From d8e5ab529105ed5d27321092a76d89eff4503100 Mon Sep 17 00:00:00 2001
From: nov <nov@matake.jp>
Date: Tue, 4 Feb 2025 18:42:26 +0900
Subject: [PATCH] avoid double rendering on "prompt=login consent"

---
 lib/doorkeeper/openid_connect/helpers/controller.rb          | 2 +-
 .../controllers/doorkeeper/authorizations_controller_spec.rb | 5 ++---
 spec/dummy/config/initializers/doorkeeper_openid_connect.rb  | 4 ++++
 3 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/lib/doorkeeper/openid_connect/helpers/controller.rb b/lib/doorkeeper/openid_connect/helpers/controller.rb
index 003d5af..9fccab7 100644
--- a/lib/doorkeeper/openid_connect/helpers/controller.rb
+++ b/lib/doorkeeper/openid_connect/helpers/controller.rb
@@ -67,7 +67,7 @@ def handle_oidc_error!(exception)
         def handle_oidc_prompt_param!(owner)
           prompt_values ||= params[:prompt].to_s.split(/ +/).uniq
 
-          priority = ['none', 'login', 'consent', 'select_account']
+          priority = ['none', 'consent', 'login', 'select_account']
           prompt_values.sort_by! do |prompt|
             priority.find_index(prompt).to_i
           end
diff --git a/spec/controllers/doorkeeper/authorizations_controller_spec.rb b/spec/controllers/doorkeeper/authorizations_controller_spec.rb
index 59721b8..1cd1dad 100644
--- a/spec/controllers/doorkeeper/authorizations_controller_spec.rb
+++ b/spec/controllers/doorkeeper/authorizations_controller_spec.rb
@@ -307,9 +307,8 @@ def expect_successful_callback!
 
       # FIXME:
       it 'when login+consent' do
-        expect do
-          authorize! prompt: 'login consent'
-        end.to raise_error AbstractController::DoubleRenderError
+        authorize! prompt: 'login consent'
+        expect(response).to redirect_to('/reauthenticate')
       end
     end
 
diff --git a/spec/dummy/config/initializers/doorkeeper_openid_connect.rb b/spec/dummy/config/initializers/doorkeeper_openid_connect.rb
index 4af0643..68bb84c 100644
--- a/spec/dummy/config/initializers/doorkeeper_openid_connect.rb
+++ b/spec/dummy/config/initializers/doorkeeper_openid_connect.rb
@@ -44,6 +44,10 @@
   end
 
   reauthenticate_resource_owner do |_resource_owner, _return_to|
+    # NOTE: avoid double rendering
+    # ref. /~https://github.com/doorkeeper-gem/doorkeeper-openid_connect/blob/88f2df8ec0f934611070def307afb24ac67a2f76/lib/generators/doorkeeper/openid_connect/templates/initializer.rb#L33-L38
+    self.response_body = nil
+    @_response_body = nil
     redirect_to '/reauthenticate'
   end