mirror of
https://github.com/discourse/discourse.git
synced 2025-03-23 21:45:57 +08:00
Revert "SECURITY: Ensure that user has been authenticated."
This reverts commit fbe51d68a7e4c89183415e24e8163dd3f70085df. Changing the commit message to correctly reflect what we're actually fixing.
This commit is contained in:
parent
889ab85431
commit
0847b4258a
@ -21,10 +21,7 @@ class UserAuthenticator
|
|||||||
end
|
end
|
||||||
|
|
||||||
def finish
|
def finish
|
||||||
if authenticator && authenticated?
|
authenticator.after_create_account(@user, @session) if authenticator
|
||||||
authenticator.after_create_account(@user, @session)
|
|
||||||
end
|
|
||||||
|
|
||||||
@session = nil
|
@session = nil
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -1,36 +0,0 @@
|
|||||||
require 'rails_helper'
|
|
||||||
|
|
||||||
RSpec.describe UserAuthenticator do
|
|
||||||
let(:user) { Fabricate(:user, email: 'test@discourse.org') }
|
|
||||||
|
|
||||||
describe "#finish" do
|
|
||||||
before do
|
|
||||||
SiteSetting.enable_google_oauth2_logins = true
|
|
||||||
end
|
|
||||||
|
|
||||||
it "should execute provider's callback" do
|
|
||||||
user.update!(email: 'test@gmail.com')
|
|
||||||
|
|
||||||
authenticator = UserAuthenticator.new(user, { authentication: {
|
|
||||||
authenticator_name: Auth::GoogleOAuth2Authenticator.new.name,
|
|
||||||
email: user.email,
|
|
||||||
email_valid: true,
|
|
||||||
extra_data: { google_user_id: 1 }
|
|
||||||
}})
|
|
||||||
|
|
||||||
expect { authenticator.finish }.to change { GoogleUserInfo.count }.by(1)
|
|
||||||
end
|
|
||||||
|
|
||||||
describe "when session's email is different from user's email" do
|
|
||||||
it "should not execute provider's callback" do
|
|
||||||
authenticator = UserAuthenticator.new(user, { authentication: {
|
|
||||||
authenticator_name: Auth::GoogleOAuth2Authenticator.new.name,
|
|
||||||
email: 'test@gmail.com',
|
|
||||||
email_valid: true
|
|
||||||
}})
|
|
||||||
|
|
||||||
expect { authenticator.finish }.to_not change { GoogleUserInfo.count }
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
@ -611,8 +611,6 @@ describe UsersController do
|
|||||||
auth = session[:authentication] = {}
|
auth = session[:authentication] = {}
|
||||||
auth[:authenticator_name] = 'twitter'
|
auth[:authenticator_name] = 'twitter'
|
||||||
auth[:extra_data] = twitter_auth
|
auth[:extra_data] = twitter_auth
|
||||||
auth[:email_valid] = true
|
|
||||||
auth[:email] = @user.email
|
|
||||||
|
|
||||||
post_user
|
post_user
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user