nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #4366 from oliverbarnes/4361-breaks-facebook-posting

Browse source 
Fix #4361 twitter access level check breaking facebook addition to user
This commit is contained in:
Jonne Haß 2013-08-08 01:12:03 -07:00
commit ff4a66ca5c
4 changed files with 43 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
app/controllers/services_controller.rb
View file

@ -1,7 +1,6 @@
# Copyright (c) 2010-2011, Diaspora Inc. This file is # Copyright (c) 2010-2011, Diaspora Inc. This file is
# licensed under the Affero General Public License version 3 or later. See # licensed under the Affero General Public License version 3 or later. See
# the COPYRIGHT file. # the COPYRIGHT file.
class ServicesController < ApplicationController class ServicesController < ApplicationController
# We need to take a raw POST from an omniauth provider with no authenticity token. # We need to take a raw POST from an omniauth provider with no authenticity token.
# See https://github.com/intridea/omniauth/issues/203 # See https://github.com/intridea/omniauth/issues/203
@ -57,7 +56,7 @@ class ServicesController < ApplicationController
end end
def abort_if_read_only_access def abort_if_read_only_access
if header_hash["x_access_level"] && header_hash["x_access_level"] == 'read' if omniauth_hash['provider'] == 'twitter' && twitter_header['x_access_level'] == 'read'
flash[:error] = I18n.t( 'services.create.read_only_access' ) flash[:error] = I18n.t( 'services.create.read_only_access' )
redirect_to_origin redirect_to_origin
end end
@ -87,7 +86,17 @@ class ServicesController < ApplicationController
request.env['omniauth.auth'] request.env['omniauth.auth']
end end
def header_hash def extra_hash
omniauth_hash['extra'] ? omniauth_hash['extra']['access_token']['response']['header'] : {} omniauth_hash['extra'] ? omniauth_hash['extra'] : {}
end
def twitter_header
twitter_header_present? ? extra_hash['access_token']['response']['header'] : {}
end end
#https://github.com/intridea/omniauth/wiki/Auth-Hash-Schema #=> normalized hash
#https://gist.github.com/oliverbarnes/6096959 #=> hash with twitter specific extra
def twitter_header_present?
extra_hash['access_token'] && extra_hash['access_token']['response'] && extra_hash['access_token']['response']['header']
end
end end

9
app/models/service.rb
View file

@ -43,10 +43,6 @@ class Service < ActiveRecord::Base
"Services::#{options[:provider].camelize}" "Services::#{options[:provider].camelize}"
end end
def access_level
auth['extra']['access_token']['response']['header']['x_access_level'] if auth['extra']
end
def options def options
{ {
nickname: auth['info']['nickname'], nickname: auth['info']['nickname'],
@ -54,11 +50,10 @@ class Service < ActiveRecord::Base
access_secret: auth['credentials']['secret'], access_secret: auth['credentials']['secret'],
uid: auth['uid'], uid: auth['uid'],
provider: auth['provider'], provider: auth['provider'],
info: auth['info'], info: auth['info']
access_level: access_level
} }
end end
private :auth, :service_type, :access_level, :options private :auth, :service_type, :options
end end
end end

39
spec/controllers/services_controller_spec.rb
View file

@ -62,21 +62,36 @@ describe ServicesController do
end end
end end
context 'when the access-level is read-only' do context 'Twitter' do
before do context 'when the access-level is read-only' do
access_level_hash = { 'extra' => { 'access_token' => { 'response' => { 'header' => { 'x_access_level' => 'read' }}}}} before do
request.env['omniauth.auth'] = omniauth_auth["info"].merge!( access_level_hash ) access_level_hash = { 'extra' => { 'access_token' => { 'response' => { 'header' => { 'x_access_level' => 'read' }}}}}
request.env['omniauth.auth'] = omniauth_auth.merge!( access_level_hash )
end
it 'doesnt create a new service' do
expect {
post :create, :provider => 'twitter'
}.to_not change(Service, :count).by(1)
end
it 'flashes an read-only access error' do
post :create, :provider => 'twitter'
flash[:error].include?( 'Access level is read-only' ).should be_true
end
end
end
context 'Facebook' do
before do
facebook_auth_without_twitter_extras = { 'provider' => 'facebook', 'extras' => { 'someotherkey' => 'lorem'}}
request.env['omniauth.auth'] = omniauth_auth.merge!( facebook_auth_without_twitter_extras )
end end
it 'doesnt create a new service' do it "doesn't break when twitter-specific extras aren't available in omniauth hash" do
expect { expect {
post :create, :provider => 'twitter' post :create, :provider => 'facebook'
}.to_not change(Service, :count).by(1) }.to change(user.services, :count).by(1)
end
it 'flashes an read-only access error' do
post :create, :provider => 'twitter'
flash[:error].include?( 'Access level is read-only' ).should be_true
end end
end end

4
spec/models/service_spec.rb
View file

@ -40,8 +40,7 @@ describe Service do
{ 'provider' => 'facebook', { 'provider' => 'facebook',
'uid' => '2', 'uid' => '2',
'info' => { 'nickname' => 'grimmin' }, 'info' => { 'nickname' => 'grimmin' },
'credentials' => { 'token' => 'tokin', 'secret' =>"not_so_much" }, 'credentials' => { 'token' => 'tokin', 'secret' =>"not_so_much" }
'extra' => { 'access_token' => { 'response' => { 'header' => { 'x_access_level' => 'read' }}}}
} }
end end
let(:subject) { described_class.initialize_from_omniauth( omniauth ) } let(:subject) { described_class.initialize_from_omniauth( omniauth ) }
@ -55,7 +54,6 @@ describe Service do
expect( subject.nickname ).to eql "grimmin" expect( subject.nickname ).to eql "grimmin"
expect( subject.access_token ).to eql "tokin" expect( subject.access_token ).to eql "tokin"
expect( subject.access_secret ).to eql "not_so_much" expect( subject.access_secret ).to eql "not_so_much"
expect( subject.access_level ).to eql "read"
end end
end end
end end