mirror of
https://github.com/discourse/discourse.git
synced 2025-01-27 12:23:16 +08:00
17bdffc900
If Discourse Connect is enabled no other methods for account creation or authentication should be allowed.
138 lines
4.7 KiB
Ruby
138 lines
4.7 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
describe "Twitter OAuth 1.0a" do
|
|
let(:access_token) { "twitter_access_token_448" }
|
|
let(:consumer_key) { "abcdef11223344" }
|
|
let(:consumer_secret) { "adddcccdddd99922" }
|
|
let(:oauth_token_secret) { "twitter_temp_code_544254" }
|
|
|
|
fab!(:user1) { Fabricate(:user) }
|
|
|
|
def setup_twitter_email_stub(email:)
|
|
body = {
|
|
contributors_enabled: true,
|
|
created_at: "Sat May 09 17:58:22 +0000 2009",
|
|
default_profile: false,
|
|
default_profile_image: false,
|
|
description:
|
|
"I taught your phone that thing you like. The Mobile Partner Engineer @Twitter. ",
|
|
favourites_count: 588,
|
|
follow_request_sent: nil,
|
|
followers_count: 10_625,
|
|
following: nil,
|
|
friends_count: 1181,
|
|
geo_enabled: true,
|
|
id: 38_895_958,
|
|
id_str: "38895958",
|
|
is_translator: false,
|
|
lang: "en",
|
|
listed_count: 190,
|
|
location: "San Francisco",
|
|
name: "Sean Cook",
|
|
notifications: nil,
|
|
profile_background_color: "1A1B1F",
|
|
profile_background_image_url:
|
|
"http://a0.twimg.com/profile_background_images/495742332/purty_wood.png",
|
|
profile_background_image_url_https:
|
|
"https://si0.twimg.com/profile_background_images/495742332/purty_wood.png",
|
|
profile_background_tile: true,
|
|
profile_image_url: "http://a0.twimg.com/profile_images/1751506047/dead_sexy_normal.JPG",
|
|
profile_image_url_https:
|
|
"https://si0.twimg.com/profile_images/1751506047/dead_sexy_normal.JPG",
|
|
profile_link_color: "2FC2EF",
|
|
profile_sidebar_border_color: "181A1E",
|
|
profile_sidebar_fill_color: "252429",
|
|
profile_text_color: "666666",
|
|
profile_use_background_image: true,
|
|
protected: false,
|
|
screen_name: "theSeanCook",
|
|
show_all_inline_media: true,
|
|
statuses_count: 2609,
|
|
time_zone: "Pacific Time (US & Canada)",
|
|
url: nil,
|
|
utc_offset: -28_800,
|
|
verified: true,
|
|
email: email,
|
|
}
|
|
stub_request(:get, "https://api.twitter.com/1.1/account/verify_credentials.json").with(
|
|
query: {
|
|
include_email: true,
|
|
include_entities: false,
|
|
skip_status: true,
|
|
},
|
|
).to_return(status: 200, body: JSON.dump(body))
|
|
end
|
|
|
|
before do
|
|
SiteSetting.enable_twitter_logins = true
|
|
SiteSetting.twitter_consumer_key = consumer_key
|
|
SiteSetting.twitter_consumer_secret = consumer_secret
|
|
|
|
stub_request(:post, "https://api.twitter.com/oauth/request_token").to_return(
|
|
status: 200,
|
|
body:
|
|
Rack::Utils.build_query(
|
|
oauth_token: access_token,
|
|
oauth_token_secret: oauth_token_secret,
|
|
oauth_callback_confirmed: true,
|
|
),
|
|
headers: {
|
|
"Content-Type" => "application/x-www-form-urlencoded",
|
|
},
|
|
)
|
|
stub_request(:post, "https://api.twitter.com/oauth/access_token").to_return(
|
|
status: 200,
|
|
body:
|
|
Rack::Utils.build_query(
|
|
oauth_token: access_token,
|
|
oauth_token_secret: oauth_token_secret,
|
|
user_id: "43423432422",
|
|
screen_name: "twitterapi",
|
|
),
|
|
)
|
|
end
|
|
|
|
it "signs in the user if the API response from twitter includes an email (implies it's verified) and the email matches an existing user's" do
|
|
post "/auth/twitter"
|
|
expect(response.status).to eq(302)
|
|
expect(response.location).to start_with("https://api.twitter.com/oauth/authenticate")
|
|
|
|
setup_twitter_email_stub(email: user1.email)
|
|
|
|
post "/auth/twitter/callback", params: { state: session["omniauth.state"] }
|
|
|
|
expect(response.status).to eq(302)
|
|
expect(response.location).to eq("http://test.localhost/")
|
|
expect(session[:current_user_id]).to eq(user1.id)
|
|
end
|
|
|
|
it "doesn't sign in the user discourse connect is enabled" do
|
|
SiteSetting.discourse_connect_url = "https://example.com/sso"
|
|
SiteSetting.enable_discourse_connect = true
|
|
post "/auth/twitter"
|
|
expect(response.status).to eq(302)
|
|
expect(response.location).to start_with("https://api.twitter.com/oauth/authenticate")
|
|
|
|
setup_twitter_email_stub(email: user1.email)
|
|
|
|
post "/auth/twitter/callback", params: { state: session["omniauth.state"] }
|
|
|
|
expect(response.status).to eq(403)
|
|
expect(session[:current_user_id]).to be_blank
|
|
end
|
|
|
|
it "doesn't sign in anyone if the API response from twitter doesn't include an email (implying the user's email on twitter isn't verified)" do
|
|
post "/auth/twitter"
|
|
expect(response.status).to eq(302)
|
|
expect(response.location).to start_with("https://api.twitter.com/oauth/authenticate")
|
|
|
|
setup_twitter_email_stub(email: nil)
|
|
|
|
post "/auth/twitter/callback", params: { state: session["omniauth.state"] }
|
|
|
|
expect(response.status).to eq(302)
|
|
expect(response.location).to eq("http://test.localhost/")
|
|
expect(session[:current_user_id]).to be_blank
|
|
end
|
|
end
|