From 5ee277fa22e98543ccb76f90efda0ac7076f7e40 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Lang Date: Sat, 21 Dec 2013 12:04:38 +0000 Subject: [PATCH] Fixed that OpenID authentication fails with 422 error due to token verification (#15735). git-svn-id: http://svn.redmine.org/redmine/trunk@12438 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- app/controllers/account_controller.rb | 8 ++++++++ test/functional/account_controller_openid_test.rb | 10 ++++++++++ 2 files changed, 18 insertions(+) diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb index d39fc2ace..a3768d403 100644 --- a/app/controllers/account_controller.rb +++ b/app/controllers/account_controller.rb @@ -22,6 +22,14 @@ class AccountController < ApplicationController # prevents login action to be filtered by check_if_login_required application scope filter skip_before_filter :check_if_login_required, :check_password_change + # Overrides ApplicationController#verify_authenticity_token to disable + # token verification on openid callbacks + def verify_authenticity_token + unless using_open_id? + super + end + end + # Login request and validation def login if request.get? diff --git a/test/functional/account_controller_openid_test.rb b/test/functional/account_controller_openid_test.rb index d99becc8e..e6c72c145 100644 --- a/test/functional/account_controller_openid_test.rb +++ b/test/functional/account_controller_openid_test.rb @@ -131,6 +131,16 @@ class AccountControllerOpenidTest < ActionController::TestCase assert_select 'input[name=?][value=?]', 'user[identity_url]', 'http://openid.example.com/good_blank_user' end + def test_post_login_should_not_verify_token_when_using_open_id + ActionController::Base.allow_forgery_protection = true + AccountController.any_instance.stubs(:using_open_id?).returns(true) + AccountController.any_instance.stubs(:authenticate_with_open_id).returns(true) + post :login + assert_response 200 + ensure + ActionController::Base.allow_forgery_protection = false + end + def test_register_after_login_failure_should_not_require_user_to_enter_a_password Setting.self_registration = '3'