Open akvadrako opened 10 years ago
Looking back I thought #136 covered this very well
@damm @brntbeer @akvadrako hi guys. I'm fighting with this authentication issue for a while now, I'm not sure if I can apply any of these hacks to my config.ru to get foreman running. Also I've taken a look a this one https://github.com/damm/descartes/commit/84e3d4a239ee9e8ffc87ed70d6569eee729a4d74 but I can't figure it out how to apply those changes. Here's my config,ru:
$stdout.sync = true $:.unshift File.dirname(FILE) + '/lib' require 'descartes/web' require 'descartes/github_auth' require 'rack-canonical-host'
use Rack::CanonicalHost do case ENV['RACK_ENV'].to_sym when :production then ENV['CANONICAL_HOST'] if defined?ENV['CANONICAL_HOST'] end end
use Rack::Session::Cookie, :key => 'rack.session', :expire_after => 1209600, :secret => (ENV['SESSION_SECRET'] || raise('missing SESSION_SECRET'))
use OmniAuth::Builder do provider :google_apps, :store => OpenID::Store::Redis.new(Redis.connect(:url => ENV['REDISTOGO_URL']) || OpenID::Store::Redis.new(Redis.connect(:url => 'redis://localhost:6379/1'))), :name => 'google', :domain => ENV['GOOGLE_OAUTH_DOMAIN'] end
class Descartes::NoAuth < Sinatra::Base before do session['user'] = { 'uid' => 'anonymous', 'email' => 'noemail' } redirect '/' end end
run Rack::URLMap.new('/' => Descartes::Web, '/auth/github' => Descartes::GithubAuth, '/auth/noauth' => Descartes::NoAuth)
OAuth type (either 'google' or 'github' or 'noauth') OAUTH_PROVIDER=noauth
I'm still getting the "descartes/config.ru:16:in `block in
export SESSION_SECRET="somethingrandom"
Thanks @damm and sorry but somethingrandom??? I don't know what it would be suitable. Thanks!
And, is this something I need to add to config.ru? what about .env file?
@Mariano-gon It's due to how Sessions are handled (and encryption). It should be unique and random.
http://www.sinatrarb.com/faq.html#sessions
Slightly better could? be http://guides.rubyonrails.org/security.html#session-storage
Thanks @damm. Seems like I'm facing another issue now, I've opened another thread (https://github.com/obfuscurity/descartes/issues/153). One last thing, the .env and config.ru are correct? Thanks!
Man I just realized how badly I want this since a) Google deprecated new registrations for OpenID 2.0 and b) GitHub changed their OAuth too. IOW, neither OAUTH mech works for new deployments. :sob:
Hopefully this patch is unintrusive enough