FEATURE: Add revoke and reconnect functionality for google logins
This commit is contained in:
parent
578c8e861b
commit
fa399ce1c5
|
@ -117,7 +117,7 @@ export function findAll(siteSettings, capabilities, isMobileDevice) {
|
||||||
params.displayPopup = true;
|
params.displayPopup = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (["facebook"].includes(name)) {
|
if (["facebook", "google_oauth2"].includes(name)) {
|
||||||
params.canConnect = true;
|
params.canConnect = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -13,7 +13,26 @@ class Auth::GoogleOAuth2Authenticator < Auth::Authenticator
|
||||||
info&.email || info&.name || ""
|
info&.email || info&.name || ""
|
||||||
end
|
end
|
||||||
|
|
||||||
def after_authenticate(auth_hash)
|
def can_revoke?
|
||||||
|
true
|
||||||
|
end
|
||||||
|
|
||||||
|
def revoke(user, skip_remote: false)
|
||||||
|
info = GoogleUserInfo.find_by(user_id: user.id)
|
||||||
|
raise Discourse::NotFound if info.nil?
|
||||||
|
|
||||||
|
# We get a temporary token from google upon login but do not need it, and do not store it.
|
||||||
|
# Therefore we do not have any way to revoke the token automatically on google's end
|
||||||
|
|
||||||
|
info.destroy!
|
||||||
|
true
|
||||||
|
end
|
||||||
|
|
||||||
|
def can_connect_existing_user?
|
||||||
|
true
|
||||||
|
end
|
||||||
|
|
||||||
|
def after_authenticate(auth_hash, existing_account: nil)
|
||||||
session_info = parse_hash(auth_hash)
|
session_info = parse_hash(auth_hash)
|
||||||
google_hash = session_info[:google]
|
google_hash = session_info[:google]
|
||||||
|
|
||||||
|
@ -25,7 +44,14 @@ class Auth::GoogleOAuth2Authenticator < Auth::Authenticator
|
||||||
result.extra_data = google_hash
|
result.extra_data = google_hash
|
||||||
|
|
||||||
user_info = ::GoogleUserInfo.find_by(google_user_id: google_hash[:google_user_id])
|
user_info = ::GoogleUserInfo.find_by(google_user_id: google_hash[:google_user_id])
|
||||||
result.user = user_info.try(:user)
|
|
||||||
|
if existing_account && (user_info.nil? || existing_account.id != user_info.user_id)
|
||||||
|
user_info.destroy! if user_info
|
||||||
|
result.user = existing_account
|
||||||
|
user_info = GoogleUserInfo.create!({ user_id: result.user.id }.merge(google_hash))
|
||||||
|
else
|
||||||
|
result.user = user_info&.user
|
||||||
|
end
|
||||||
|
|
||||||
if !result.user && !result.email.blank? && result.email_valid
|
if !result.user && !result.email.blank? && result.email_valid
|
||||||
result.user = User.find_by_email(result.email)
|
result.user = User.find_by_email(result.email)
|
||||||
|
|
|
@ -58,6 +58,35 @@ describe Auth::GoogleOAuth2Authenticator do
|
||||||
expect(result.user.id).to eq(user.id)
|
expect(result.user.id).to eq(user.id)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it 'can connect to a different existing user account' do
|
||||||
|
authenticator = Auth::GoogleOAuth2Authenticator.new
|
||||||
|
user1 = Fabricate(:user)
|
||||||
|
user2 = Fabricate(:user)
|
||||||
|
|
||||||
|
GoogleUserInfo.create!(user_id: user1.id, google_user_id: 100)
|
||||||
|
|
||||||
|
hash = {
|
||||||
|
uid: "100",
|
||||||
|
info: {
|
||||||
|
name: "John Doe",
|
||||||
|
email: user1.email
|
||||||
|
},
|
||||||
|
extra: {
|
||||||
|
raw_info: {
|
||||||
|
email: user1.email,
|
||||||
|
email_verified: true,
|
||||||
|
name: "John Doe"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
result = authenticator.after_authenticate(hash, existing_account: user2)
|
||||||
|
|
||||||
|
expect(result.user.id).to eq(user2.id)
|
||||||
|
expect(GoogleUserInfo.exists?(user_id: user1.id)).to eq(false)
|
||||||
|
expect(GoogleUserInfo.exists?(user_id: user2.id)).to eq(true)
|
||||||
|
end
|
||||||
|
|
||||||
it 'can create a proper result for non existing users' do
|
it 'can create a proper result for non existing users' do
|
||||||
hash = {
|
hash = {
|
||||||
uid: "123456789",
|
uid: "123456789",
|
||||||
|
@ -81,4 +110,21 @@ describe Auth::GoogleOAuth2Authenticator do
|
||||||
expect(result.extra_data[:name]).to eq("Jane Doe")
|
expect(result.extra_data[:name]).to eq("Jane Doe")
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
context 'revoke' do
|
||||||
|
let(:user) { Fabricate(:user) }
|
||||||
|
let(:authenticator) { Auth::GoogleOAuth2Authenticator.new }
|
||||||
|
|
||||||
|
it 'raises exception if no entry for user' do
|
||||||
|
expect { authenticator.revoke(user) }.to raise_error(Discourse::NotFound)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'revokes correctly' do
|
||||||
|
GoogleUserInfo.create!(user_id: user.id, google_user_id: 12345, email: 'someuser@somedomain.tld')
|
||||||
|
expect(authenticator.can_revoke?).to eq(true)
|
||||||
|
expect(authenticator.revoke(user)).to eq(true)
|
||||||
|
expect(authenticator.description_for_user(user)).to eq("")
|
||||||
|
end
|
||||||
|
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue