Merge pull request #5508 from Edouard-chin/ec-omniauth-allowed-methods

Use Omniauth.allowed_methods' as routing verbs for the auth path:

test/integration/omniauthable_test.rb

@@ -126,6 +126,28 @@ class OmniauthableIntegrationTest < Devise::IntegrationTest
     end
   end
 
+  test "authorization path via GET when Omniauth allowed_request_methods includes GET" do
+    original_allowed = OmniAuth.config.allowed_request_methods
+    OmniAuth.config.allowed_request_methods = [:get, :post]
+
+    get "/users/auth/facebook"
+
+    assert_response(:redirect)
+  ensure
+    OmniAuth.config.allowed_request_methods = original_allowed
+  end
+
+  test "authorization path via GET when Omniauth allowed_request_methods doesn't include GET" do
+    original_allowed = OmniAuth.config.allowed_request_methods
+    OmniAuth.config.allowed_request_methods = [:post]
+
+    assert_raises(ActionController::RoutingError) do
+      get "/users/auth/facebook"
+    end
+  ensure
+    OmniAuth.config.allowed_request_methods = original_allowed
+  end
+
   test "generates a link to authenticate with provider" do
     visit "/users/sign_in"
     assert_select "form[action=?][method=post]", "/users/auth/facebook" do