Finish setting up sesssions#new prefill when logged out by authorizationsControlelr

dec10e3d · Raphael Sofaer · Maxwell Salzberg · 89edfb7e · dec10e3d · dec10e3d
--- a/app/controllers/authorizations_controller.rb
+++ b/app/controllers/authorizations_controller.rb
@@ -11,9 +11,7 @@ class AuthorizationsController < ApplicationController
  def new
    if params[:uid].present? && params[:uid] != current_user.username
      sign_out current_user
-      redirect_url = Addressable::URI.parse(request.url)
+      redirect_to url_with_prefilled_session_form
-      redirect_url.query_values = redirect_url.query_values.merge("uid" => nil)
-      redirect_to redirect_url.to_s
    end
    @requested_scopes = params["scope"].split(',')
    @client = oauth2_authorization_request.client
@@ -24,6 +22,18 @@ class AuthorizationsController < ApplicationController
    end
  end
+  # When diaspora detects that a user is trying to authorize to an application
+  # as someone other than the logged in user, we want to log out current_user,
+  # and prefill the session form with the user that is trying to authorize
+  def url_with_prefilled_session_form
+    redirect_url = Addressable::URI.parse(request.url)
+    query_values = redirect_url.query_values
+    query_values.delete("uid")
+    query_values.merge!("username" => params[:uid])
+    redirect_url.query_values = query_values
+    redirect_url.to_s
+  end
  def create
    if params[:commit] == "Authorize"
      grant_authorization_code(current_user)

--- a/app/helpers/sessions_helper.rb
+++ b/app/helpers/sessions_helper.rb
 module SessionsHelper
  def prefilled_username
-    uri = Addressable::URI.parse(session["user_return_to"])
+    uri = Addressable::URI.parse(session['user_return_to'])
-    uri ? uri.query_values["uid"] : nil
+    if uri && uri.query_values
+      uri.query_values["username"]
+    else
+      nil
+    end
  end
 end
--- a/app/views/sessions/new.haml
+++ b/app/views/sessions/new.haml
@@ -26,7 +26,7 @@
      %p
        = f.label :username , t('username')
-        = f.text_field :username, :tabindex => 1 , :value => prefilled_username
+        = f.text_field :username, :tabindex => 1, :value => prefilled_username
      %br
      %p

--- a/features/oauth.feature
+++ b/features/oauth.feature
@@ -32,8 +32,7 @@ Feature: oauth
    And I fill in "Diaspora ID" with "bob@localhost:9887"
    And I press "Connect to Diaspora"
    Then I should be on the new user session page
-    And I debug
+    And the "Username" field within "#user_new" should contain "bob"
-    And I should see "bob" within "#user_username"
  Scenario: Not authorize Chubbies
    When I try to authorize Chubbies