mstdn.y-zu.org/mastodon
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request from GHSA-vm39-j3vx-pch3

Browse Source 
* Prevent different identities from a same SSO provider from accessing a same account

* Lock auth provider changes behind `ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH=true`

* Rename methods to avoid confusion between OAuth and OmniAuth
This commit is contained in:
Claire
2024-02-14 15:16:07 +01:00
committed by GitHub
parent d807b3960e
commit 6f36b633a7
4 changed files with 43 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
spec/models/identity_spec.rb
View File

@@ -1,16 +1,16 @@
require 'rails_helper'
RSpec.describe Identity, type: :model do
describe '.find_for_oauth' do
describe '.find_for_omniauth' do
let(:auth) { Fabricate(:identity, user: Fabricate(:user)) }
it 'calls .find_or_create_by' do
expect(described_class).to receive(:find_or_create_by).with(uid: auth.uid, provider: auth.provider)
described_class.find_for_oauth(auth)
described_class.find_for_omniauth(auth)
end
it 'returns an instance of Identity' do
expect(described_class.find_for_oauth(auth)).to be_instance_of Identity
expect(described_class.find_for_omniauth(auth)).to be_instance_of Identity
end
end
end