Unfloyded/Legamunt
0
0
Fork 0
Code Activity

Merge pull request from GHSA-vm39-j3vx-pch3

Browse source 
* Prevent different identities from a same SSO provider from accessing a same account

* Lock auth provider changes behind `ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH=true`

* Rename methods to avoid confusion between OAuth and OmniAuth
This commit is contained in:
Claire 2024-02-14 15:16:07 +01:00 committed by GitHub
parent 68eaa804c9
commit b31af34c97
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 44 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

6
spec/models/identity_spec.rb
View file

@ -3,19 +3,19 @@
require 'rails_helper'
RSpec.describe Identity do
describe '.find_for_oauth' do
describe '.find_for_omniauth' do
let(:auth) { Fabricate(:identity, user: Fabricate(:user)) }
it 'calls .find_or_create_by' do
allow(described_class).to receive(:find_or_create_by)
described_class.find_for_oauth(auth)
described_class.find_for_omniauth(auth)
expect(described_class).to have_received(:find_or_create_by).with(uid: auth.uid, provider: auth.provider)
end
it 'returns an instance of Identity' do
expect(described_class.find_for_oauth(auth)).to be_instance_of described_class
expect(described_class.find_for_omniauth(auth)).to be_instance_of described_class
end
end
end