Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 0 additions & 2 deletions back/Gemfile
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,5 @@ gem 'omniauth-github'
gem "omniauth-rails_csrf_protection"
# GitHubAPI用
gem "octokit"
# フロントとバックを分けているので同じサイト判定させるためのgem
gem 'rails_same_site_cookie'
# envを使うためのGem
gem 'dotenv-rails'
5 changes: 0 additions & 5 deletions back/Gemfile.lock
Original file line number Diff line number Diff line change
Expand Up @@ -241,9 +241,6 @@ GEM
rails-html-sanitizer (1.6.0)
loofah (~> 2.21)
nokogiri (~> 1.14)
rails_same_site_cookie (0.1.9)
rack (>= 1.5)
user_agent_parser (~> 2.6)
railties (7.1.3.2)
actionpack (= 7.1.3.2)
activesupport (= 7.1.3.2)
Expand Down Expand Up @@ -292,7 +289,6 @@ GEM
tzinfo (2.0.6)
concurrent-ruby (~> 1.0)
uri (0.13.0)
user_agent_parser (2.17.0)
version_gem (1.1.4)
warden (1.2.9)
rack (>= 2.0.9)
Expand Down Expand Up @@ -326,7 +322,6 @@ DEPENDENCIES
puma (>= 5.0)
rack-cors
rails (~> 7.1.3, >= 7.1.3.2)
rails_same_site_cookie
rspec-rails
shoulda-matchers
tzinfo-data
Expand Down
10 changes: 5 additions & 5 deletions back/app/controllers/application_controller.rb
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
class ApplicationController < ActionController::API
include ActionController::Cookies
include DeviseTokenAuth::Concerns::SetUserByToken
before_action :set_auth_headers_from_cookies
prepend_before_action :set_auth_headers_from_cookies

private

def set_auth_headers_from_cookies
request.headers['access-token'] ||= cookies['access-token']
request.headers['client'] ||= cookies['client']
request.headers['uid'] ||= cookies['uid']
request.headers['expiry'] ||= cookies['expiry']
request.headers['access-token'] ||= request.cookies['access-token']
request.headers['client'] ||= request.cookies['client']
request.headers['uid'] ||= request.cookies['uid']
request.headers['expiry'] ||= request.cookies['expiry']
end
end
5 changes: 5 additions & 0 deletions back/app/controllers/auth/omniauth_callbacks_controller.rb
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
class Auth::OmniauthCallbacksController < DeviseTokenAuth::OmniauthCallbacksController
skip_before_action :set_auth_headers_from_cookies

# API-only mode does not include flash, so no-op to prevent NameError
def set_flash_message(key, kind, options = {}); end
alias_method :set_flash_message!, :set_flash_message

def redirect_callbacks
user = User.from_omniauth(request.env['omniauth.auth'])
Expand Down
13 changes: 13 additions & 0 deletions back/spec/requests/api/v1/users_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,19 @@
expect(json['success']).to be true
expect(json['user']['name']).to eq(user.name)
end

it 'Cookieで認証できる' do
tokens = auth_headers(user)
cookies['access-token'] = tokens['access-token']
cookies['client'] = tokens['client']
cookies['uid'] = tokens['uid']
cookies['expiry'] = tokens['expiry']

get '/api/v1/me'
expect(response).to have_http_status(:ok)
json = JSON.parse(response.body)
expect(json['success']).to be true
end
end

context '未認証の場合' do
Expand Down
62 changes: 62 additions & 0 deletions back/spec/requests/auth/omniauth_callbacks_spec.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
require 'rails_helper'

RSpec.describe 'Auth::OmniauthCallbacks', type: :request do
let(:omniauth_auth) do
OmniAuth::AuthHash.new({
provider: 'github',
uid: 'github_uid_test',
info: { name: 'Test User', email: 'test@example.com', nickname: 'testuser' },
credentials: { token: 'github_access_token' }
})
end

before do
OmniAuth.config.test_mode = true
OmniAuth.config.request_validation_phase = nil
OmniAuth.config.mock_auth[:github] = omniauth_auth
end

after do
OmniAuth.config.test_mode = false
OmniAuth.config.request_validation_phase = OmniAuth::AuthenticityTokenProtection
end

describe 'GET /omniauth/github/callback' do
context '新規ユーザーの場合' do
it 'ユーザーを作成してrecordページにリダイレクトする' do
get '/omniauth/github/callback'
expect(response).to redirect_to("#{ENV['FRONT_URL']}/record")
end

it '認証Cookieをセットする' do
get '/omniauth/github/callback'
expect(response.cookies['access-token']).to be_present
expect(response.cookies['client']).to be_present
expect(response.cookies['uid']).to be_present
expect(response.cookies['expiry']).to be_present
end
end

context '既存ユーザーの場合' do
before { create(:user, uid: 'github_uid_test', provider: 'github') }

it 'recordページにリダイレクトする' do
get '/omniauth/github/callback'
expect(response).to redirect_to("#{ENV['FRONT_URL']}/record")
end
end

context 'GitHubユーザーが取得できない場合' do
before do
allow(User).to receive(:from_omniauth).and_return(
build(:user, uid: nil).tap { |u| u.valid? }
)
end

it 'エラーページにリダイレクトする' do
get '/omniauth/github/callback'
expect(response.location).to include('status=error')
end
end
end
end
Loading