expect(response).to be_redirect | ||
expect(response).to redirect_to(settings_qiita_authorizations_path) | ||
end | ||
end | ||
end | ||
|
||
context 'and there are no user linked to the qiita account' do | ||
it 'redirects to new_user_oauth_registration_path' do | ||
subject.call | ||
expect(response).to redirect_to(new_user_oauth_registration_path) | ||
end | ||
|
||
context 'when omniauth.origin is a url' do | ||
let(:omniauth_origin) { root_url } | ||
|
||
it 'stores the omniauth origin to session' do | ||
subject.call | ||
expect(session[:devise_omniauth_origin]).to be(omniauth_origin) | ||
end | ||
end | ||
|
||
it 'stores the omniauth data to session to build form' do | ||
subject.call | ||
expect(Form::OauthRegistration.from_omniauth_auth(session[:devise_omniauth_auth])).to have_attributes({ | ||
provider: omniauth_auth[:provider], | ||
avatar: omniauth_auth[:info][:image], | ||
uid: omniauth_auth[:uid], | ||
username: omniauth_auth[:uid], | ||
token: omniauth_auth[:credentials][:token], | ||
}) | ||
end | ||
end | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,97 @@ | ||
require 'rails_helper' | ||
require 'securerandom' | ||
|
||
RSpec.describe OauthRegistrationsController, type: :controller do | ||
include_context 'mock qiita omniauth' | ||
|
||
let(:omniauth_auth) { qiita_auth } | ||
before do | ||
request.env['devise.mapping'] = Devise.mappings[:user] | ||
stub_request(:get, qiita_auth[:info][:image]).to_return(request_fixture('avatar.txt')) | ||
end | ||
|
||
shared_context 'store omniauth data' do | ||
before do | ||
session[:devise_omniauth_auth] = omniauth_auth | ||
session[:devise_omniauth_origin] = try(:omniauth_origin) | ||
end | ||
end | ||
|
||
describe 'GET #new' do | ||
subject { -> { get :new } } | ||
|
||
context 'when omniauth data are stored' do | ||
include_context 'store omniauth data' | ||
|
||
it 'returns 200' do | ||
subject.call | ||
expect(response).to have_http_status(:success) | ||
end | ||
end | ||
|
||
context 'when omniauth data are not stored' do | ||
it 'redirect_to root_path' do | ||
subject.call | ||
expect(response).to be_redirect | ||
expect(response).to redirect_to(root_path) | ||
end | ||
end | ||
end | ||
|
||
describe 'POST #create' do | ||
subject { -> { post :create, { params: { form_oauth_registration: form_params } } } } | ||
|
||
context 'when omniauth data are stored' do | ||
include_context 'store omniauth data' | ||
|
||
context 'and email and username is given' do | ||
let(:form_params) { { email: email, username: username } } | ||
let(:username) { 'foo' } | ||
let(:email) { 'foo@example.com' } | ||
|
||
it { is_expected.to change { User.find_by(account: Account.find_by(username: username), email: email) }.from(nil).to(be_truthy) } | ||
it { is_expected.to change { QiitaAuthorization.find_by(user: User.find_by(email: email), uid: omniauth_auth[:uid], token: omniauth_auth[:credentials][:token]) }.from(nil).to(be_truthy) } | ||
|
||
context 'and omniauth.origin is empty' do | ||
it 'redirect_to root_path' do | ||
subject.call | ||
expect(response).to be_redirect | ||
expect(response).to redirect_to(root_path) | ||
end | ||
end | ||
|
||
context 'and omniauth.origin is about_url' do | ||
let(:omniauth_origin) { about_url } | ||
|
||
it 'redirect_to root_path' do | ||
subject.call | ||
expect(response).to be_redirect | ||
expect(response).to redirect_to(root_path) | ||
end | ||
end | ||
|
||
context 'and omniauth.origin is settings_qiita_authorizations_url' do | ||
let(:omniauth_origin) { settings_qiita_authorizations_url } | ||
|
||
it 'redirect_to settings_qiita_authorizations_path' do | ||
subject.call | ||
expect(response).to be_redirect | ||
expect(response).to redirect_to(settings_qiita_authorizations_path) | ||
end | ||
end | ||
end | ||
end | ||
|
||
context 'when omniauth data are not stored' do | ||
let(:form_params) { { email: email, username: username } } | ||
let(:username) { 'foo' } | ||
let(:email) { 'foo@example.com' } | ||
|
||
it 'redirect_to root_path' do | ||
subject.call | ||
expect(response).to be_redirect | ||
expect(response).to redirect_to(root_path) | ||
end | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,5 @@ | ||
Fabricator(:qiita_authorization) do | ||
user nil | ||
uid "qiitan" | ||
provider "qiita" | ||
token "token" | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
# frozen_string_literal: true | ||
|
||
shared_context 'mock qiita omniauth' do | ||
let(:qiita_auth) do | ||
{ | ||
provider: 'qiita', | ||
uid: 'test_uid', | ||
info: { | ||
email: 'test@example.com', | ||
name: 'test_name', | ||
image: 'http://example.com/image.jpg' | ||
}, | ||
credentials: { | ||
token: 'credentialstoken', | ||
refresh_token: 'credentialssecret', | ||
}, | ||
extra: { | ||
raw_info: {} | ||
} | ||
} | ||
end | ||
|
||
before { OmniAuth.config.mock_auth[:qiita] = OmniAuth::AuthHash.new(qiita_auth) } | ||
after { OmniAuth.config.mock_auth[:qiita] = nil } | ||
end |