Skip to content

Commit

Permalink
avoid double rendering on "prompt=login consent"
Browse files Browse the repository at this point in the history
  • Loading branch information
@nov
nov committed Feb 4, 2025
1 parent 65af57e commit 2484968
Show file tree
Hide file tree
Showing 3 changed files with 7 additions and 4 deletions.
2 changes: 1 addition & 1 deletion lib/doorkeeper/openid_connect/helpers/controller.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ def handle_oidc_error!(exception)
def handle_oidc_prompt_param!(owner)
prompt_values ||= params[:prompt].to_s.split(/ +/).uniq

priority = ['none', 'login', 'consent', 'select_account']
priority = ['none', 'consent', 'login', 'select_account']
prompt_values.sort_by! do |prompt|
priority.find_index(prompt).to_i
end
Expand Down
5 changes: 2 additions & 3 deletions spec/controllers/doorkeeper/authorizations_controller_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -307,9 +307,8 @@ def expect_successful_callback!

# FIXME:
it 'when login+consent' do
expect do
authorize! prompt: 'login consent'
end.to raise_error AbstractController::DoubleRenderError
authorize! prompt: 'login consent'
expect(response).to redirect_to('/reauthenticate')
end
end

Expand Down
4 changes: 4 additions & 0 deletions spec/dummy/config/initializers/doorkeeper_openid_connect.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,10 @@
end

reauthenticate_resource_owner do |_resource_owner, _return_to|
# NOTE: avoid double rendering
# ref. https://github.com/doorkeeper-gem/doorkeeper-openid_connect/blob/88f2df8ec0f934611070def307afb24ac67a2f76/lib/generators/doorkeeper/openid_connect/templates/initializer.rb#L33-L38
self.response_body = nil
@_response_body = nil
redirect_to '/reauthenticate'
end

Expand Down

0 comments on commit 2484968

Please sign in to comment.