Only check OIDC params in authorizations#new

doorkeeper-gem · Feb 15, 2019 · 3893ea1 · michaelglass · Mar 5, 2019 · 3893ea1
1 parent 0a58fa1
commit 3893ea1
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 2 deletions.
diff --git a/lib/doorkeeper/openid_connect/helpers/controller.rb b/lib/doorkeeper/openid_connect/helpers/controller.rb
@@ -6,8 +6,9 @@ module Controller
 
         def authenticate_resource_owner!
           super.tap do |owner|
-            next unless respond_to?(:pre_auth, true)
-            next unless pre_auth.client && pre_auth.scopes.include?('openid')
+            next unless controller_path == Doorkeeper::Rails::Routes.mapping[:authorizations][:controllers] &&
+              action_name == 'new'
+            next unless pre_auth.scopes.include?('openid')
 
             handle_prompt_param!(owner)
             handle_max_age_param!(owner)

diff --git a/spec/controllers/doorkeeper/authorizations_controller_spec.rb b/spec/controllers/doorkeeper/authorizations_controller_spec.rb
@@ -53,6 +53,12 @@ def expect_successful_callback!
   end
 
   describe '#handle_prompt_param!' do
+    it 'is ignored when the openid scope is not present' do
+      authorize! scope: 'profile', prompt: 'invalid'
+
+      expect_authorization_form!
+    end
+
     context 'with a prompt=none parameter' do
       context 'and a matching token' do
         before do