Sign out the signed in user if a different uid is passed to AuthorizationsController#new

app/controllers/authorizations_controller.rb

@@ -9,16 +9,17 @@ class AuthorizationsController < ApplicationController
   skip_before_filter :verify_authenticity_token, :only => :token
 
   def new
-    if params[:uid] && params[:uid] != current_user.username
+    if params[:uid].present? && params[:uid] != current_user.username
       sign_out current_user
-      redirect_to request.url
+      redirect_url = Addressable::URI.parse(request.url)
+      redirect_url.query_values = redirect_url.query_values.merge("uid" => nil)
+      redirect_to redirect_url.to_s
     end
     @requested_scopes = params["scope"].split(',')
     @client = oauth2_authorization_request.client
 
     if authorization = current_user.authorizations.where(:client_id => @client.id).first
       ac = authorization.authorization_codes.create(:redirect_uri => params[:redirect_uri])
-      #tokens = current_user.authorizations.first.access_tokens.first
       redirect_to "#{params[:redirect_uri]}&code=#{ac.code}"
     end
   end

features/oauth.feature

@@ -24,6 +24,14 @@ Feature: oauth
     Then I should be on "/account" on Chubbies
 
     And I should have 1 user on Chubbies
+
+  Scenario: Signing up as a user while someone else is logged into Diaspora
+    Given a user with username "alice"
+    When I sign in as "alice@alice.alice"
+    Then I visit "/new" on Chubbies
+    And I fill in "Diaspora ID" with "bob@localhost:9887"
+    And I press "Connect to Diaspora"
+    Then I should be on the new user session page
   
   Scenario: Not authorize Chubbies
     When I try to authorize Chubbies

features/step_definitions/oauth_steps.rb

@@ -47,7 +47,7 @@ When /^I try to authorize Chubbies$/ do
 end
 
 And /^I fill in my Diaspora ID to connect$/ do
-  And "I fill in \"Diaspora Handle\" with \"#{@me.diaspora_handle}\""
+  And "I fill in \"Diaspora ID\" with \"#{@me.diaspora_handle}\""
 end
 
 And /^I should have (\d) user on Chubbies$/ do |num|

spec/chubbies/app.rb

@@ -74,7 +74,7 @@ module Chubbies
 
     def create_account(hash)
       hash[:username] = hash.delete(:diaspora_id)
-      account_const.create(hash)
+      User.create(hash)
     end
 
     get '/account' do

spec/chubbies/views/home.haml

@@ -2,7 +2,7 @@
   %head
   %body
     %form{:action => '/', :id => 'login', :method => 'get'}
-      %label{:for => 'diaspora_handle'}
-        Diaspora Handle
-      %input{:type=>'text', :id => 'diaspora_handle', :name => 'diaspora_handle'}
+      %label{:for => 'diaspora_id'}
+        Diaspora ID
+      %input{:type=>'text', :id => 'diaspora_id', :name => 'diaspora_id'}
       %input{:type => 'submit', :value => "Connect to Diaspora" }