diff --git a/app/controllers/services_controller.rb b/app/controllers/services_controller.rb index 69751e082..cc7ad159f 100644 --- a/app/controllers/services_controller.rb +++ b/app/controllers/services_controller.rb @@ -56,7 +56,7 @@ class ServicesController < ApplicationController end def abort_if_read_only_access - if omniauth_hash['provider'] == 'twitter' && twitter_header['x_access_level'] == 'read' + if omniauth_hash['provider'] == 'twitter' && twitter_access_level == 'read' flash[:error] = I18n.t( 'services.create.read_only_access' ) redirect_to_origin end @@ -86,17 +86,13 @@ class ServicesController < ApplicationController request.env['omniauth.auth'] end - def extra_hash - omniauth_hash['extra'] ? omniauth_hash['extra'] : {} + def twitter_access_token + omniauth_hash['extra']['access_token'] end - def twitter_header - twitter_header_present? ? extra_hash['access_token']['response']['header'] : {} - end - #https://github.com/intridea/omniauth/wiki/Auth-Hash-Schema #=> normalized hash #https://gist.github.com/oliverbarnes/6096959 #=> hash with twitter specific extra - def twitter_header_present? - extra_hash['access_token'] && extra_hash['access_token']['response'] && extra_hash['access_token']['response']['header'] + def twitter_access_level + twitter_access_token.response.header['x-access-level'] end end diff --git a/config/diaspora.yml.example b/config/diaspora.yml.example index 21d8ebe9d..17564e451 100644 --- a/config/diaspora.yml.example +++ b/config/diaspora.yml.example @@ -20,6 +20,9 @@ ## - Replace the dots with underscores: environment_s3_enable ## - Upcase everything: ENVIRONMENT_S3_ENABLE ## - Specify lists/arrays as comma separated values +## +## - For example, on Heroku: +## heroku config:set SERVICES_FACEBOOK_APP_ID=whateeryourappid SERVICES_FACEBOOK_SECRET=whateeryourappsecret configuration: ## Section diff --git a/spec/controllers/services_controller_spec.rb b/spec/controllers/services_controller_spec.rb index 0705566d6..c6dcac3bc 100644 --- a/spec/controllers/services_controller_spec.rb +++ b/spec/controllers/services_controller_spec.rb @@ -6,7 +6,7 @@ require 'spec_helper' describe ServicesController do let(:omniauth_auth) do - { 'provider' => 'twitter', + { 'provider' => 'facebook', 'uid' => '2', 'info' => { 'nickname' => 'grimmin' }, 'credentials' => { 'token' => 'tokin', 'secret' =>"not_so_much" }} @@ -37,13 +37,13 @@ describe ServicesController do it 'creates a new service and associates it with the current user' do expect { - post :create, :provider => 'twitter' + post :create, :provider => 'facebook' }.to change(user.services, :count).by(1) end it 'saves the provider' do - post :create, :provider => 'twitter' - user.reload.services.first.class.name.should == "Services::Twitter" + post :create, :provider => 'facebook' + user.reload.services.first.class.name.should == "Services::Facebook" end context 'when service exists with the same uid' do @@ -64,15 +64,21 @@ describe ServicesController do context 'Twitter' do context 'when the access-level is read-only' do + + let(:header) { { 'x-access-level' => 'read' } } + let(:access_token) { double('access_token') } + let(:extra) { {'extra' => { 'access_token' => access_token }} } + let(:provider) { {'provider' => 'twitter'} } + before do - access_level_hash = { 'extra' => { 'access_token' => { 'response' => { 'header' => { 'x_access_level' => 'read' }}}}} - request.env['omniauth.auth'] = omniauth_auth.merge!( access_level_hash ) + access_token.stub_chain(:response, :header).and_return header + request.env['omniauth.auth'] = omniauth_auth.merge!( provider).merge!( extra ) end it 'doesnt create a new service' do expect { - post :create, :provider => 'twitter' - }.to_not change(Service, :count).by(1) + post :create, :provider => 'twitter' + }.to_not change(Service, :count).by(1) end it 'flashes an read-only access error' do