# prevents login action to be filtered by check_if_login_required application scope filter
skip_before_filter :check_if_login_required, :check_password_change
+ # Overrides ApplicationController#verify_authenticity_token to disable
+ # token verification on openid callbacks
+ def verify_authenticity_token
+ unless using_open_id?
+ super
+ end
+ end
+
# Login request and validation
def login
if request.get?
assert_select 'input[name=?][value=?]', 'user[identity_url]', 'http://openid.example.com/good_blank_user'
end
+ def test_post_login_should_not_verify_token_when_using_open_id
+ ActionController::Base.allow_forgery_protection = true
+ AccountController.any_instance.stubs(:using_open_id?).returns(true)
+ AccountController.any_instance.stubs(:authenticate_with_open_id).returns(true)
+ post :login
+ assert_response 200
+ ensure
+ ActionController::Base.allow_forgery_protection = false
+ end
+
def test_register_after_login_failure_should_not_require_user_to_enter_a_password
Setting.self_registration = '3'