From dec10e3de92d4b24a2a9ca661f2c71af19274881 Mon Sep 17 00:00:00 2001
From: Raphael Sofaer <raphael@joindiaspora.com>
Date: Tue, 16 Aug 2011 11:26:25 -0700
Subject: [PATCH] Finish setting up sesssions#new prefill when logged out by
 authorizationsControlelr

---
 app/controllers/authorizations_controller.rb | 16 +++++++++++++---
 app/helpers/sessions_helper.rb               |  8 ++++++--
 app/views/sessions/new.haml                  |  2 +-
 features/oauth.feature                       |  3 +--
 4 files changed, 21 insertions(+), 8 deletions(-)

diff --git a/app/controllers/authorizations_controller.rb b/app/controllers/authorizations_controller.rb
index e15a60b3d5..30e0a174b3 100644
--- a/app/controllers/authorizations_controller.rb
+++ b/app/controllers/authorizations_controller.rb
@@ -11,9 +11,7 @@ class AuthorizationsController < ApplicationController
   def new
     if params[:uid].present? && params[:uid] != current_user.username
       sign_out current_user
-      redirect_url = Addressable::URI.parse(request.url)
-      redirect_url.query_values = redirect_url.query_values.merge("uid" => nil)
-      redirect_to redirect_url.to_s
+      redirect_to url_with_prefilled_session_form
     end
     @requested_scopes = params["scope"].split(',')
     @client = oauth2_authorization_request.client
@@ -24,6 +22,18 @@ class AuthorizationsController < ApplicationController
     end
   end
 
+  # When diaspora detects that a user is trying to authorize to an application
+  # as someone other than the logged in user, we want to log out current_user,
+  # and prefill the session form with the user that is trying to authorize
+  def url_with_prefilled_session_form
+    redirect_url = Addressable::URI.parse(request.url)
+    query_values = redirect_url.query_values
+    query_values.delete("uid")
+    query_values.merge!("username" => params[:uid])
+    redirect_url.query_values = query_values
+    redirect_url.to_s
+  end
+
   def create
     if params[:commit] == "Authorize"
       grant_authorization_code(current_user)
diff --git a/app/helpers/sessions_helper.rb b/app/helpers/sessions_helper.rb
index 9f2e94b771..a10b0402cf 100644
--- a/app/helpers/sessions_helper.rb
+++ b/app/helpers/sessions_helper.rb
@@ -1,6 +1,10 @@
 module SessionsHelper
   def prefilled_username
-    uri = Addressable::URI.parse(session["user_return_to"])
-    uri ? uri.query_values["uid"] : nil
+    uri = Addressable::URI.parse(session['user_return_to'])
+    if uri && uri.query_values
+      uri.query_values["username"]
+    else
+      nil
+    end
   end
 end
diff --git a/app/views/sessions/new.haml b/app/views/sessions/new.haml
index 5da4d36db3..b2b04f9b17 100644
--- a/app/views/sessions/new.haml
+++ b/app/views/sessions/new.haml
@@ -26,7 +26,7 @@
 
       %p
         = f.label :username , t('username')
-        = f.text_field :username, :tabindex => 1 , :value => prefilled_username
+        = f.text_field :username, :tabindex => 1, :value => prefilled_username
       %br
 
       %p
diff --git a/features/oauth.feature b/features/oauth.feature
index 22a3f42744..a50af1ac04 100644
--- a/features/oauth.feature
+++ b/features/oauth.feature
@@ -32,8 +32,7 @@ Feature: oauth
     And I fill in "Diaspora ID" with "bob@localhost:9887"
     And I press "Connect to Diaspora"
     Then I should be on the new user session page
-    And I debug
-    And I should see "bob" within "#user_username"
+    And the "Username" field within "#user_new" should contain "bob"
   
   Scenario: Not authorize Chubbies
     When I try to authorize Chubbies
-- 
GitLab