From 90108b245095cad0eb3dc4f98e1a09f4ca6a3ca2 Mon Sep 17 00:00:00 2001
From: David Taylor <david@taylorhq.com>
Date: Thu, 8 Aug 2019 15:49:09 +0100
Subject: [PATCH] FIX: Correct OmniAuth route ordering

/auth/failure should be given higher precedence than /auth/:provider
---
 config/routes.rb                                    | 2 +-
 spec/requests/omniauth_callbacks_controller_spec.rb | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/config/routes.rb b/config/routes.rb
index fb0cda2cf23..88db857f3a7 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -599,9 +599,9 @@ Discourse::Application.routes.draw do
     end
   end
 
+  match "/auth/failure", to: "users/omniauth_callbacks#failure", via: [:get, :post]
   get "/auth/:provider", to: "users/omniauth_callbacks#confirm_request"
   match "/auth/:provider/callback", to: "users/omniauth_callbacks#complete", via: [:get, :post]
-  match "/auth/failure", to: "users/omniauth_callbacks#failure", via: [:get, :post]
   get "/associate/:token", to: "users/associate_accounts#connect_info", constraints: { token: /\h{32}/ }
   post "/associate/:token", to: "users/associate_accounts#connect", constraints: { token: /\h{32}/ }
 
diff --git a/spec/requests/omniauth_callbacks_controller_spec.rb b/spec/requests/omniauth_callbacks_controller_spec.rb
index 82a424b0bb6..2f4df1be52a 100644
--- a/spec/requests/omniauth_callbacks_controller_spec.rb
+++ b/spec/requests/omniauth_callbacks_controller_spec.rb
@@ -84,6 +84,12 @@ RSpec.describe Users::OmniauthCallbacksController do
       SiteSetting.enable_google_oauth2_logins = true
     end
 
+    it "should display the failure message if needed" do
+      get "/auth/failure"
+      expect(response.status).to eq(200)
+      expect(response.body).to include(I18n.t("login.omniauth_error"))
+    end
+
     describe "request" do
       it "should error for non existant authenticators" do
         post "/auth/fake_auth"