forked from OpenNeo/impress
NeoPass strategy interacts with dev NeoPass server, which is still WIP
In this change, we wire up a new NeoPass OAuth2 strategy for OmniAuth, and hook up the "Log in with NeoPass" button to use it! The authentication currently fails with `invalid_credentials`, and shows the `owo` response we hardcoded into the NeoPass server's token response. We need to finally follow up on the little `TODO` written in there!
This commit is contained in:
parent
77057fe6a2
commit
f483722af4
20 changed files with 61 additions and 9 deletions
1
Gemfile
1
Gemfile
|
@ -27,6 +27,7 @@ gem 'devise', '~> 4.9', '>= 4.9.2'
|
||||||
gem 'devise-encryptable', '~> 0.2.0'
|
gem 'devise-encryptable', '~> 0.2.0'
|
||||||
gem 'omniauth', '~> 2.1'
|
gem 'omniauth', '~> 2.1'
|
||||||
gem 'omniauth-rails_csrf_protection', '~> 1.0'
|
gem 'omniauth-rails_csrf_protection', '~> 1.0'
|
||||||
|
gem 'omniauth-oauth2', '~> 1.8'
|
||||||
|
|
||||||
# For pagination UI.
|
# For pagination UI.
|
||||||
gem 'will_paginate', '~> 4.0'
|
gem 'will_paginate', '~> 4.0'
|
||||||
|
|
24
Gemfile.lock
24
Gemfile.lock
|
@ -155,6 +155,10 @@ GEM
|
||||||
process-metrics (~> 0.2.0)
|
process-metrics (~> 0.2.0)
|
||||||
protocol-rack (~> 0.1)
|
protocol-rack (~> 0.1)
|
||||||
samovar (~> 2.1)
|
samovar (~> 2.1)
|
||||||
|
faraday (2.9.0)
|
||||||
|
faraday-net_http (>= 2.0, < 3.2)
|
||||||
|
faraday-net_http (3.1.0)
|
||||||
|
net-http
|
||||||
ffi (1.16.3)
|
ffi (1.16.3)
|
||||||
fiber-annotation (0.2.0)
|
fiber-annotation (0.2.0)
|
||||||
fiber-local (1.0.0)
|
fiber-local (1.0.0)
|
||||||
|
@ -179,6 +183,8 @@ GEM
|
||||||
jsbundling-rails (1.3.0)
|
jsbundling-rails (1.3.0)
|
||||||
railties (>= 6.0.0)
|
railties (>= 6.0.0)
|
||||||
json (2.7.1)
|
json (2.7.1)
|
||||||
|
jwt (2.8.1)
|
||||||
|
base64
|
||||||
launchy (2.5.2)
|
launchy (2.5.2)
|
||||||
addressable (~> 2.8)
|
addressable (~> 2.8)
|
||||||
letter_opener (1.9.0)
|
letter_opener (1.9.0)
|
||||||
|
@ -202,6 +208,8 @@ GEM
|
||||||
multi_xml (0.6.0)
|
multi_xml (0.6.0)
|
||||||
mutex_m (0.2.0)
|
mutex_m (0.2.0)
|
||||||
mysql2 (0.5.6)
|
mysql2 (0.5.6)
|
||||||
|
net-http (0.4.1)
|
||||||
|
uri
|
||||||
net-imap (0.4.10)
|
net-imap (0.4.10)
|
||||||
date
|
date
|
||||||
net-protocol
|
net-protocol
|
||||||
|
@ -215,10 +223,20 @@ GEM
|
||||||
nokogiri (1.16.2)
|
nokogiri (1.16.2)
|
||||||
mini_portile2 (~> 2.8.2)
|
mini_portile2 (~> 2.8.2)
|
||||||
racc (~> 1.4)
|
racc (~> 1.4)
|
||||||
|
oauth2 (2.0.9)
|
||||||
|
faraday (>= 0.17.3, < 3.0)
|
||||||
|
jwt (>= 1.0, < 3.0)
|
||||||
|
multi_xml (~> 0.5)
|
||||||
|
rack (>= 1.2, < 4)
|
||||||
|
snaky_hash (~> 2.0)
|
||||||
|
version_gem (~> 1.1)
|
||||||
omniauth (2.1.2)
|
omniauth (2.1.2)
|
||||||
hashie (>= 3.4.6)
|
hashie (>= 3.4.6)
|
||||||
rack (>= 2.2.3)
|
rack (>= 2.2.3)
|
||||||
rack-protection
|
rack-protection
|
||||||
|
omniauth-oauth2 (1.8.0)
|
||||||
|
oauth2 (>= 1.4, < 3)
|
||||||
|
omniauth (~> 2.0)
|
||||||
omniauth-rails_csrf_protection (1.0.1)
|
omniauth-rails_csrf_protection (1.0.1)
|
||||||
actionpack (>= 4.2)
|
actionpack (>= 4.2)
|
||||||
omniauth (~> 2.0)
|
omniauth (~> 2.0)
|
||||||
|
@ -331,6 +349,9 @@ GEM
|
||||||
shell (0.8.1)
|
shell (0.8.1)
|
||||||
e2mmap
|
e2mmap
|
||||||
sync
|
sync
|
||||||
|
snaky_hash (2.0.1)
|
||||||
|
hashie
|
||||||
|
version_gem (~> 1.1, >= 1.1.1)
|
||||||
sprockets (4.2.1)
|
sprockets (4.2.1)
|
||||||
concurrent-ruby (~> 1.0)
|
concurrent-ruby (~> 1.0)
|
||||||
rack (>= 2.2.4, < 4)
|
rack (>= 2.2.4, < 4)
|
||||||
|
@ -358,6 +379,8 @@ GEM
|
||||||
railties (>= 6.0.0)
|
railties (>= 6.0.0)
|
||||||
tzinfo (2.0.6)
|
tzinfo (2.0.6)
|
||||||
concurrent-ruby (~> 1.0)
|
concurrent-ruby (~> 1.0)
|
||||||
|
uri (0.13.0)
|
||||||
|
version_gem (1.1.3)
|
||||||
warden (1.2.9)
|
warden (1.2.9)
|
||||||
rack (>= 2.0.9)
|
rack (>= 2.0.9)
|
||||||
web-console (4.2.1)
|
web-console (4.2.1)
|
||||||
|
@ -394,6 +417,7 @@ DEPENDENCIES
|
||||||
mysql2 (~> 0.5.5)
|
mysql2 (~> 0.5.5)
|
||||||
nokogiri (~> 1.15, >= 1.15.3)
|
nokogiri (~> 1.15, >= 1.15.3)
|
||||||
omniauth (~> 2.1)
|
omniauth (~> 2.1)
|
||||||
|
omniauth-oauth2 (~> 1.8)
|
||||||
omniauth-rails_csrf_protection (~> 1.0)
|
omniauth-rails_csrf_protection (~> 1.0)
|
||||||
parallel (~> 1.23)
|
parallel (~> 1.23)
|
||||||
rack-attack (~> 6.7)
|
rack-attack (~> 6.7)
|
||||||
|
|
|
@ -1,8 +1,9 @@
|
||||||
class Devise::OmniauthCallbacksController < ApplicationController
|
class Devise::OmniauthCallbacksController < ApplicationController
|
||||||
# See https://github.com/omniauth/omniauth/wiki/FAQ#rails-session-is-clobbered-after-callback-on-developer-strategy
|
def neopass
|
||||||
skip_before_action :verify_authenticity_token, only: :developer
|
|
||||||
|
|
||||||
def developer
|
|
||||||
render plain: "Success!"
|
render plain: "Success!"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def failure
|
||||||
|
render plain: "Failure"
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -3,7 +3,7 @@ class AuthUser < AuthRecord
|
||||||
|
|
||||||
devise :database_authenticatable, :encryptable, :registerable, :validatable,
|
devise :database_authenticatable, :encryptable, :registerable, :validatable,
|
||||||
:rememberable, :trackable, :recoverable, :omniauthable,
|
:rememberable, :trackable, :recoverable, :omniauthable,
|
||||||
omniauth_providers: [:developer]
|
omniauth_providers: [:neopass]
|
||||||
|
|
||||||
validates :name, presence: true, uniqueness: {case_sensitive: false},
|
validates :name, presence: true, uniqueness: {case_sensitive: false},
|
||||||
length: {maximum: 20}
|
length: {maximum: 20}
|
||||||
|
|
|
@ -2,8 +2,8 @@
|
||||||
|
|
||||||
<% if @can_use_neopass %>
|
<% if @can_use_neopass %>
|
||||||
<%= button_to "Log in with NeoPass",
|
<%= button_to "Log in with NeoPass",
|
||||||
auth_user_developer_omniauth_authorize_path,
|
auth_user_neopass_omniauth_authorize_path,
|
||||||
data: {turbo: false} # important for developer strategy
|
data: {turbo: false} # Turbo can't handle this redirect!
|
||||||
%>
|
%>
|
||||||
<% end %>
|
<% end %>
|
||||||
|
|
||||||
|
|
|
@ -119,4 +119,7 @@ Rails.application.configure do
|
||||||
|
|
||||||
# To see NeoPass features, add ?neopass=1 to relevant pages.
|
# To see NeoPass features, add ?neopass=1 to relevant pages.
|
||||||
config.neopass_access_secret = "1"
|
config.neopass_access_secret = "1"
|
||||||
|
|
||||||
|
# Use the local NeoPass development server.
|
||||||
|
config.neopass_origin = "http://localhost:8585"
|
||||||
end
|
end
|
||||||
|
|
|
@ -137,4 +137,7 @@ Rails.application.configure do
|
||||||
|
|
||||||
# To see NeoPass features, add ?neopass=<SECRET> to relevant pages.
|
# To see NeoPass features, add ?neopass=<SECRET> to relevant pages.
|
||||||
config.neopass_access_secret = Rails.credentials.neopass.access_secret
|
config.neopass_access_secret = Rails.credentials.neopass.access_secret
|
||||||
|
|
||||||
|
# Use the live NeoPass production server.
|
||||||
|
config.neopass_origin = "https://oidc.neopets.com"
|
||||||
end
|
end
|
||||||
|
|
|
@ -74,4 +74,7 @@ Rails.application.configure do
|
||||||
|
|
||||||
# To see NeoPass features, add ?neopass=1 to relevant pages.
|
# To see NeoPass features, add ?neopass=1 to relevant pages.
|
||||||
config.neopass_access_secret = "1"
|
config.neopass_access_secret = "1"
|
||||||
|
|
||||||
|
# Use the local NeoPass development server.
|
||||||
|
config.neopass_origin = "http://localhost:8585"
|
||||||
end
|
end
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
require "strategies/neopass"
|
||||||
|
|
||||||
# Assuming you have not yet modified this file, each configuration option below
|
# Assuming you have not yet modified this file, each configuration option below
|
||||||
# is set to its default value. Note that some are commented out while others
|
# is set to its default value. Note that some are commented out while others
|
||||||
|
@ -273,7 +274,7 @@ Devise.setup do |config|
|
||||||
# ==> OmniAuth
|
# ==> OmniAuth
|
||||||
# Add a new OmniAuth provider. Check the wiki for more information on setting
|
# Add a new OmniAuth provider. Check the wiki for more information on setting
|
||||||
# up on your models and hooks.
|
# up on your models and hooks.
|
||||||
config.omniauth :developer
|
config.omniauth :neopass, strategy_class: Strategies::NeoPass
|
||||||
|
|
||||||
# ==> Warden configuration
|
# ==> Warden configuration
|
||||||
# If you want to use other strategies, that are not supported by Devise, or
|
# If you want to use other strategies, that are not supported by Devise, or
|
||||||
|
|
|
@ -15,7 +15,10 @@
|
||||||
# inflect.acronym "RESTful"
|
# inflect.acronym "RESTful"
|
||||||
# end
|
# end
|
||||||
|
|
||||||
# Teach Zeitwerk that `RocketAMF` is what to expect in `lib/rocketamf`.
|
|
||||||
ActiveSupport::Inflector.inflections(:en) do |inflect|
|
ActiveSupport::Inflector.inflections(:en) do |inflect|
|
||||||
|
# Teach Zeitwerk that `RocketAMF` is what to expect in `lib/rocketamf`.
|
||||||
inflect.acronym "RocketAMF"
|
inflect.acronym "RocketAMF"
|
||||||
|
|
||||||
|
# Teach Zeitwerk that "NeoPass" is what to expect in `neopass.rb`.
|
||||||
|
inflect.acronym "NeoPass"
|
||||||
end
|
end
|
||||||
|
|
13
lib/strategies/neopass.rb
Normal file
13
lib/strategies/neopass.rb
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
require "omniauth-oauth2"
|
||||||
|
|
||||||
|
module Strategies
|
||||||
|
class NeoPass < OmniAuth::Strategies::OAuth2
|
||||||
|
option :name, "neopass"
|
||||||
|
|
||||||
|
option :client_options, {
|
||||||
|
site: Rails.configuration.neopass_origin,
|
||||||
|
authorize_url: "/oauth2/auth",
|
||||||
|
token_url: "/oauth2/token",
|
||||||
|
}
|
||||||
|
end
|
||||||
|
end
|
BIN
vendor/cache/faraday-2.9.0.gem
vendored
Normal file
BIN
vendor/cache/faraday-2.9.0.gem
vendored
Normal file
Binary file not shown.
BIN
vendor/cache/faraday-net_http-3.1.0.gem
vendored
Normal file
BIN
vendor/cache/faraday-net_http-3.1.0.gem
vendored
Normal file
Binary file not shown.
BIN
vendor/cache/jwt-2.8.1.gem
vendored
Normal file
BIN
vendor/cache/jwt-2.8.1.gem
vendored
Normal file
Binary file not shown.
BIN
vendor/cache/net-http-0.4.1.gem
vendored
Normal file
BIN
vendor/cache/net-http-0.4.1.gem
vendored
Normal file
Binary file not shown.
BIN
vendor/cache/oauth2-2.0.9.gem
vendored
Normal file
BIN
vendor/cache/oauth2-2.0.9.gem
vendored
Normal file
Binary file not shown.
BIN
vendor/cache/omniauth-oauth2-1.8.0.gem
vendored
Normal file
BIN
vendor/cache/omniauth-oauth2-1.8.0.gem
vendored
Normal file
Binary file not shown.
BIN
vendor/cache/snaky_hash-2.0.1.gem
vendored
Normal file
BIN
vendor/cache/snaky_hash-2.0.1.gem
vendored
Normal file
Binary file not shown.
BIN
vendor/cache/uri-0.13.0.gem
vendored
Normal file
BIN
vendor/cache/uri-0.13.0.gem
vendored
Normal file
Binary file not shown.
BIN
vendor/cache/version_gem-1.1.3.gem
vendored
Normal file
BIN
vendor/cache/version_gem-1.1.3.gem
vendored
Normal file
Binary file not shown.
Loading…
Reference in a new issue