Skip to content

Commit

Permalink
Update to Omniauth 2.x
Browse files Browse the repository at this point in the history 
This requires converting all use of the /auth endpoints
to use the POST method as GET is no longer supported.
  • Loading branch information
@tomhughes
tomhughes committed Feb 2, 2021
1 parent cea93e7 commit 5912a80
Show file tree
Hide file tree
Showing 9 changed files with 63 additions and 54 deletions.
2 changes: 1 addition & 1 deletion .rubocop_todo.yml
View file
Expand Up @@ -18,7 +18,7 @@ require:
# Configuration parameters: AutoCorrect, AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, IgnoredPatterns.
# URISchemes: http, https
Layout/LineLength:
Max: 248
Max: 254

# Offense count: 36
# Configuration parameters: AllowSafeAssignment.
Expand Down
3 changes: 2 additions & 1 deletion Gemfile
View file
Expand Up @@ -61,12 +61,13 @@ gem "quad_tile", "~> 1.0.1"
gem "rack-uri_sanitizer"

# Omniauth for authentication
gem "omniauth", "~> 1.9.1"
gem "omniauth", "~> 2.0.2"
gem "omniauth-facebook"
gem "omniauth-github"
gem "omniauth-google-oauth2", ">= 0.6.0"
gem "omniauth-mediawiki", ">= 0.0.4"
gem "omniauth-openid"
gem "omniauth-rails_csrf_protection", "~> 1.0"
gem "omniauth-windowslive"

# Markdown formatting support
Expand Down
17 changes: 12 additions & 5 deletions Gemfile.lock
View file
Expand Up @@ -287,14 +287,15 @@ GEM
multi_json (~> 1.3)
multi_xml (~> 0.5)
rack (>= 1.2, < 3)
omniauth (1.9.1)
omniauth (2.0.2)
hashie (>= 3.4.6)
rack (>= 1.6.2, < 3)
rack-protection
omniauth-facebook (8.0.0)
omniauth-oauth2 (~> 1.2)
omniauth-github (1.4.0)
omniauth (~> 1.5)
omniauth-oauth2 (>= 1.4.0, < 2.0)
omniauth-github (2.0.0)
omniauth (~> 2.0)
omniauth-oauth2 (~> 1.7.1)
omniauth-google-oauth2 (0.8.1)
jwt (>= 2.0)
oauth2 (~> 1.1)
Expand All @@ -312,6 +313,9 @@ GEM
omniauth-openid (2.0.1)
omniauth (>= 1.0, < 3.0)
rack-openid (~> 1.4.0)
omniauth-rails_csrf_protection (1.0.0)
actionpack (>= 4.2)
omniauth (~> 2.0)
omniauth-windowslive (0.0.12)
multi_json (~> 1.12)
omniauth-oauth2 (~> 1.4)
Expand All @@ -334,6 +338,8 @@ GEM
rack-openid (1.4.2)
rack (>= 1.1.0)
ruby-openid (>= 2.1.8)
rack-protection (2.1.0)
rack
rack-test (1.1.0)
rack (>= 1.0, < 3)
rack-uri_sanitizer (0.0.2)
Expand Down Expand Up @@ -510,12 +516,13 @@ DEPENDENCIES
mini_magick
minitest (~> 5.1)
oauth-plugin (>= 0.5.1)
omniauth (~> 1.9.1)
omniauth (~> 2.0.2)
omniauth-facebook
omniauth-github
omniauth-google-oauth2 (>= 0.6.0)
omniauth-mediawiki (>= 0.0.4)
omniauth-openid
omniauth-rails_csrf_protection (~> 1.0)
omniauth-windowslive
openstreetmap-deadlock_retry (>= 1.3.0)
pg
Expand Down
2 changes: 1 addition & 1 deletion app/controllers/users_controller.rb
View file
Expand Up @@ -260,7 +260,7 @@ def create
elsif current_user.auth_provider.present?
# Verify external authenticator before moving on
session[:new_user] = current_user
redirect_to auth_url(current_user.auth_provider, current_user.auth_uid)
redirect_to auth_url(current_user.auth_provider, current_user.auth_uid), :status => :temporary_redirect
else
# Save the user record
session[:new_user] = current_user
Expand Down
1 change: 1 addition & 0 deletions app/helpers/user_helper.rb
View file
Expand Up @@ -60,6 +60,7 @@ def auth_button(name, provider, options = {})
link_to(
image_tag("#{name}.svg", :alt => t("users.login.auth_providers.#{name}.alt"), :class => "rounded-lg"),
auth_path(options.merge(:provider => provider)),
:method => :post,
:class => "auth_button",
:title => t("users.login.auth_providers.#{name}.title")
)
Expand Down
2 changes: 1 addition & 1 deletion config/routes.rb
View file
Expand Up @@ -173,7 +173,7 @@
# omniauth
get "/auth/failure" => "users#auth_failure"
match "/auth/:provider/callback" => "users#auth_success", :via => [:get, :post], :as => :auth_success
match "/auth/:provider" => "users#auth", :via => [:get, :post], :as => :auth
post "/auth/:provider" => "users#auth", :as => :auth

# permalink
get "/go/:code" => "site#permalink", :code => /[a-zA-Z0-9_@~]+[=-]*/, :as => :permalink
Expand Down
4 changes: 2 additions & 2 deletions test/helpers/user_helper_test.rb
View file
Expand Up @@ -73,10 +73,10 @@ def test_openid_logo

def test_auth_button
button = auth_button("google", "google")
assert_equal("<a class=\"auth_button\" title=\"Login with Google\" href=\"/auth/google\"><img alt=\"Login with a Google OpenID\" class=\"rounded-lg\" src=\"/images/google.svg\" /></a>", button)
assert_equal("<a class=\"auth_button\" title=\"Login with Google\" rel=\"nofollow\" data-method=\"post\" href=\"/auth/google\"><img alt=\"Login with a Google OpenID\" class=\"rounded-lg\" src=\"/images/google.svg\" /></a>", button)

button = auth_button("yahoo", "openid", :openid_url => "yahoo.com")
assert_equal("<a class=\"auth_button\" title=\"Login with Yahoo\" href=\"/auth/openid?openid_url=yahoo\.com\"><img alt=\"Login with a Yahoo OpenID\" class=\"rounded-lg\" src=\"/images/yahoo.svg\" /></a>", button)
assert_equal("<a class=\"auth_button\" title=\"Login with Yahoo\" rel=\"nofollow\" data-method=\"post\" href=\"/auth/openid?openid_url=yahoo\.com\"><img alt=\"Login with a Yahoo OpenID\" class=\"rounded-lg\" src=\"/images/yahoo.svg\" /></a>", button)
end

private
Expand Down
36 changes: 18 additions & 18 deletions test/integration/user_creation_test.rb
View file
Expand Up @@ -243,7 +243,7 @@ def test_user_create_openid_success
:pass_crypt_confirmation => "" } }
assert_response :redirect
assert_redirected_to auth_path(:provider => "openid", :openid_url => "http://localhost:1123/new.tester", :origin => "/user/new")
follow_redirect!
post response.location
assert_response :redirect
assert_redirected_to auth_success_path(:provider => "openid", :openid_url => "http://localhost:1123/new.tester", :origin => "/user/new")
follow_redirect!
Expand Down Expand Up @@ -289,7 +289,7 @@ def test_user_create_openid_failure
:pass_crypt_confirmation => "" } }
assert_response :redirect
assert_redirected_to auth_path(:provider => "openid", :openid_url => "http://localhost:1123/new.tester", :origin => "/user/new")
follow_redirect!
post response.location
assert_response :redirect
assert_redirected_to auth_success_path(:provider => "openid", :openid_url => "http://localhost:1123/new.tester", :origin => "/user/new")
follow_redirect!
Expand Down Expand Up @@ -328,7 +328,7 @@ def test_user_create_openid_redirect
:referer => referer }
assert_response :redirect
assert_redirected_to auth_path(:provider => "openid", :openid_url => "http://localhost:1123/new.tester", :origin => "/user/new")
follow_redirect!
post response.location
assert_response :redirect
assert_redirected_to auth_success_path(:provider => "openid", :openid_url => "http://localhost:1123/new.tester", :origin => "/user/new")
follow_redirect!
Expand Down Expand Up @@ -397,7 +397,7 @@ def test_user_create_google_success
:pass_crypt_confirmation => "" } }
assert_response :redirect
assert_redirected_to auth_path(:provider => "google", :origin => "/user/new")
follow_redirect!
post response.location
assert_response :redirect
assert_redirected_to auth_success_path(:provider => "google")
follow_redirect!
Expand Down Expand Up @@ -442,7 +442,7 @@ def test_user_create_google_failure
:pass_crypt_confirmation => "" } }
assert_response :redirect
assert_redirected_to auth_path(:provider => "google", :origin => "/user/new")
follow_redirect!
post response.location
assert_response :redirect
assert_redirected_to auth_success_path(:provider => "google")
follow_redirect!
Expand Down Expand Up @@ -482,7 +482,7 @@ def test_user_create_google_redirect
:referer => referer }
assert_response :redirect
assert_redirected_to auth_path(:provider => "google", :origin => "/user/new")
follow_redirect!
post response.location
assert_response :redirect
assert_redirected_to auth_success_path(:provider => "google")
follow_redirect!
Expand Down Expand Up @@ -549,7 +549,7 @@ def test_user_create_facebook_success
:pass_crypt_confirmation => "" } }
assert_response :redirect
assert_redirected_to auth_path(:provider => "facebook", :origin => "/user/new")
follow_redirect!
post response.location
assert_response :redirect
assert_redirected_to auth_success_path(:provider => "facebook")
follow_redirect!
Expand Down Expand Up @@ -594,7 +594,7 @@ def test_user_create_facebook_failure
:pass_crypt_confirmation => "" } }
assert_response :redirect
assert_redirected_to auth_path(:provider => "facebook", :origin => "/user/new")
follow_redirect!
post response.location
assert_response :redirect
assert_redirected_to auth_success_path(:provider => "facebook")
follow_redirect!
Expand Down Expand Up @@ -632,7 +632,7 @@ def test_user_create_facebook_redirect
:referer => referer }
assert_response :redirect
assert_redirected_to auth_path(:provider => "facebook", :origin => "/user/new")
follow_redirect!
post response.location
assert_response :redirect
assert_redirected_to auth_success_path(:provider => "facebook")
follow_redirect!
Expand Down Expand Up @@ -699,7 +699,7 @@ def test_user_create_windowslive_success
:pass_crypt_confirmation => "" } }
assert_response :redirect
assert_redirected_to auth_path(:provider => "windowslive", :origin => "/user/new")
follow_redirect!
post response.location
assert_response :redirect
assert_redirected_to auth_success_path(:provider => "windowslive")
follow_redirect!
Expand Down Expand Up @@ -744,7 +744,7 @@ def test_user_create_windowslive_failure
:pass_crypt_confirmation => "" } }
assert_response :redirect
assert_redirected_to auth_path(:provider => "windowslive", :origin => "/user/new")
follow_redirect!
post response.location
assert_response :redirect
assert_redirected_to auth_success_path(:provider => "windowslive")
follow_redirect!
Expand Down Expand Up @@ -782,7 +782,7 @@ def test_user_create_windowslive_redirect
:referer => referer }
assert_response :redirect
assert_redirected_to auth_path(:provider => "windowslive", :origin => "/user/new")
follow_redirect!
post response.location
assert_response :redirect
assert_redirected_to auth_success_path(:provider => "windowslive")
follow_redirect!
Expand Down Expand Up @@ -849,7 +849,7 @@ def test_user_create_github_success
:pass_crypt_confirmation => "" } }
assert_response :redirect
assert_redirected_to auth_path(:provider => "github", :origin => "/user/new")
follow_redirect!
post response.location
assert_response :redirect
assert_redirected_to auth_success_path(:provider => "github")
follow_redirect!
Expand Down Expand Up @@ -895,7 +895,7 @@ def test_user_create_github_failure
:pass_crypt_confirmation => "" } }
assert_response :redirect
assert_redirected_to auth_path(:provider => "github", :origin => "/user/new")
follow_redirect!
post response.location
assert_response :redirect
assert_redirected_to auth_success_path(:provider => "github")
follow_redirect!
Expand Down Expand Up @@ -933,7 +933,7 @@ def test_user_create_github_redirect
:referer => referer }
assert_response :redirect
assert_redirected_to auth_path(:provider => "github", :origin => "/user/new")
follow_redirect!
post response.location
assert_response :redirect
assert_redirected_to auth_success_path(:provider => "github")
follow_redirect!
Expand Down Expand Up @@ -1001,7 +1001,7 @@ def test_user_create_wikipedia_success
:pass_crypt_confirmation => "" } }
assert_response :redirect
assert_redirected_to auth_path(:provider => "wikipedia", :origin => "/user/new")
follow_redirect!
post response.location
assert_response :redirect
assert_redirected_to auth_success_path(:provider => "wikipedia", :origin => "/user/new")
follow_redirect!
Expand Down Expand Up @@ -1047,7 +1047,7 @@ def test_user_create_wikipedia_failure
:pass_crypt_confirmation => "" } }
assert_response :redirect
assert_redirected_to auth_path(:provider => "wikipedia", :origin => "/user/new")
follow_redirect!
post response.location
assert_response :redirect
assert_redirected_to auth_success_path(:provider => "wikipedia", :origin => "/user/new")
follow_redirect!
Expand Down Expand Up @@ -1085,7 +1085,7 @@ def test_user_create_wikipedia_redirect
:referer => referer }
assert_response :redirect
assert_redirected_to auth_path(:provider => "wikipedia", :origin => "/user/new")
follow_redirect!
post response.location
assert_response :redirect
assert_redirected_to auth_success_path(:provider => "wikipedia", :origin => "/user/new")
follow_redirect!
Expand Down

0 comments on commit 5912a80

Please sign in to comment.