From a63d1ad4aee5dd7f94c49cfb08a71def41d061e7 Mon Sep 17 00:00:00 2001
From: Raphael Sofaer <raphael@joindiaspora.com>
Date: Mon, 15 Aug 2011 18:35:14 -0700
Subject: [PATCH] Sign out the signed in user if a different uid is passed to
AuthorizationsController#new
---
app/controllers/authorizations_controller.rb | 7 ++++---
features/oauth.feature | 8 ++++++++
features/step_definitions/oauth_steps.rb | 2 +-
spec/chubbies/app.rb | 2 +-
spec/chubbies/views/home.haml | 6 +++---
5 files changed, 17 insertions(+), 8 deletions(-)
diff --git a/app/controllers/authorizations_controller.rb b/app/controllers/authorizations_controller.rb
index 7158e29dd2..e15a60b3d5 100644
--- a/app/controllers/authorizations_controller.rb
+++ b/app/controllers/authorizations_controller.rb
@@ -9,16 +9,17 @@ class AuthorizationsController < ApplicationController
skip_before_filter :verify_authenticity_token, :only => :token
def new
- if params[:uid] && params[:uid] != current_user.username
+ if params[:uid].present? && params[:uid] != current_user.username
sign_out current_user
- redirect_to request.url
+ redirect_url = Addressable::URI.parse(request.url)
+ redirect_url.query_values = redirect_url.query_values.merge("uid" => nil)
+ redirect_to redirect_url.to_s
end
@requested_scopes = params["scope"].split(',')
@client = oauth2_authorization_request.client
if authorization = current_user.authorizations.where(:client_id => @client.id).first
ac = authorization.authorization_codes.create(:redirect_uri => params[:redirect_uri])
- #tokens = current_user.authorizations.first.access_tokens.first
redirect_to "#{params[:redirect_uri]}&code=#{ac.code}"
end
end
diff --git a/features/oauth.feature b/features/oauth.feature
index 92dba9a730..beae15c23d 100644
--- a/features/oauth.feature
+++ b/features/oauth.feature
@@ -24,6 +24,14 @@ Feature: oauth
Then I should be on "/account" on Chubbies
And I should have 1 user on Chubbies
+
+ Scenario: Signing up as a user while someone else is logged into Diaspora
+ Given a user with username "alice"
+ When I sign in as "alice@alice.alice"
+ Then I visit "/new" on Chubbies
+ And I fill in "Diaspora ID" with "bob@localhost:9887"
+ And I press "Connect to Diaspora"
+ Then I should be on the new user session page
Scenario: Not authorize Chubbies
When I try to authorize Chubbies
diff --git a/features/step_definitions/oauth_steps.rb b/features/step_definitions/oauth_steps.rb
index 1a50afb691..c1f0705fd7 100644
--- a/features/step_definitions/oauth_steps.rb
+++ b/features/step_definitions/oauth_steps.rb
@@ -47,7 +47,7 @@ When /^I try to authorize Chubbies$/ do
end
And /^I fill in my Diaspora ID to connect$/ do
- And "I fill in \"Diaspora Handle\" with \"#{@me.diaspora_handle}\""
+ And "I fill in \"Diaspora ID\" with \"#{@me.diaspora_handle}\""
end
And /^I should have (\d) user on Chubbies$/ do |num|
diff --git a/spec/chubbies/app.rb b/spec/chubbies/app.rb
index 0e75311d9e..f924f98d5d 100644
--- a/spec/chubbies/app.rb
+++ b/spec/chubbies/app.rb
@@ -74,7 +74,7 @@ module Chubbies
def create_account(hash)
hash[:username] = hash.delete(:diaspora_id)
- account_const.create(hash)
+ User.create(hash)
end
get '/account' do
diff --git a/spec/chubbies/views/home.haml b/spec/chubbies/views/home.haml
index b974435377..eb5963edc3 100644
--- a/spec/chubbies/views/home.haml
+++ b/spec/chubbies/views/home.haml
@@ -2,7 +2,7 @@
%head
%body
%form{:action => '/', :id => 'login', :method => 'get'}
- %label{:for => 'diaspora_handle'}
- Diaspora Handle
- %input{:type=>'text', :id => 'diaspora_handle', :name => 'diaspora_handle'}
+ %label{:for => 'diaspora_id'}
+ Diaspora ID
+ %input{:type=>'text', :id => 'diaspora_id', :name => 'diaspora_id'}
%input{:type => 'submit', :value => "Connect to Diaspora" }
--
GitLab