Unfloyded/Legamunt
0
0
Fork 0
Code Activity

Merge pull request from GHSA-vm39-j3vx-pch3

Browse source 
* Prevent different identities from a same SSO provider from accessing a same account

* Lock auth provider changes behind `ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH=true`

* Rename methods to avoid confusion between OAuth and OmniAuth
This commit is contained in:
Claire 2024-02-14 15:16:07 +01:00 committed by GitHub
parent 68eaa804c9
commit b31af34c97
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 44 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

2
spec/requests/omniauth_callbacks_spec.rb
View file

@ -96,7 +96,7 @@ describe 'OmniAuth callbacks' do
context 'when a user cannot be built' do
before do
allow(User).to receive(:find_for_oauth).and_return(User.new)
allow(User).to receive(:find_for_omniauth).and_return(User.new)
end
it 'redirects to the new user signup page' do