Fix user creation failure handling in OAuth paths (#29207)

This commit is contained in:
Claire 2024-02-14 22:49:45 +01:00
parent 486e4bc7d3
commit e7ca82762d
3 changed files with 7 additions and 1 deletions

View file

@ -17,6 +17,9 @@ class Auth::OmniauthCallbacksController < Devise::OmniauthCallbacksController
session["devise.#{provider}_data"] = request.env['omniauth.auth'] session["devise.#{provider}_data"] = request.env['omniauth.auth']
redirect_to new_user_registration_url redirect_to new_user_registration_url
end end
rescue ActiveRecord::RecordInvalid
flash[:alert] = I18n.t('devise.failure.omniauth_user_creation_failure') if is_navigational_format?
redirect_to new_user_session_url
end end
end end

View file

@ -12,6 +12,7 @@ en:
last_attempt: You have one more attempt before your account is locked. last_attempt: You have one more attempt before your account is locked.
locked: Your account is locked. locked: Your account is locked.
not_found_in_database: Invalid %{authentication_keys} or password. not_found_in_database: Invalid %{authentication_keys} or password.
omniauth_user_creation_failure: Error creating an account for this identity.
pending: Your account is still under review. pending: Your account is still under review.
timeout: Your session expired. Please login again to continue. timeout: Your session expired. Please login again to continue.
unauthenticated: You need to login or sign up before continuing. unauthenticated: You need to login or sign up before continuing.

View file

@ -60,11 +60,13 @@ describe 'OmniAuth callbacks' do
end end
context 'when ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH is not set to true' do context 'when ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH is not set to true' do
it 'does not match the existing user or create an identity' do it 'does not match the existing user or create an identity, and redirects to login page' do
expect { subject } expect { subject }
.to not_change(User, :count) .to not_change(User, :count)
.and not_change(Identity, :count) .and not_change(Identity, :count)
.and not_change(LoginActivity, :count) .and not_change(LoginActivity, :count)
expect(response).to redirect_to(new_user_session_url)
end end
end end
end end