1do*_*ski 6 authentication ruby-on-rails oauth devise twitter-oauth
将 Rails 和设备升级到 6。
更新此 CSRF 错误后https://github.com/heartcombo/devise/issues/5236到达:
Started POST "/users/auth/twitter" for ::1 at 2022-09-22 21:24:44 -0400
(twitter) Request phase initiated.
(twitter) Authentication failure! undefined method `downcase' for nil:NilClass
"#{u.scheme.downcase}://#{u.host.downcase}#{(u.scheme.casecmp("http").zero? && u.port != 80) || (u.scheme.casecmp("https").zero? && u.port != 443) ? ":#{u.port}" : ""}#{u.path && u.path != "" ? u.path : "/"}"
^^^^^^^^^: NoMethodError, undefined method `downcase' for nil:NilClass
Processing by Users::OmniauthCallbacksController#failure as HTML
宝石文件:
ruby "3.1.0"
gem 'rails', '6.0.3.1'
gem 'devise'
gem 'omniauth-facebook'
gem 'omniauth-twitter'
gem "omniauth-rails_csrf_protection", "~> 1.0"
带有 POST 的 CSRF 的 link_to,以前是 GET
<%= link_to "Log In" user_twitter_omniauth_authorize_path method: :post, "data-turbo": false %>
在omniauth.rb中
include Devise::OmniAuth::UrlHelpers
OmniAuth.config.allowed_request_methods = [:post]
OmniAuth.config.logger = Rails.logger if Rails.env.development?
OmniAuth.config.full_host = Rails.env.production? ? 'https://www.website.com' : 'http://localhost:3000'
Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook, ENV["FACEBOOK_KEY"], ENV["FACEBOOK_SECRET"], callback_url: ENV["FACEBOOK_CALLBACK"]
provider :twitter, ENV['TWITTER_API_KEY'], ENV['TWITTER_API_SECRET'], {
secure_image_url: true,
image_size: 'original'
}
provider :apple, ENV['APPLE_CLIENT_ID'], '', {
scope: 'email name',
team_id: ENV['APPLE_TEAM_ID'],
key_id: ENV['APPLE_KEY_ID'],
pem: Base64.strict_decode64(ENV['APPLE_P8_BASE64'])
}
end
class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
def self.provides_callback_for(provider)
class_eval %Q{
def #{provider}
@user = User.find_for_oauth(request.env["omniauth.auth"], current_user)
skip_authorization
authorize @user, policy_class: OmniauthCallbackPolicy
if @user.persisted?
@user.remember_me
sign_in_and_redirect @user, event: :authentication
set_flash_message(:notice, :success, kind: "#{provider}".capitalize) if is_navigational_format?
else
session["devise.#{provider}_data"] = request.env["omniauth.auth"]
redirect_to new_user_registration_url
end
end
}
end
[:twitter, :facebook, :apple].each do |provider|
provides_callback_for provider
end
def failure
redirect_to root_path
end
end
路线.rb
devise_for :users, defaults: { format: :html }, controllers: { omniauth_callbacks: 'users/omniauth_callbacks', passwords: 'users/passwords' }
错误的代码行似乎在这里定义https://rubydoc.info/gems/oauth/0.5.5/OAuth%2FRequestProxy%2FBase:normalized_uri
要解决这个问题,只需将oauth gem升级到最新版本即可。
bundle update oauth
最近升级后我遇到了同样的问题,但就我而言,我的模型不是用devise管理的,所以我决定进一步研究;在回溯之后对所涉及的 gems 进行了长时间的调试会话后,我在模块上initialize的类方法中发现了一个错误ConsumerOAuthoauth-1.0.0/lib/oauth/consumer.rb
# ensure that keys are symbols
@options = @@default_options.merge(options.transform_keys(&:to_sym))
问题是在mergekeysite和authorize_pathof之后@@default_options仍然被定义为字符串
{"authorize_path"=>"/oauth/authenticate", "site"=>"https://api.twitter.com", "proxy"=>nil}
因此,接收这些选项参数的其余代码和库无法正确找到用于获取端点的选项[:site],从而返回类似于以下内容的内容:
http://:80/request_token
正如预期的那样,用URI.parsein 方法中完成的oauth_full_request_uri方法解析该字符串oauth-1.0.0/lib/oauth/client/net_http.rb根本不返回任何主机,并引发问题中提到的错误。
所以我决定做这个小小的改变,一切又恢复正常了。
@options = @@default_options.merge(options).transform_keys(&:to_sym)
我正准备提出拉取请求来帮助解决这个问题,我发现该库的作者将存储库移至了 GitLab,并且还发现他已经在使用该库的最新版本中解决了这个问题 XD snaky_hash,请看这里:
https://gitlab.com/oauth-xx/oauth/-/commit/7110a74690729b9abf8005cf0f58eedfc64f6ca3
所以仅仅更新 gem 就足够了。我希望这对你们有帮助!
| 归档时间: |
|
| 查看次数: |
479 次 |
| 最近记录: |