FEATURE: raise an exception when the email is missing in the OpenId callback

2014-08-07 19:28:50 +02:00 · 2014-08-07 19:28:50 +02:00 · 7c65adfd6f
parent 1db40fce22
commit 7c65adfd6f
2 changed files with 8 additions and 1 deletions
--- a/lib/auth/open_id_authenticator.rb
+++ b/lib/auth/open_id_authenticator.rb
@ -9,13 +9,14 @@ class Auth::OpenIdAuthenticator < Auth::Authenticator
  end

  def after_authenticate(auth_token)
-
    result = Auth::Result.new

    data = auth_token[:info]
    identity_url = auth_token[:extra][:response].identity_url
    result.email = email = data[:email]

+    raise Discourse::InvalidParameters.new(:email) if email.blank?
+
    # If the auth supplies a name / username, use those. Otherwise start with email.
    result.name = data[:name] || data[:email]
    result.username = data[:nickname] || data[:email]
--- a/spec/components/auth/open_id_authenticator_spec.rb
+++ b/spec/components/auth/open_id_authenticator_spec.rb
@ -16,4 +16,10 @@ describe Auth::OpenIdAuthenticator do
    result = auth.after_authenticate(info: {email: user.email}, extra: {response: response})
    result.user.should == user
  end
+
+  it "raises an exception when email is missing" do
+    auth = Auth::OpenIdAuthenticator.new("test", "id", trusted: true)
+    response = OpenStruct.new(identity_url: 'abc')
+    -> { auth.after_authenticate(info: {}, extra: { response: response }) }.should raise_error(Discourse::InvalidParameters)
+  end
 end