Fix user creation failure handling in OAuth paths (#29207)

main
Claire 2024-02-14 22:49:45 +01:00 committed by GitHub
parent 844aa59bdf
commit d4d0565b0f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 7 additions and 1 deletions

View File

@ -17,6 +17,9 @@ class Auth::OmniauthCallbacksController < Devise::OmniauthCallbacksController
session["devise.#{provider}_data"] = request.env['omniauth.auth'] session["devise.#{provider}_data"] = request.env['omniauth.auth']
redirect_to new_user_registration_url redirect_to new_user_registration_url
end end
rescue ActiveRecord::RecordInvalid
flash[:alert] = I18n.t('devise.failure.omniauth_user_creation_failure') if is_navigational_format?
redirect_to new_user_session_url
end end
end end

View File

@ -12,6 +12,7 @@ en:
last_attempt: You have one more attempt before your account is locked. last_attempt: You have one more attempt before your account is locked.
locked: Your account is locked. locked: Your account is locked.
not_found_in_database: Invalid %{authentication_keys} or password. not_found_in_database: Invalid %{authentication_keys} or password.
omniauth_user_creation_failure: Error creating an account for this identity.
pending: Your account is still under review. pending: Your account is still under review.
timeout: Your session expired. Please login again to continue. timeout: Your session expired. Please login again to continue.
unauthenticated: You need to login or sign up before continuing. unauthenticated: You need to login or sign up before continuing.

View File

@ -60,11 +60,13 @@ describe 'OmniAuth callbacks' do
end end
context 'when ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH is not set to true' do context 'when ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH is not set to true' do
it 'does not match the existing user or create an identity' do it 'does not match the existing user or create an identity, and redirects to login page' do
expect { subject } expect { subject }
.to not_change(User, :count) .to not_change(User, :count)
.and not_change(Identity, :count) .and not_change(Identity, :count)
.and not_change(LoginActivity, :count) .and not_change(LoginActivity, :count)
expect(response).to redirect_to(new_user_session_url)
end end
end end
end end