NeoPass strategy interacts with dev NeoPass server, which is still WIP
In this change, we wire up a new NeoPass OAuth2 strategy for OmniAuth, and hook up the "Log in with NeoPass" button to use it! The authentication currently fails with `invalid_credentials`, and shows the `owo` response we hardcoded into the NeoPass server's token response. We need to finally follow up on the little `TODO` written in there!
This commit is contained in:
parent
77057fe6a2
commit
f483722af4
20 changed files with 61 additions and 9 deletions
1
Gemfile
1
Gemfile
|
@ -27,6 +27,7 @@ gem 'devise', '~> 4.9', '>= 4.9.2'
|
|||
gem 'devise-encryptable', '~> 0.2.0'
|
||||
gem 'omniauth', '~> 2.1'
|
||||
gem 'omniauth-rails_csrf_protection', '~> 1.0'
|
||||
gem 'omniauth-oauth2', '~> 1.8'
|
||||
|
||||
# For pagination UI.
|
||||
gem 'will_paginate', '~> 4.0'
|
||||
|
|
24
Gemfile.lock
24
Gemfile.lock
|
@ -155,6 +155,10 @@ GEM
|
|||
process-metrics (~> 0.2.0)
|
||||
protocol-rack (~> 0.1)
|
||||
samovar (~> 2.1)
|
||||
faraday (2.9.0)
|
||||
faraday-net_http (>= 2.0, < 3.2)
|
||||
faraday-net_http (3.1.0)
|
||||
net-http
|
||||
ffi (1.16.3)
|
||||
fiber-annotation (0.2.0)
|
||||
fiber-local (1.0.0)
|
||||
|
@ -179,6 +183,8 @@ GEM
|
|||
jsbundling-rails (1.3.0)
|
||||
railties (>= 6.0.0)
|
||||
json (2.7.1)
|
||||
jwt (2.8.1)
|
||||
base64
|
||||
launchy (2.5.2)
|
||||
addressable (~> 2.8)
|
||||
letter_opener (1.9.0)
|
||||
|
@ -202,6 +208,8 @@ GEM
|
|||
multi_xml (0.6.0)
|
||||
mutex_m (0.2.0)
|
||||
mysql2 (0.5.6)
|
||||
net-http (0.4.1)
|
||||
uri
|
||||
net-imap (0.4.10)
|
||||
date
|
||||
net-protocol
|
||||
|
@ -215,10 +223,20 @@ GEM
|
|||
nokogiri (1.16.2)
|
||||
mini_portile2 (~> 2.8.2)
|
||||
racc (~> 1.4)
|
||||
oauth2 (2.0.9)
|
||||
faraday (>= 0.17.3, < 3.0)
|
||||
jwt (>= 1.0, < 3.0)
|
||||
multi_xml (~> 0.5)
|
||||
rack (>= 1.2, < 4)
|
||||
snaky_hash (~> 2.0)
|
||||
version_gem (~> 1.1)
|
||||
omniauth (2.1.2)
|
||||
hashie (>= 3.4.6)
|
||||
rack (>= 2.2.3)
|
||||
rack-protection
|
||||
omniauth-oauth2 (1.8.0)
|
||||
oauth2 (>= 1.4, < 3)
|
||||
omniauth (~> 2.0)
|
||||
omniauth-rails_csrf_protection (1.0.1)
|
||||
actionpack (>= 4.2)
|
||||
omniauth (~> 2.0)
|
||||
|
@ -331,6 +349,9 @@ GEM
|
|||
shell (0.8.1)
|
||||
e2mmap
|
||||
sync
|
||||
snaky_hash (2.0.1)
|
||||
hashie
|
||||
version_gem (~> 1.1, >= 1.1.1)
|
||||
sprockets (4.2.1)
|
||||
concurrent-ruby (~> 1.0)
|
||||
rack (>= 2.2.4, < 4)
|
||||
|
@ -358,6 +379,8 @@ GEM
|
|||
railties (>= 6.0.0)
|
||||
tzinfo (2.0.6)
|
||||
concurrent-ruby (~> 1.0)
|
||||
uri (0.13.0)
|
||||
version_gem (1.1.3)
|
||||
warden (1.2.9)
|
||||
rack (>= 2.0.9)
|
||||
web-console (4.2.1)
|
||||
|
@ -394,6 +417,7 @@ DEPENDENCIES
|
|||
mysql2 (~> 0.5.5)
|
||||
nokogiri (~> 1.15, >= 1.15.3)
|
||||
omniauth (~> 2.1)
|
||||
omniauth-oauth2 (~> 1.8)
|
||||
omniauth-rails_csrf_protection (~> 1.0)
|
||||
parallel (~> 1.23)
|
||||
rack-attack (~> 6.7)
|
||||
|
|
|
@ -1,8 +1,9 @@
|
|||
class Devise::OmniauthCallbacksController < ApplicationController
|
||||
# See https://github.com/omniauth/omniauth/wiki/FAQ#rails-session-is-clobbered-after-callback-on-developer-strategy
|
||||
skip_before_action :verify_authenticity_token, only: :developer
|
||||
|
||||
def developer
|
||||
def neopass
|
||||
render plain: "Success!"
|
||||
end
|
||||
|
||||
def failure
|
||||
render plain: "Failure"
|
||||
end
|
||||
end
|
||||
|
|
|
@ -3,7 +3,7 @@ class AuthUser < AuthRecord
|
|||
|
||||
devise :database_authenticatable, :encryptable, :registerable, :validatable,
|
||||
:rememberable, :trackable, :recoverable, :omniauthable,
|
||||
omniauth_providers: [:developer]
|
||||
omniauth_providers: [:neopass]
|
||||
|
||||
validates :name, presence: true, uniqueness: {case_sensitive: false},
|
||||
length: {maximum: 20}
|
||||
|
|
|
@ -2,8 +2,8 @@
|
|||
|
||||
<% if @can_use_neopass %>
|
||||
<%= button_to "Log in with NeoPass",
|
||||
auth_user_developer_omniauth_authorize_path,
|
||||
data: {turbo: false} # important for developer strategy
|
||||
auth_user_neopass_omniauth_authorize_path,
|
||||
data: {turbo: false} # Turbo can't handle this redirect!
|
||||
%>
|
||||
<% end %>
|
||||
|
||||
|
|
|
@ -119,4 +119,7 @@ Rails.application.configure do
|
|||
|
||||
# To see NeoPass features, add ?neopass=1 to relevant pages.
|
||||
config.neopass_access_secret = "1"
|
||||
|
||||
# Use the local NeoPass development server.
|
||||
config.neopass_origin = "http://localhost:8585"
|
||||
end
|
||||
|
|
|
@ -137,4 +137,7 @@ Rails.application.configure do
|
|||
|
||||
# To see NeoPass features, add ?neopass=<SECRET> to relevant pages.
|
||||
config.neopass_access_secret = Rails.credentials.neopass.access_secret
|
||||
|
||||
# Use the live NeoPass production server.
|
||||
config.neopass_origin = "https://oidc.neopets.com"
|
||||
end
|
||||
|
|
|
@ -74,4 +74,7 @@ Rails.application.configure do
|
|||
|
||||
# To see NeoPass features, add ?neopass=1 to relevant pages.
|
||||
config.neopass_access_secret = "1"
|
||||
|
||||
# Use the local NeoPass development server.
|
||||
config.neopass_origin = "http://localhost:8585"
|
||||
end
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
# frozen_string_literal: true
|
||||
require "strategies/neopass"
|
||||
|
||||
# Assuming you have not yet modified this file, each configuration option below
|
||||
# is set to its default value. Note that some are commented out while others
|
||||
|
@ -273,7 +274,7 @@ Devise.setup do |config|
|
|||
# ==> OmniAuth
|
||||
# Add a new OmniAuth provider. Check the wiki for more information on setting
|
||||
# up on your models and hooks.
|
||||
config.omniauth :developer
|
||||
config.omniauth :neopass, strategy_class: Strategies::NeoPass
|
||||
|
||||
# ==> Warden configuration
|
||||
# If you want to use other strategies, that are not supported by Devise, or
|
||||
|
|
|
@ -15,7 +15,10 @@
|
|||
# inflect.acronym "RESTful"
|
||||
# end
|
||||
|
||||
# Teach Zeitwerk that `RocketAMF` is what to expect in `lib/rocketamf`.
|
||||
ActiveSupport::Inflector.inflections(:en) do |inflect|
|
||||
# Teach Zeitwerk that `RocketAMF` is what to expect in `lib/rocketamf`.
|
||||
inflect.acronym "RocketAMF"
|
||||
|
||||
# Teach Zeitwerk that "NeoPass" is what to expect in `neopass.rb`.
|
||||
inflect.acronym "NeoPass"
|
||||
end
|
||||
|
|
13
lib/strategies/neopass.rb
Normal file
13
lib/strategies/neopass.rb
Normal file
|
@ -0,0 +1,13 @@
|
|||
require "omniauth-oauth2"
|
||||
|
||||
module Strategies
|
||||
class NeoPass < OmniAuth::Strategies::OAuth2
|
||||
option :name, "neopass"
|
||||
|
||||
option :client_options, {
|
||||
site: Rails.configuration.neopass_origin,
|
||||
authorize_url: "/oauth2/auth",
|
||||
token_url: "/oauth2/token",
|
||||
}
|
||||
end
|
||||
end
|
BIN
vendor/cache/faraday-2.9.0.gem
vendored
Normal file
BIN
vendor/cache/faraday-2.9.0.gem
vendored
Normal file
Binary file not shown.
BIN
vendor/cache/faraday-net_http-3.1.0.gem
vendored
Normal file
BIN
vendor/cache/faraday-net_http-3.1.0.gem
vendored
Normal file
Binary file not shown.
BIN
vendor/cache/jwt-2.8.1.gem
vendored
Normal file
BIN
vendor/cache/jwt-2.8.1.gem
vendored
Normal file
Binary file not shown.
BIN
vendor/cache/net-http-0.4.1.gem
vendored
Normal file
BIN
vendor/cache/net-http-0.4.1.gem
vendored
Normal file
Binary file not shown.
BIN
vendor/cache/oauth2-2.0.9.gem
vendored
Normal file
BIN
vendor/cache/oauth2-2.0.9.gem
vendored
Normal file
Binary file not shown.
BIN
vendor/cache/omniauth-oauth2-1.8.0.gem
vendored
Normal file
BIN
vendor/cache/omniauth-oauth2-1.8.0.gem
vendored
Normal file
Binary file not shown.
BIN
vendor/cache/snaky_hash-2.0.1.gem
vendored
Normal file
BIN
vendor/cache/snaky_hash-2.0.1.gem
vendored
Normal file
Binary file not shown.
BIN
vendor/cache/uri-0.13.0.gem
vendored
Normal file
BIN
vendor/cache/uri-0.13.0.gem
vendored
Normal file
Binary file not shown.
BIN
vendor/cache/version_gem-1.1.3.gem
vendored
Normal file
BIN
vendor/cache/version_gem-1.1.3.gem
vendored
Normal file
Binary file not shown.
Loading…
Reference in a new issue