Merge pull request #15248 from CartoDB/fix_oauth_app_no_user

fix oauth consent screen
5 years ago · 1401ffcace
parent 1f88767c10 53533ebd49
commit 1401ffcace
3 changed files with 24 additions and 2 deletions
--- a/NEWS.md
+++ b/NEWS.md
@ -8,7 +8,7 @@ Development
 - None yet

 ### Bug fixes / enhancements
- None yet
+- Fix consent screen in OAuth apps without user ([#15247](https://github.com/CartoDB/cartodb/pull/15247))

 4.31.0 (2019-11-19)
 -------------------
--- a/app/views/carto/oauth_provider/_header.html.erb
+++ b/app/views/carto/oauth_provider/_header.html.erb
@ -2,7 +2,7 @@
 <% if @error.blank? %>
  <h1 class='oauth-form__title'>Request for permission</h1>
  <h2 class='oauth-form__subtitle'>
-    <strong><%= @oauth_app.name %></strong> by <strong><%= @oauth_app.user.name_or_username %></strong> would like permission to access your account
+    <strong><%= @oauth_app.name %></strong> <% if @oauth_app.user %>by <strong><%= @oauth_app.user.name_or_username %></strong><% end %> would like permission to access your account
  </h2>
 <% else %>
  <h1 class='oauth-form__title'>Something went wrong</h1>
--- a/spec/requests/carto/oauth_provider_controller_spec.rb
+++ b/spec/requests/carto/oauth_provider_controller_spec.rb
@ -277,6 +277,28 @@ describe Carto::OauthProviderController do
      expect(response.body).to(include(valid_payload[:state]))
    end

+    it 'with valid payload, shows the username in the consent form' do
+      get oauth_provider_authorize_url(valid_payload)
+
+      expect(response.status).to(eq(200))
+      expect(response.body).to(include(valid_payload[:client_id]))
+      expect(response.body).to(include(valid_payload[:state]))
+      expect(response.body).to(include("by <strong>#{@oauth_app.user.name_or_username}"))
+    end
+
+    it 'with valid payload, does not show the username in the consent form if the oauth_app does not have user' do
+      @oauth_app.user = nil
+      @oauth_app.avoid_sync_central = true
+      @oauth_app.stubs(:central_enabled?).returns(true)
+      @oauth_app.save!
+      get oauth_provider_authorize_url(valid_payload)
+
+      expect(response.status).to(eq(200))
+      expect(response.body).to(include(valid_payload[:client_id]))
+      expect(response.body).to(include(valid_payload[:state]))
+      expect(response.body).to_not(include("by <strong>"))
+    end
+
    it 'with valid payload and datasets scopes shows the consent form' do
      user_table = FactoryGirl.create(:carto_user_table, :with_db_table, user_id: @developer.id)
      scopes = ["datasets:r:#{user_table.name}", "datasets:metadata"]