Skip to content

Commit

Permalink
Merge pull request #183 from nov/fix/double_render_on_prompt_consent
Browse files Browse the repository at this point in the history 
stop render consent screen when user is not logged-in
  • Loading branch information
@nbulaj
nbulaj authored Jan 18, 2023
2 parents 088bd1d + f0f6fb1 commit 67f6313
Show file tree
Hide file tree
Showing 3 changed files with 8 additions and 1 deletion.
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
## Unreleased

- [#PR ID] Add your changelog entry here.
- [#183] stop render consent screen when user is not logged-in

## v1.8.3 (2022-12-02)

Expand Down
2 changes: 1 addition & 1 deletion lib/doorkeeper/openid_connect/helpers/controller.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ def handle_oidc_prompt_param!(owner)
when 'login'
reauthenticate_oidc_resource_owner(owner) if owner
when 'consent'
render :new
render :new if owner
when 'select_account'
select_account_for_oidc_resource_owner(owner)
else
Expand Down
6 changes: 6 additions & 0 deletions spec/controllers/doorkeeper/authorizations_controller_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -262,6 +262,12 @@ def expect_successful_callback!
end

context 'with a prompt=consent parameter' do
it 'redirects to the sign in form if not logged in' do
authorize! prompt: 'consent', current_user: nil

expect(response).to redirect_to('/login')
end

it 'renders the authorization form even if a matching token is present' do
create :access_token, token_attributes
authorize! prompt: 'consent'
Expand Down

0 comments on commit 67f6313

Please sign in to comment.