[B] Address OAuth regression

When we installed Draper to provide decorators to our mailers, we
inadvertently broke the OAuth controller. This is likely due to the
following issues in Draper, which do not appear to have been fully
solved in Draper 3.0.1.

Because this is the only place we use ActionView outside of Mailers,
for now we will just render the content from the controller. In the
future, if we need more view functionality, we'll use cells.

See:
rails/rails#27211
drapergem/draper#793

Fixes #1631

api/app/controllers/oauth_controller.rb

@@ -1,5 +1,4 @@
 class OauthController < ApplicationController
-  include ActionView::Rendering
 
   skip_after_action :set_content_type
 
@@ -11,11 +10,32 @@ def authorize
 
     @oauth_payload = ExternalAuth::Payload.new outcome
 
-    render layout: false
+    # rubocop:disable Rails/OutputSafety
+    render html: body.html_safe, layout: false
+    # rubocop:enable Rails/OutputSafety
   end
 
   private
 
+  def body
+    <<~HEREDOC
+      <!DOCTYPE html>
+      <html>
+        <head>
+          <title>Authentication successful!</title>
+          <style></style>
+        </head>
+        <body>
+          <h1>Authorization success!</h1>
+          <script type="text/javascript">
+            window.opener.postMessage(#{@oauth_payload.to_json}, "*");
+            window.close();
+          </script>
+        </body>
+      </html>
+    HEREDOC
+  end
+
   def omniauth_hash
     request.env["omniauth.auth"]
   end

api/spec/requests/oauth_spec.rb

@@ -0,0 +1,21 @@
+require "rails_helper"
+
+RSpec.describe "Oauth", type: :request do
+  describe "responds with a list of projects" do
+    before(:each) { get "/auth/google_oauth2/callback" }
+    describe "the response" do
+
+      it "has a non-blank body" do
+        expect(response.body.blank?).to be false
+      end
+
+      it "has a 200 status code" do
+        get api_v1_collections_path
+        expect(response).to have_http_status(200)
+      end
+
+
+    end
+  end
+
+end