Merge pull request #73 from volmer/master

Do not include query params in callback URLs
omniauth · May 23, 2017 · 1888397 · 1888397
2 parents a893c2b + d8d5c21
commit 1888397
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 0 deletions.
diff --git a/lib/omniauth/strategies/github.rb b/lib/omniauth/strategies/github.rb
@@ -69,6 +69,10 @@ def email_access_allowed?
         scopes = options['scope'].split(',')
         (scopes & email_scopes).any?
       end
+
+      def callback_url
+        full_host + script_name + callback_path
+      end
     end
   end
 end

diff --git a/spec/omniauth/strategies/github_spec.rb b/spec/omniauth/strategies/github_spec.rb
@@ -149,4 +149,13 @@
       expect(subject.info['urls']['GitHub']).to eq('http://enterprise/me')
     end
   end
+
+  describe '#callback_url' do
+    it 'is a combination of host, script name, and callback path' do
+      allow(subject).to receive(:full_host).and_return('https://example.com')
+      allow(subject).to receive(:script_name).and_return('/sub_uri')
+
+      expect(subject.callback_url).to eq('https://example.com/sub_uri/auth/github/callback')
+    end
+  end
 end