Merge pull request #25 from adifsgaid/fix-rack-3-compatibility

omniauth · Aug 27, 2024 · 3584f6a · 3584f6a
2 parents b6cfec0 + b2c5ddb
commit 3584f6a
Show file tree

Hide file tree

Showing 4 changed files with 42 additions and 2 deletions.
diff --git a/lib/omniauth-oauth/version.rb b/lib/omniauth-oauth/version.rb
@@ -1,5 +1,5 @@
 module OmniAuth
   module OAuth
-    VERSION = "1.2.0"
+    VERSION = "1.2.1"
   end
 end
diff --git a/lib/omniauth/strategies/oauth.rb b/lib/omniauth/strategies/oauth.rb
@@ -48,7 +48,7 @@ def callback_phase # rubocop:disable MethodLength
 
         opts = {}
         if session["oauth"][name.to_s]["callback_confirmed"]
-          opts[:oauth_verifier] = request["oauth_verifier"]
+          opts[:oauth_verifier] = request.respond_to?(:params) ? request.params["oauth_verifier"] : request["oauth_verifier"]
         else
           opts[:oauth_callback] = callback_url
         end

diff --git a/omniauth-oauth.gemspec b/omniauth-oauth.gemspec
@@ -10,6 +10,7 @@ Gem::Specification.new do |gem|
 
   gem.add_dependency "omniauth", ">= 1.0", "< 3"
   gem.add_dependency "oauth"
+  gem.add_dependency "rack", ">= 1.6.2", "< 4"
 
   gem.executables   = `git ls-files -- bin/*`.split("\n").map { |f| File.basename(f) }
   gem.files         = `git ls-files`.split("\n")

diff --git a/spec/omniauth/strategies/oauth_spec.rb b/spec/omniauth/strategies/oauth_spec.rb
@@ -132,6 +132,45 @@ def session
     end
   end
 
+  describe "/auth/{name}/callback with Rack 2.x and 3.x" do
+    before do
+      stub_request(:post, "https://api.example.org/oauth/access_token").
+        to_return(:body => "oauth_token=yourtoken&oauth_token_secret=yoursecret")
+    end
+
+    context "Rack 2.x style request" do
+      before do
+        get "/auth/example.org/callback", {"oauth_verifier" => "dudeman"}, "rack.session" => {"oauth" => {"example.org" => {"callback_confirmed" => true, "request_token" => "yourtoken", "request_secret" => "yoursecret"}}}
+      end
+
+      it "should exchange the request token for an access token" do
+        expect(last_request.env["omniauth.auth"]["provider"]).to eq("example.org")
+        expect(last_request.env["omniauth.auth"]["extra"]["access_token"]).to be_kind_of(OAuth::AccessToken)
+      end
+
+      it "should call through to the master app" do
+        expect(last_response.body).to eq("true")
+      end
+    end
+
+    context "Rack 3.x style request" do
+      before do
+        # Simulate Rack 3.x behavior by putting oauth_verifier in the params
+        allow_any_instance_of(Rack::Request).to receive(:params).and_return({"oauth_verifier" => "dudeman"})
+        get "/auth/example.org/callback", {}, "rack.session" => {"oauth" => {"example.org" => {"callback_confirmed" => true, "request_token" => "yourtoken", "request_secret" => "yoursecret"}}}
+      end
+
+      it "should exchange the request token for an access token" do
+        expect(last_request.env["omniauth.auth"]["provider"]).to eq("example.org")
+        expect(last_request.env["omniauth.auth"]["extra"]["access_token"]).to be_kind_of(OAuth::AccessToken)
+      end
+
+      it "should call through to the master app" do
+        expect(last_response.body).to eq("true")
+      end
+    end
+  end
+
   describe "/auth/{name}/callback with expired session" do
     before do
       stub_request(:post, "https://api.example.org/oauth/access_token").