Skip to content

Commit

Permalink
handle_oidc_prompt_param! now honors skip_authorization? setting
Browse files Browse the repository at this point in the history
  • Loading branch information
jarosan committed Aug 29, 2019
1 parent 3025755 commit e7c9611
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 1 deletion.
7 changes: 6 additions & 1 deletion lib/doorkeeper/openid_connect/helpers/controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ def handle_oidc_prompt_param!(owner)
when 'none' then
raise Errors::InvalidRequest if (prompt_values - [ 'none' ]).any?
raise Errors::LoginRequired unless owner
raise Errors::ConsentRequired unless matching_tokens_for_oidc_resource_owner(owner).present?
raise Errors::ConsentRequired if oidc_consent_required?(owner)
when 'login' then
reauthenticate_oidc_resource_owner(owner) if owner
when 'consent' then
Expand Down Expand Up @@ -100,6 +100,11 @@ def matching_tokens_for_oidc_resource_owner(owner)
Doorkeeper::AccessToken.scopes_match?(token.scopes, pre_auth.scopes, pre_auth.client.scopes)
end
end

def oidc_consent_required?(owner)
return false if skip_authorization?
matching_tokens_for_oidc_resource_owner(owner).blank?
end
end
end
end
Expand Down
7 changes: 7 additions & 0 deletions spec/controllers/doorkeeper/authorizations_controller_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -138,6 +138,13 @@ def expect_successful_callback!
end

context 'and no matching token' do
it 'redirects to the callback if skip_authorization is set to true' do
allow(controller).to receive(:skip_authorization?) { true }

authorize! prompt: 'none'
expect_successful_callback!
end

it 'returns a consent_required error when logged in' do
authorize! prompt: 'none'

Expand Down

0 comments on commit e7c9611

Please sign in to comment.