lynndylanhurley · Charlie-Hua · Dec 16, 2016 · Dec 16, 2016 · Dec 16, 2016 · Oct 11, 2017
diff --git a/Gemfile b/Gemfile
@@ -15,11 +15,12 @@ gemspec
 
 group :development, :test do
   gem 'thor'
-  gem "figaro",                 :github => 'laserlemon/figaro'
-  gem 'omniauth-github',        :git => 'git://github.com/intridea/omniauth-github.git'
-  gem 'omniauth-facebook',      :git => 'git://github.com/mkdynamic/omniauth-facebook.git'
-  gem 'omniauth-google-oauth2', :git => 'git://github.com/zquestz/omniauth-google-oauth2.git'
-  gem 'rack-cors',              :require => 'rack/cors'
+  gem "figaro",                         :github => 'laserlemon/figaro'
+  gem 'omniauth-github',                :git => 'git://github.com/intridea/omniauth-github.git'
+  gem 'omniauth-facebook',              :git => 'git://github.com/mkdynamic/omniauth-facebook.git'
+  gem 'omniauth-facebook-access-token', :git => 'git://github.com/SoapSeller/omniauth-facebook-access-token'
+  gem 'omniauth-google-oauth2',         :git => 'git://github.com/zquestz/omniauth-google-oauth2.git'
+  gem 'rack-cors',                      :require => 'rack/cors'
   gem 'attr_encrypted'
 
   # testing

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -1,3 +1,11 @@
+GIT
+  remote: git://github.com/SoapSeller/omniauth-facebook-access-token
+  revision: 1125e764ef8d997b20a3bedf068cc1b135cb5700
+  specs:
+    omniauth-facebook-access-token (0.1.8)
+      oauth2 (~> 1.0.0)
+      omniauth (~> 1.2)
+
 GIT
   remote: git://github.com/intridea/omniauth-github.git
   revision: 45f2fc73d6d06f30863adac0e6aa112bcaaadf67
@@ -273,6 +281,7 @@ DEPENDENCIES
   mocha
   mysql2
   omniauth-facebook!
+  omniauth-facebook-access-token!
   omniauth-github!
   omniauth-google-oauth2!
   pg
@@ -283,4 +292,4 @@ DEPENDENCIES
   thor
 
 BUNDLED WITH
-   1.11.2
+   1.13.6
diff --git a/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb b/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb
@@ -209,6 +209,10 @@ def render_data_or_redirect(message, data, user_data = {})
 
         # build and redirect to destination url
         redirect_to DeviseTokenAuth::Url.generate(auth_origin_url, data.merge(blank: true))
+
+      elsif using_access_token_strategy?
+        render json: { success: true, data: user_data.merge(data).merge({message: message}) }
+
       else
 
         # there SHOULD always be an auth_origin_url, but if someone does something silly
@@ -219,6 +223,10 @@ def render_data_or_redirect(message, data, user_data = {})
       end
     end
 
+    def using_access_token_strategy?
+      request.env['omniauth.strategy'] && request.env['omniauth.strategy'].class.name.match('AccessToken')
+    end
+
     def fallback_render(text)
         render inline: %Q|
 

diff --git a/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb b/test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb
@@ -16,6 +16,183 @@ class OmniauthTest < ActionDispatch::IntegrationTest
     @redirect_url = "http://ng-token-auth.dev/"
   end
 
+  describe 'success callback' do
+    setup do
+      OmniAuth.config.mock_auth[:facebook_access_token] = OmniAuth::AuthHash.new({
+        :provider => 'facebook',
+        :uid => '123545',
+        :info => {
+          name: 'chong',
+          email: '[email protected]'
+        }
+      })
+    end
+
+    before do
+      DeviseTokenAuth::OmniauthCallbacksController.any_instance.stubs(:using_access_token_strategy?).returns(true)      
+    end
+
+    after do
+      DeviseTokenAuth::OmniauthCallbacksController.any_instance.unstub(:using_access_token_strategy?)
+    end
+
+    test 'user should have been created' do
+      get_success
+      assert @resource
+    end
+
+    test 'user should be assigned info from provider' do
+      get_success
+      assert_equal '[email protected]', @resource.email
+    end
+
+    test 'user should be assigned token' do
+      get_success
+      client_id = controller.auth_params[:client_id]
+      token = controller.auth_params[:auth_token]
+      expiry = controller.auth_params[:expiry]
+
+      # the expiry should have been set
+      assert_equal expiry, @resource.tokens[client_id][:expiry]
+      # the token sent down to the client should now be valid
+      assert @resource.valid_token?(token, client_id)
+    end
+
+    test 'response contains all expected data' do
+      get_success
+      assert_expected_data
+    end
+
+    test 'sign_in was called' do
+      User.any_instance.expects(:sign_in)
+      get_success
+    end
+
+    describe 'with default user model' do
+      before do
+        get_success
+      end
+      test 'request should determine the correct resource_class' do
+        assert_equal 'User', controller.send(:omniauth_params)['resource_class']
+      end
+
+      test 'user should be of the correct class' do
+        assert_equal User, @resource.class
+      end
+    end
+
+    describe 'with alternate user model' do
+      before do
+        get_via_redirect '/mangs/facebook_access_token', {
+          favorite_color: @fav_color,
+          name: @unpermitted_param
+        }
+        assert_equal 200, response.status
+        @resource = assigns(:resource)
+      end
+      test 'request should determine the correct resource_class' do
+        assert_equal 'Mang', controller.send(:omniauth_params)['resource_class']
+      end
+        test 'user should be of the correct class' do
+        assert_equal Mang, @resource.class
+      end
+    end
+
+    describe 'pass additional params' do
+      before do
+        @fav_color = 'alizarin crimson'
+        @unpermitted_param = "M. Bison"
+        get_via_redirect '/auth/facebook_access_token', {
+          favorite_color: @fav_color,
+          name: @unpermitted_param
+        }
+
+        @resource = assigns(:resource)
+      end
+
+      test 'status shows success' do
+        assert_equal 200, response.status
+      end
+
+      test 'additional attribute was passed' do
+        assert_equal @fav_color, @resource.favorite_color
+      end
+
+      test 'non-whitelisted attributes are ignored' do
+        refute_equal @unpermitted_param, @resource.name
+      end
+    end
+
+    describe "oauth registration attr" do
+      after do
+        User.any_instance.unstub(:new_record?)
+      end
+
+      describe 'with existing user' do
+        before do
+          User.any_instance.expects(:new_record?).returns(false).at_least_once
+        end
+
+        test 'response does not contain oauth_registration attr' do
+
+          get_via_redirect '/auth/facebook_access_token'
+
+          assert_equal false, controller.auth_params.key?(:oauth_registration)
+        end
+      end
+
+      describe 'with new user' do
+        before do
+          User.any_instance.expects(:new_record?).returns(true).at_least_once
+        end
+
+        test 'response contains oauth_registration attr' do
+
+          get_via_redirect '/auth/facebook_access_token'
+
+          assert_equal true, controller.auth_params[:oauth_registration]
+        end
+      end
+    end
+
+    describe 'using namespaces' do
+      before do
+        get_via_redirect '/api/v1/auth/facebook_access_token'
+
+        @resource = assigns(:resource)
+      end
+
+      test 'request is successful' do
+        assert_equal 200, response.status
+      end
+
+      test 'user should have been created' do
+        assert @resource
+      end
+
+      test 'user should be of the correct class' do
+        assert_equal User, @resource.class
+      end
+    end
+
+    def assert_expected_data
+      data_json = @response.body
+      data = ActiveSupport::JSON.decode(data_json)
+      expected_data = @resource.as_json.merge(controller.auth_params.as_json)
+      expected_data = {'success' => true, 'data' => ActiveSupport::JSON.decode(expected_data.to_json).merge("message" => "deliverCredentials")}
+      assert_equal(expected_data, data)
+    end
+
+    def get_success(params = {})
+      get_via_redirect '/auth/facebook_access_token', {
+        favorite_color: @fav_color,
+        name: @unpermitted_param
+      }.merge(params)
+      assert_equal 200, response.status
+      @resource = assigns(:resource)
+    end
+  end
+
   describe 'success callback' do
     setup do
       OmniAuth.config.mock_auth[:facebook] = OmniAuth::AuthHash.new({

diff --git a/test/dummy/config/initializers/omniauth.rb b/test/dummy/config/initializers/omniauth.rb
@@ -1,6 +1,7 @@
 Rails.application.config.middleware.use OmniAuth::Builder do |b|
   provider :github,        ENV['GITHUB_KEY'],   ENV['GITHUB_SECRET'],   scope: 'email,profile'
   provider :facebook,      ENV['FACEBOOK_KEY'], ENV['FACEBOOK_SECRET']
+  provider :facebook_access_token,      ENV['FACEBOOK_KEY'], ENV['FACEBOOK_SECRET']
   provider :google_oauth2, ENV['GOOGLE_KEY'],   ENV['GOOGLE_SECRET']
   provider :developer,
     :fields => [:first_name, :last_name],