Merge pull request #173 from pow-auth/ensure-user-map-is-returned

Ensure returned body for fetch_user is a map
pow-auth · Dec 29, 2024 · 3f1072a · 3f1072a
2 parents 6ca39c2 + 3a31b8e
commit 3f1072a
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 2 deletions.
diff --git a/lib/assent/strategies/oauth.ex b/lib/assent/strategies/oauth.ex
@@ -402,7 +402,7 @@ defmodule Assent.Strategy.OAuth do
   def fetch_user(config, token) do
     with {:ok, url} <- Config.fetch(config, :user_url) do
       case request(config, token, :get, url) do
-        {:ok, %HTTPResponse{status: 200, body: user}} ->
+        {:ok, %HTTPResponse{status: 200, body: user}} when is_map(user) ->
           {:ok, user}
 
         {:error, %HTTPResponse{status: 401} = response} ->

diff --git a/lib/assent/strategies/oauth2.ex b/lib/assent/strategies/oauth2.ex
@@ -475,7 +475,7 @@ defmodule Assent.Strategy.OAuth2 do
   def fetch_user(config, token, params \\ [], headers \\ []) do
     with {:ok, user_url} <- Config.fetch(config, :user_url) do
       case request(config, token, :get, user_url, params, headers) do
-        {:ok, %HTTPResponse{status: 200, body: user}} ->
+        {:ok, %HTTPResponse{status: 200, body: user}} when is_map(user) ->
           {:ok, user}
 
         {:error, %HTTPResponse{status: 401} = response} ->

diff --git a/test/assent/strategies/oauth2_test.exs b/test/assent/strategies/oauth2_test.exs
@@ -320,6 +320,18 @@ defmodule Assent.Strategy.OAuth2Test do
       assert error.response.body == %{"error" => "Unauthorized"}
     end
 
+    test "with `:user_url` not returning decoded map in body", %{
+      config: config,
+      callback_params: params
+    } do
+      expect_oauth2_access_token_request()
+      expect_oauth2_user_request("%")
+
+      assert {:error, %UnexpectedResponseError{} = error} = OAuth2.callback(config, params)
+      assert Exception.message(error) =~ "An unexpected response was received."
+      assert error.response.body == "%"
+    end
+
     @user_api_params %{name: "Dan Schultzer", email: "[email protected]", uid: "1"}
 
     test "with no auth method", %{config: config, callback_params: params} do

diff --git a/test/assent/strategies/oauth_test.exs b/test/assent/strategies/oauth_test.exs
@@ -475,6 +475,18 @@ defmodule Assent.Strategy.OAuthTest do
       assert error.response.body == %{"error" => "Unauthorized"}
     end
 
+    test "with `:user_url` not returning decoded map in body", %{
+      config: config,
+      callback_params: params
+    } do
+      expect_oauth_access_token_request()
+      expect_oauth_user_request("%")
+
+      assert {:error, %UnexpectedResponseError{} = error} = OAuth.callback(config, params)
+      assert Exception.message(error) =~ "An unexpected response was received."
+      assert error.response.body == "%"
+    end
+
     test "normalizes data", %{config: config, callback_params: callback_params} do
       access_token_url = TestServer.url("/access_token")