From 8cffc5cfbeb0bd7e2cc4acf00d076767f8e17e74 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jonne=20Ha=C3=9F?= <me@jhass.eu>
Date: Fri, 15 Jul 2016 11:06:05 +0200
Subject: [PATCH] bump rails to 4.2.7

---
 Gemfile                                       |  2 +-
 Gemfile.lock                                  | 60 +++++++++----------
 .../authorizations_controller.rb              |  2 +-
 features/step_definitions/auth_code_steps.rb  |  3 +
 .../step_definitions/implicit_flow_steps.rb   |  2 +
 spec/models/reshare_spec.rb                   |  2 +-
 6 files changed, 38 insertions(+), 33 deletions(-)

diff --git a/Gemfile b/Gemfile
index ed39e91b1d..d9f8d1b3bc 100644
--- a/Gemfile
+++ b/Gemfile
@@ -1,6 +1,6 @@
 source "https://rubygems.org"
 
-gem "rails", "4.2.6"
+gem "rails", "4.2.7"
 
 # Legacy Rails features, remove me!
 # responders (class level)
diff --git a/Gemfile.lock b/Gemfile.lock
index 4b7a568405..3a20cf26d6 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -3,40 +3,40 @@ GEM
   remote: https://rails-assets.org/
   specs:
     CFPropertyList (2.3.2)
-    actionmailer (4.2.6)
-      actionpack (= 4.2.6)
-      actionview (= 4.2.6)
-      activejob (= 4.2.6)
+    actionmailer (4.2.7)
+      actionpack (= 4.2.7)
+      actionview (= 4.2.7)
+      activejob (= 4.2.7)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 1.0, >= 1.0.5)
-    actionpack (4.2.6)
-      actionview (= 4.2.6)
-      activesupport (= 4.2.6)
+    actionpack (4.2.7)
+      actionview (= 4.2.7)
+      activesupport (= 4.2.7)
       rack (~> 1.6)
       rack-test (~> 0.6.2)
       rails-dom-testing (~> 1.0, >= 1.0.5)
       rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (4.2.6)
-      activesupport (= 4.2.6)
+    actionview (4.2.7)
+      activesupport (= 4.2.7)
       builder (~> 3.1)
       erubis (~> 2.7.0)
       rails-dom-testing (~> 1.0, >= 1.0.5)
       rails-html-sanitizer (~> 1.0, >= 1.0.2)
     active_model_serializers (0.9.5)
       activemodel (>= 3.2)
-    activejob (4.2.6)
-      activesupport (= 4.2.6)
+    activejob (4.2.7)
+      activesupport (= 4.2.7)
       globalid (>= 0.3.0)
-    activemodel (4.2.6)
-      activesupport (= 4.2.6)
+    activemodel (4.2.7)
+      activesupport (= 4.2.7)
       builder (~> 3.1)
-    activerecord (4.2.6)
-      activemodel (= 4.2.6)
-      activesupport (= 4.2.6)
+    activerecord (4.2.7)
+      activemodel (= 4.2.7)
+      activesupport (= 4.2.7)
       arel (~> 6.0)
     activerecord-import (0.13.0)
       activerecord (>= 3.0)
-    activesupport (4.2.6)
+    activesupport (4.2.7)
       i18n (~> 0.7)
       json (~> 1.7, >= 1.7.7)
       minitest (~> 5.1)
@@ -633,16 +633,16 @@ GEM
       rack
     rack-test (0.6.3)
       rack (>= 1.0)
-    rails (4.2.6)
-      actionmailer (= 4.2.6)
-      actionpack (= 4.2.6)
-      actionview (= 4.2.6)
-      activejob (= 4.2.6)
-      activemodel (= 4.2.6)
-      activerecord (= 4.2.6)
-      activesupport (= 4.2.6)
+    rails (4.2.7)
+      actionmailer (= 4.2.7)
+      actionpack (= 4.2.7)
+      actionview (= 4.2.7)
+      activejob (= 4.2.7)
+      activemodel (= 4.2.7)
+      activerecord (= 4.2.7)
+      activesupport (= 4.2.7)
       bundler (>= 1.3.0, < 2.0)
-      railties (= 4.2.6)
+      railties (= 4.2.7)
       sprockets-rails
     rails-assets-autosize (3.0.15)
     rails-assets-blueimp-gallery (2.21.2)
@@ -707,9 +707,9 @@ GEM
       remotipart (~> 1.0)
       safe_yaml (~> 1.0)
       sass-rails (>= 4.0, < 6)
-    railties (4.2.6)
-      actionpack (= 4.2.6)
-      activesupport (= 4.2.6)
+    railties (4.2.7)
+      actionpack (= 4.2.7)
+      activesupport (= 4.2.7)
       rake (>= 0.8.7)
       thor (>= 0.18.1, < 2.0)
     rainbow (2.1.0)
@@ -993,7 +993,7 @@ DEPENDENCIES
   rack-protection (= 1.5.3)
   rack-rewrite (= 1.5.1)
   rack-ssl (= 1.4.1)
-  rails (= 4.2.6)
+  rails (= 4.2.7)
   rails-assets-autosize (= 3.0.15)!
   rails-assets-blueimp-gallery (= 2.21.2)!
   rails-assets-diaspora_jsxc (= 0.1.5.develop.1)!
diff --git a/app/controllers/api/openid_connect/authorizations_controller.rb b/app/controllers/api/openid_connect/authorizations_controller.rb
index 92d310b104..f95f868178 100644
--- a/app/controllers/api/openid_connect/authorizations_controller.rb
+++ b/app/controllers/api/openid_connect/authorizations_controller.rb
@@ -203,7 +203,7 @@ module Api
         if prompt && prompt.include?("none")
           handle_prompt_none
         elsif prompt && prompt.include?("login")
-          new_params = params.merge!(prompt: prompt.remove("login"))
+          new_params = params.except("controller", "action").merge(prompt: prompt.remove("login"))
           reauthenticate(new_params)
         else
           authenticate_user!
diff --git a/features/step_definitions/auth_code_steps.rb b/features/step_definitions/auth_code_steps.rb
index 33414b912e..0e3cb9616b 100644
--- a/features/step_definitions/auth_code_steps.rb
+++ b/features/step_definitions/auth_code_steps.rb
@@ -20,7 +20,9 @@ Given /^I send a post request from that client to the code flow authorization en
 end
 
 When /^I parse the auth code and create a request to the token endpoint$/ do
+  current_url = page.driver.network_traffic.last.url # We get a redirect to example.org that we can't follow
   code = current_url[/(?<=code=)[^&]+/]
+  expect(code).to be_present
   post api_openid_connect_access_tokens_path, code: code,
        redirect_uri: "http://example.org/", grant_type: "authorization_code",
        client_id: @client_id, client_secret: @client_secret
@@ -28,6 +30,7 @@ end
 
 When /^I parse the tokens and use it obtain user info$/ do
   client_json = JSON.parse(last_response.body)
+  expect(client_json).to_not have_key "error"
   access_token = client_json["access_token"]
   encoded_id_token = client_json["id_token"]
   decoded_token = OpenIDConnect::ResponseObject::IdToken.decode encoded_id_token,
diff --git a/features/step_definitions/implicit_flow_steps.rb b/features/step_definitions/implicit_flow_steps.rb
index 892aa2e090..d8b9b1d69e 100644
--- a/features/step_definitions/implicit_flow_steps.rb
+++ b/features/step_definitions/implicit_flow_steps.rb
@@ -52,7 +52,9 @@ Then /^I should not see any tokens in the redirect url$/ do
 end
 
 When /^I parse the bearer tokens and use it to access user info$/ do
+  current_url = page.driver.network_traffic.last.url # We get a redirect to example.org that we can't follow
   access_token = current_url[/(?<=access_token=)[^&]+/]
+  expect(access_token).to be_present
   get api_openid_connect_user_info_path, access_token: access_token
 end
 
diff --git a/spec/models/reshare_spec.rb b/spec/models/reshare_spec.rb
index 68a41eff20..208a62d7a3 100644
--- a/spec/models/reshare_spec.rb
+++ b/spec/models/reshare_spec.rb
@@ -38,7 +38,7 @@ describe Reshare, type: :model do
 
     it "participates root author in the reshare" do
       reshare.receive([])
-      expect(Participation.count(target_id: reshare.id, author_id: bob.person.id)).to eq(1)
+      expect(Participation.where(target_id: reshare.id, author_id: bob.person.id).count).to eq(1)
     end
   end
 
-- 
GitLab