diff --git a/lib/rodauth/features/omniauth.rb b/lib/rodauth/features/omniauth.rb index c11670e..57ce0e1 100644 --- a/lib/rodauth/features/omniauth.rb +++ b/lib/rodauth/features/omniauth.rb @@ -42,7 +42,7 @@ module Rodauth def route_omniauth! result = super - handle_omniauth_callback if omniauth_request? + handle_omniauth_callback if omniauth_strategy&.on_callback_path? result end diff --git a/lib/rodauth/features/omniauth_base.rb b/lib/rodauth/features/omniauth_base.rb index 2d2ff3b..acabda8 100644 --- a/lib/rodauth/features/omniauth_base.rb +++ b/lib/rodauth/features/omniauth_base.rb @@ -194,10 +194,6 @@ def handle_omniauth_response(res) end end - def omniauth_request? - request.env.key?("omniauth.strategy") - end - def self.included(auth) auth.extend ClassMethods auth.instance_variable_set(:@omniauth_providers, []) diff --git a/test/omniauth_test.rb b/test/omniauth_test.rb index c125a13..0bbb14e 100644 --- a/test/omniauth_test.rb +++ b/test/omniauth_test.rb @@ -135,6 +135,23 @@ assert_equal '{"name":"New Name","email":"janko@hey.com"}', DB[:account_identities].first[:info] end + it "gracefully handles GET on request phase when GET is not allowed" do + OmniAuth.config.allowed_request_methods = %i[post] + + rodauth do + enable :omniauth + omniauth_provider :developer + end + roda do |r| + r.rodauth + end + + visit "/auth/developer" + assert_equal 404, page.status_code + + OmniAuth.config.allowed_request_methods = %i[get post] + end + it "deletes omniauth identities when account is closed" do rodauth do enable :omniauth, :close_account