Rails3omniauth google 身份验证返回用户身份

发布于 2024-12-18 16:24:56 字数 819 浏览 4 评论 0原文

我的 Omniauth 集成适用于本地开发，但在 google 上暂存失败。

require 'omniauth/openid'
require 'openid/store/memcache'

Rails.application.config.middleware.use OmniAuth::Builder do
  OmniAuth.config.full_host = "http://xx.xx.xxx/"

  # dedicated openid
   provider :open_id, OpenID::Store::Memcache.new(Dalli::Client.new), :name => 'google', :identifier => 'https://www.google.com/accounts/o8/id'

end

我收到此错误消息：

Started GET "/auth/failure?message=invalid_credentials" for 58.71.19.178 at 2011-12-01 02:22:20 +0000 由 ErrorsController#routing 作为 HTML 进行处理参数：{“message”=>“invalid_credentials”，“a”=>“auth/failure”} 呈现 public/404.html (0.1ms) Completed 404 Not Found in 1ms (Views: 0.6ms | ActiveRecord: 0.0ms)

另外，for 中的 ip 与我的 OmniAuth.config.full_host 中的不一样，也许这可能会导致问题？

原文

My Omniauth integration works on local development but fails for google on staging.

require 'omniauth/openid'
require 'openid/store/memcache'

Rails.application.config.middleware.use OmniAuth::Builder do
  OmniAuth.config.full_host = "http://xx.xx.xxx/"

  # dedicated openid
   provider :open_id, OpenID::Store::Memcache.new(Dalli::Client.new), :name => 'google', :identifier => 'https://www.google.com/accounts/o8/id'

end

I get a this error message:

Started GET "/auth/failure?message=invalid_credentials" for 58.71.19.178 at 2011-12-01 02:22:20 +0000
Processing by ErrorsController#routing as HTML
Parameters: {"message"=>"invalid_credentials", "a"=>"auth/failure"}
Rendered public/404.html (0.1ms)
Completed 404 Not Found in 1ms (Views: 0.6ms | ActiveRecord: 0.0ms)

Also the ip in for is not the same in my OmniAuth.config.full_host maybe that could be causing the issue?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

孤蝉 2024-12-25 16:24:56

罪魁祸首是 apache 在不同的 ip 上发送和返回。

这个猴子补丁解决了这个问题。

module OmniAuth
  module Strategies
    # OmniAuth strategy for connecting via OpenID. This allows for connection
    # to a wide variety of sites, some of which are listed [on the OpenID website](http://openid.net/get-an-openid/).
    class OpenID
      protected
      def callback_url
        uri = URI.parse(request.url)
        uri.path += '/callback'

        # by KirylP: to overcome hosting subdomain forwarding to rails port        
        uri.port = '' if request.env.has_key? 'HTTP_X_FORWARDED_SERVER'

        uri.to_s
      end
    end
  end
end

module Rack
  class OpenID
    SERVER_PORT_TO_AVOID = 12002

    private
    def realm_url(req)
      url = req.scheme + "://"
      url << req.host

      scheme, port = req.scheme, req.port
      if scheme == "https" && port != 443 ||
          scheme == "http" && port != 80
        url << ":#{port}" if port != SERVER_PORT_TO_AVOID # KirylP
      end

      url
    end
  end
end

module OpenID
  class Consumer
    def complete(query, current_url)
      message = Message.from_post_args(query)

      current_url.sub!(":#{Rack::OpenID::SERVER_PORT_TO_AVOID}", '') # KirylP

      mode = message.get_arg(OPENID_NS, 'mode', 'invalid')
      begin
        meth = method('complete_' + mode)
      rescue NameError
        meth = method(:complete_invalid)
      end
      response = meth.call(message, current_url)
      cleanup_last_requested_endpoint
      if [SUCCESS, CANCEL].member?(response.status)
        cleanup_session
      end
      return response
    end    
  end
end

The culprit was that apache sending and returning on different ips

This monkey patch fixed the issue.

module OmniAuth
  module Strategies
    # OmniAuth strategy for connecting via OpenID. This allows for connection
    # to a wide variety of sites, some of which are listed [on the OpenID website](http://openid.net/get-an-openid/).
    class OpenID
      protected
      def callback_url
        uri = URI.parse(request.url)
        uri.path += '/callback'

        # by KirylP: to overcome hosting subdomain forwarding to rails port        
        uri.port = '' if request.env.has_key? 'HTTP_X_FORWARDED_SERVER'

        uri.to_s
      end
    end
  end
end

module Rack
  class OpenID
    SERVER_PORT_TO_AVOID = 12002

    private
    def realm_url(req)
      url = req.scheme + "://"
      url << req.host

      scheme, port = req.scheme, req.port
      if scheme == "https" && port != 443 ||
          scheme == "http" && port != 80
        url << ":#{port}" if port != SERVER_PORT_TO_AVOID # KirylP
      end

      url
    end
  end
end

module OpenID
  class Consumer
    def complete(query, current_url)
      message = Message.from_post_args(query)

      current_url.sub!(":#{Rack::OpenID::SERVER_PORT_TO_AVOID}", '') # KirylP

      mode = message.get_arg(OPENID_NS, 'mode', 'invalid')
      begin
        meth = method('complete_' + mode)
      rescue NameError
        meth = method(:complete_invalid)
      end
      response = meth.call(message, current_url)
      cleanup_last_requested_endpoint
      if [SUCCESS, CANCEL].member?(response.status)
        cleanup_session
      end
      return response
    end    
  end
end

回复收藏 0 原文

雨后咖啡店 2024-12-25 16:24:56

我有类似的问题。似乎您的谷歌身份验证失败（可能是由于不同的原因 - 无效的凭据或用户拒绝访问），因此您收到对 /auth/failure 的回调 - 然后您得到 404。

您是否实现了 /auth 的路由/failure 在你的routes.rb中？在我当前的项目中：

routes.rb 中

match '/auth/failure', :to => 'sessions#failure'

在 sessions_controller 中的

def failure
   redirect_to session[:return_uri] || root_path, alert: "Sorry, we were not able to    authenticate you using your chosen sign on method"
end

I had a similar problem. Seems like your google authentication fails (can be for different reasons - invalid credentials, or user denied access), therefore you receive callback to /auth/failure -- and then you get 404.

Did you implement a route for /auth/failure in your routes.rb? In my current project:

in routes.rb

match '/auth/failure', :to => 'sessions#failure'

in sessions_controller

def failure
   redirect_to session[:return_uri] || root_path, alert: "Sorry, we were not able to    authenticate you using your chosen sign on method"
end

回复收藏 0 原文

~没有更多了~