Upgrade omniauth, omniauth-cas, and related gems

[sandbergja]

What maintenance needs to be done

• [x] Upgrade omniauth to 2.x, omniauth-cas to 3.x, and omniauth-rails_csrf_protection
• [x] Confirm that authentication still works locally, in staging, and in prod

[maxkadel]

Login works when coming from https://repec-staging.princeton.edu/ (the url of the server), but not when coming from the proxy-passed path https://library-staging.princeton.edu/econlib/RePEc/pri.

When trying to click the "login" button from the proxy-passed path:

Request URL: https://library-staging.princeton.edu/econlib/RePEc/pri/users/auth/cas
Request Method: POST
Status Code: 422 Unprocessable Content

I do not see this request in the application logs, so I wonder whether it is not being directed by the load balancer?

Log from nginxplus:

172.20.196.67 - - [24/Jun/2024:14:20:05 +0000] "POST /econlib/RePEc/pri/users/auth/cas HTTP/2.0" 422 2490 "https://library-staging.princeton.edu/econlib/RePEc/pri" 128.112.203.146:443, 422, 0.025, 0.026"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" "-"

[maxkadel]

From the nginx logs on the repec-staging server

App 611292 output: D, [2024-06-24T14:59:40.972223 #611292] DEBUG -- omniauth: (cas) Request phase initiated.
App 611292 output: E, [2024-06-24T14:59:40.973294 #611292] ERROR -- omniauth: (cas) Authentication failure! ActionController::InvalidAuthenticityToken: ActionController::InvalidAuthenticityToken, ActionController::InvalidAuthenticityToken

[maxkadel]

Per @kevinreiss , it is ok if folks have to go to repec-staging or repec-prod to log in