Finish setting up sesssions#new prefill when logged out by authorizationsControlelr
This commit is contained in:
Raphael Sofaer
Maxwell Salzberg
parent
89edfb7ed6
commit
dec10e3de9
4 changed files with 21 additions and 8 deletions
|
|
@ -11,9 +11,7 @@ class AuthorizationsController < ApplicationController
|
|||
def new
|
||||
if params[:uid].present? && params[:uid] != current_user.username
|
||||
sign_out current_user
|
||||
redirect_url = Addressable::URI.parse(request.url)
|
||||
redirect_url.query_values = redirect_url.query_values.merge("uid" => nil)
|
||||
redirect_to redirect_url.to_s
|
||||
redirect_to url_with_prefilled_session_form
|
||||
end
|
||||
@requested_scopes = params["scope"].split(',')
|
||||
@client = oauth2_authorization_request.client
|
||||
|
|
@ -24,6 +22,18 @@ class AuthorizationsController < ApplicationController
|
|||
end
|
||||
end
|
||||
|
||||
# When diaspora detects that a user is trying to authorize to an application
|
||||
# as someone other than the logged in user, we want to log out current_user,
|
||||
# and prefill the session form with the user that is trying to authorize
|
||||
def url_with_prefilled_session_form
|
||||
redirect_url = Addressable::URI.parse(request.url)
|
||||
query_values = redirect_url.query_values
|
||||
query_values.delete("uid")
|
||||
query_values.merge!("username" => params[:uid])
|
||||
redirect_url.query_values = query_values
|
||||
redirect_url.to_s
|
||||
end
|
||||
|
||||
def create
|
||||
if params[:commit] == "Authorize"
|
||||
grant_authorization_code(current_user)
|
||||
|
|
|
|||
|
|
@ -1,6 +1,10 @@
|
|||
module SessionsHelper
|
||||
def prefilled_username
|
||||
uri = Addressable::URI.parse(session["user_return_to"])
|
||||
uri ? uri.query_values["uid"] : nil
|
||||
uri = Addressable::URI.parse(session['user_return_to'])
|
||||
if uri && uri.query_values
|
||||
uri.query_values["username"]
|
||||
else
|
||||
nil
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@
|
|||
|
||||
%p
|
||||
= f.label :username , t('username')
|
||||
= f.text_field :username, :tabindex => 1 , :value => prefilled_username
|
||||
= f.text_field :username, :tabindex => 1, :value => prefilled_username
|
||||
%br
|
||||
|
||||
%p
|
||||
|
|
|
|||
|
|
@ -32,8 +32,7 @@ Feature: oauth
|
|||
And I fill in "Diaspora ID" with "bob@localhost:9887"
|
||||
And I press "Connect to Diaspora"
|
||||
Then I should be on the new user session page
|
||||
And I debug
|
||||
And I should see "bob" within "#user_username"
|
||||
And the "Username" field within "#user_new" should contain "bob"
|
||||
|
||||
Scenario: Not authorize Chubbies
|
||||
When I try to authorize Chubbies
|
||||
|
|
|
|||
Loading…
Reference in a new issue