NeoPass strategy interacts with dev NeoPass server, which is still WIP

In this change, we wire up a new NeoPass OAuth2 strategy for OmniAuth,
and hook up the "Log in with NeoPass" button to use it!

The authentication currently fails with `invalid_credentials`, and
shows the `owo` response we hardcoded into the NeoPass server's token
response. We need to finally follow up on the little `TODO` written in
there!
This commit is contained in:
Emi Matchu 2024-03-14 16:13:31 -07:00
parent 77057fe6a2
commit f483722af4
20 changed files with 61 additions and 9 deletions

View file

@ -27,6 +27,7 @@ gem 'devise', '~> 4.9', '>= 4.9.2'
gem 'devise-encryptable', '~> 0.2.0' gem 'devise-encryptable', '~> 0.2.0'
gem 'omniauth', '~> 2.1' gem 'omniauth', '~> 2.1'
gem 'omniauth-rails_csrf_protection', '~> 1.0' gem 'omniauth-rails_csrf_protection', '~> 1.0'
gem 'omniauth-oauth2', '~> 1.8'
# For pagination UI. # For pagination UI.
gem 'will_paginate', '~> 4.0' gem 'will_paginate', '~> 4.0'

View file

@ -155,6 +155,10 @@ GEM
process-metrics (~> 0.2.0) process-metrics (~> 0.2.0)
protocol-rack (~> 0.1) protocol-rack (~> 0.1)
samovar (~> 2.1) samovar (~> 2.1)
faraday (2.9.0)
faraday-net_http (>= 2.0, < 3.2)
faraday-net_http (3.1.0)
net-http
ffi (1.16.3) ffi (1.16.3)
fiber-annotation (0.2.0) fiber-annotation (0.2.0)
fiber-local (1.0.0) fiber-local (1.0.0)
@ -179,6 +183,8 @@ GEM
jsbundling-rails (1.3.0) jsbundling-rails (1.3.0)
railties (>= 6.0.0) railties (>= 6.0.0)
json (2.7.1) json (2.7.1)
jwt (2.8.1)
base64
launchy (2.5.2) launchy (2.5.2)
addressable (~> 2.8) addressable (~> 2.8)
letter_opener (1.9.0) letter_opener (1.9.0)
@ -202,6 +208,8 @@ GEM
multi_xml (0.6.0) multi_xml (0.6.0)
mutex_m (0.2.0) mutex_m (0.2.0)
mysql2 (0.5.6) mysql2 (0.5.6)
net-http (0.4.1)
uri
net-imap (0.4.10) net-imap (0.4.10)
date date
net-protocol net-protocol
@ -215,10 +223,20 @@ GEM
nokogiri (1.16.2) nokogiri (1.16.2)
mini_portile2 (~> 2.8.2) mini_portile2 (~> 2.8.2)
racc (~> 1.4) racc (~> 1.4)
oauth2 (2.0.9)
faraday (>= 0.17.3, < 3.0)
jwt (>= 1.0, < 3.0)
multi_xml (~> 0.5)
rack (>= 1.2, < 4)
snaky_hash (~> 2.0)
version_gem (~> 1.1)
omniauth (2.1.2) omniauth (2.1.2)
hashie (>= 3.4.6) hashie (>= 3.4.6)
rack (>= 2.2.3) rack (>= 2.2.3)
rack-protection rack-protection
omniauth-oauth2 (1.8.0)
oauth2 (>= 1.4, < 3)
omniauth (~> 2.0)
omniauth-rails_csrf_protection (1.0.1) omniauth-rails_csrf_protection (1.0.1)
actionpack (>= 4.2) actionpack (>= 4.2)
omniauth (~> 2.0) omniauth (~> 2.0)
@ -331,6 +349,9 @@ GEM
shell (0.8.1) shell (0.8.1)
e2mmap e2mmap
sync sync
snaky_hash (2.0.1)
hashie
version_gem (~> 1.1, >= 1.1.1)
sprockets (4.2.1) sprockets (4.2.1)
concurrent-ruby (~> 1.0) concurrent-ruby (~> 1.0)
rack (>= 2.2.4, < 4) rack (>= 2.2.4, < 4)
@ -358,6 +379,8 @@ GEM
railties (>= 6.0.0) railties (>= 6.0.0)
tzinfo (2.0.6) tzinfo (2.0.6)
concurrent-ruby (~> 1.0) concurrent-ruby (~> 1.0)
uri (0.13.0)
version_gem (1.1.3)
warden (1.2.9) warden (1.2.9)
rack (>= 2.0.9) rack (>= 2.0.9)
web-console (4.2.1) web-console (4.2.1)
@ -394,6 +417,7 @@ DEPENDENCIES
mysql2 (~> 0.5.5) mysql2 (~> 0.5.5)
nokogiri (~> 1.15, >= 1.15.3) nokogiri (~> 1.15, >= 1.15.3)
omniauth (~> 2.1) omniauth (~> 2.1)
omniauth-oauth2 (~> 1.8)
omniauth-rails_csrf_protection (~> 1.0) omniauth-rails_csrf_protection (~> 1.0)
parallel (~> 1.23) parallel (~> 1.23)
rack-attack (~> 6.7) rack-attack (~> 6.7)

View file

@ -1,8 +1,9 @@
class Devise::OmniauthCallbacksController < ApplicationController class Devise::OmniauthCallbacksController < ApplicationController
# See https://github.com/omniauth/omniauth/wiki/FAQ#rails-session-is-clobbered-after-callback-on-developer-strategy def neopass
skip_before_action :verify_authenticity_token, only: :developer
def developer
render plain: "Success!" render plain: "Success!"
end end
def failure
render plain: "Failure"
end
end end

View file

@ -3,7 +3,7 @@ class AuthUser < AuthRecord
devise :database_authenticatable, :encryptable, :registerable, :validatable, devise :database_authenticatable, :encryptable, :registerable, :validatable,
:rememberable, :trackable, :recoverable, :omniauthable, :rememberable, :trackable, :recoverable, :omniauthable,
omniauth_providers: [:developer] omniauth_providers: [:neopass]
validates :name, presence: true, uniqueness: {case_sensitive: false}, validates :name, presence: true, uniqueness: {case_sensitive: false},
length: {maximum: 20} length: {maximum: 20}

View file

@ -2,8 +2,8 @@
<% if @can_use_neopass %> <% if @can_use_neopass %>
<%= button_to "Log in with NeoPass", <%= button_to "Log in with NeoPass",
auth_user_developer_omniauth_authorize_path, auth_user_neopass_omniauth_authorize_path,
data: {turbo: false} # important for developer strategy data: {turbo: false} # Turbo can't handle this redirect!
%> %>
<% end %> <% end %>

View file

@ -119,4 +119,7 @@ Rails.application.configure do
# To see NeoPass features, add ?neopass=1 to relevant pages. # To see NeoPass features, add ?neopass=1 to relevant pages.
config.neopass_access_secret = "1" config.neopass_access_secret = "1"
# Use the local NeoPass development server.
config.neopass_origin = "http://localhost:8585"
end end

View file

@ -137,4 +137,7 @@ Rails.application.configure do
# To see NeoPass features, add ?neopass=<SECRET> to relevant pages. # To see NeoPass features, add ?neopass=<SECRET> to relevant pages.
config.neopass_access_secret = Rails.credentials.neopass.access_secret config.neopass_access_secret = Rails.credentials.neopass.access_secret
# Use the live NeoPass production server.
config.neopass_origin = "https://oidc.neopets.com"
end end

View file

@ -74,4 +74,7 @@ Rails.application.configure do
# To see NeoPass features, add ?neopass=1 to relevant pages. # To see NeoPass features, add ?neopass=1 to relevant pages.
config.neopass_access_secret = "1" config.neopass_access_secret = "1"
# Use the local NeoPass development server.
config.neopass_origin = "http://localhost:8585"
end end

View file

@ -1,4 +1,5 @@
# frozen_string_literal: true # frozen_string_literal: true
require "strategies/neopass"
# Assuming you have not yet modified this file, each configuration option below # Assuming you have not yet modified this file, each configuration option below
# is set to its default value. Note that some are commented out while others # is set to its default value. Note that some are commented out while others
@ -273,7 +274,7 @@ Devise.setup do |config|
# ==> OmniAuth # ==> OmniAuth
# Add a new OmniAuth provider. Check the wiki for more information on setting # Add a new OmniAuth provider. Check the wiki for more information on setting
# up on your models and hooks. # up on your models and hooks.
config.omniauth :developer config.omniauth :neopass, strategy_class: Strategies::NeoPass
# ==> Warden configuration # ==> Warden configuration
# If you want to use other strategies, that are not supported by Devise, or # If you want to use other strategies, that are not supported by Devise, or

View file

@ -15,7 +15,10 @@
# inflect.acronym "RESTful" # inflect.acronym "RESTful"
# end # end
# Teach Zeitwerk that `RocketAMF` is what to expect in `lib/rocketamf`.
ActiveSupport::Inflector.inflections(:en) do |inflect| ActiveSupport::Inflector.inflections(:en) do |inflect|
# Teach Zeitwerk that `RocketAMF` is what to expect in `lib/rocketamf`.
inflect.acronym "RocketAMF" inflect.acronym "RocketAMF"
# Teach Zeitwerk that "NeoPass" is what to expect in `neopass.rb`.
inflect.acronym "NeoPass"
end end

13
lib/strategies/neopass.rb Normal file
View file

@ -0,0 +1,13 @@
require "omniauth-oauth2"
module Strategies
class NeoPass < OmniAuth::Strategies::OAuth2
option :name, "neopass"
option :client_options, {
site: Rails.configuration.neopass_origin,
authorize_url: "/oauth2/auth",
token_url: "/oauth2/token",
}
end
end

BIN
vendor/cache/faraday-2.9.0.gem vendored Normal file

Binary file not shown.

BIN
vendor/cache/faraday-net_http-3.1.0.gem vendored Normal file

Binary file not shown.

BIN
vendor/cache/jwt-2.8.1.gem vendored Normal file

Binary file not shown.

BIN
vendor/cache/net-http-0.4.1.gem vendored Normal file

Binary file not shown.

BIN
vendor/cache/oauth2-2.0.9.gem vendored Normal file

Binary file not shown.

BIN
vendor/cache/omniauth-oauth2-1.8.0.gem vendored Normal file

Binary file not shown.

BIN
vendor/cache/snaky_hash-2.0.1.gem vendored Normal file

Binary file not shown.

BIN
vendor/cache/uri-0.13.0.gem vendored Normal file

Binary file not shown.

BIN
vendor/cache/version_gem-1.1.3.gem vendored Normal file

Binary file not shown.