use callback_url without query_string when building access_token

zquestz · Oct 27, 2015 · 1adf026 · 1adf026
1 parent b441904
commit 1adf026
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 5 deletions.
diff --git a/lib/omniauth/strategies/google_oauth2.rb b/lib/omniauth/strategies/google_oauth2.rb
@@ -100,14 +100,18 @@ def custom_build_access_token
         elsif verify_token(request.params['id_token'], request.params['access_token'])
           ::OAuth2::AccessToken.from_hash(client, request.params.dup)
         else
-          orig_build_access_token
+          verifier = request.params["code"]
+          client.auth_code.get_token(verifier, get_token_options(callback_url), deep_symbolize(options.auth_token_params))
         end
       end
-      alias_method :orig_build_access_token, :build_access_token
       alias_method :build_access_token, :custom_build_access_token
 
       private
 
+      def callback_url
+        options[:redirect_uri] || (full_host + script_name + callback_path)
+      end
+
       def get_token_options(redirect_uri)
         { :redirect_uri => redirect_uri }.merge(token_params.to_hash(:symbolize_keys => true))
       end

diff --git a/spec/omniauth/strategies/google_oauth2_spec.rb b/spec/omniauth/strategies/google_oauth2_spec.rb
@@ -255,9 +255,15 @@
   end
 
   describe '#callback_path' do
-    it 'has the correct callback path' do
+    it 'has the correct default callback path' do
       expect(subject.callback_path).to eq('/auth/google_oauth2/callback')
     end
+
+    it 'should set the callback_path parameter if present' do
+      @options = {:callback_path => '/auth/foo/callback'}
+      expect(subject.callback_path).to eq('/auth/foo/callback')
+    end
+
   end
 
   describe '#extra' do
@@ -531,10 +537,17 @@
       expect(token.client).to eq(:client)
     end
 
-    it 'should call super if this is not an AJAX request' do
+    it 'should use callback_url without query_string if this is not an AJAX request' do
       allow(request).to receive(:xhr?).and_return(false)
       allow(request).to receive(:params).and_return('code' => 'valid_code')
-      expect(subject).to receive(:orig_build_access_token)
+
+      client = double(:client)
+      auth_code = double(:auth_code)
+      allow(client).to receive(:auth_code).and_return(auth_code)
+      allow(subject).to receive(:callback_url).and_return('redirect_uri_without_query_string')
+
+      expect(subject).to receive(:client).and_return(client)
+      expect(auth_code).to receive(:get_token).with('valid_code', { :redirect_uri => 'redirect_uri_without_query_string'}, {})
       subject.build_access_token
     end
   end