Merge pull request #1027 from jkowens/patch-1

Allow OmniAuthAuthenticityTokenProtection options to be configured
omniauth · Jan 16, 2021 · b55ad4c · b55ad4c
2 parents 74e3efb + 52fea4e
commit b55ad4c
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 0 deletions.
diff --git a/lib/omniauth/authenticity_token_protection.rb b/lib/omniauth/authenticity_token_protection.rb
@@ -18,6 +18,8 @@ def call!(env)
       react env
     end
 
+    alias_method :call, :call!
+
   private
 
     def deny(_env)

diff --git a/spec/omniauth/strategy_spec.rb b/spec/omniauth/strategy_spec.rb
@@ -973,6 +973,19 @@ def make_env(path = '/auth/test', props = {})
         end
       end
 
+      context 'with custom allow_if proc' do
+        before do
+          OmniAuth.config.request_validation_phase = OmniAuth::AuthenticityTokenProtection.new(allow_if: ->(env) { true })
+        end
+
+        it 'allows a valid request' do
+          expect(strategy).to receive(:fail!).with('Request Phase', kind_of(StandardError))
+
+          post_env = make_env('/auth/test')
+          strategy.call(post_env)
+        end
+      end
+
       after do
         OmniAuth.config.request_validation_phase = nil
       end