AkkomaGang/akkoma
AkkomaGang
/
akkoma
12
63
Fork 83
Code Issues 167 Pull Requests 14 Packages Projects 2 Releases 13 Wiki Activity

Fix OAuth consumer mode #668

Merged
floatingghost merged 4 commits from :develop into develop 2024-02-02 10:05:42 +00:00
Conversation 1 Commits 4 Files Changed 5 +71 -34
tcmal commented 2023-12-17 19:39:36 +00:00
Contributor
Copy Link

The previous code passed a state parameter to ueberauth with info about where to go after the user logged in, etc.
Since ueberauth 0.7, this parameter is ignored and oauth state is used for CSRF prevention, see here.

We now set a cookie with the state we need to keep track of, and read it once the callback happens.

Fixes #646

The previous code passed a state parameter to ueberauth with info about where to go after the user logged in, etc. Since ueberauth 0.7, this parameter is ignored and oauth state is used for CSRF prevention, see [here](https://github.com/ueberauth/ueberauth/pull/136). We now set a cookie with the state we need to keep track of, and read it once the callback happens. Fixes #646
tcmal added 3 commits 2023-12-17 19:39:36 +00:00
eb0dbf6b79 fix oauth consumer mode 
the previous code passed a state parameter to ueberauth with info
about where to go after the user logged in, etc.
since ueberauth 0.7, this parameter is ignored and oauth state is used
for actual CSRF reasons.

we now set a cookie with the state we need to keep track of, and read
it once the callback happens.
tcmal added 1 commit 2023-12-17 21:48:46 +00:00
ci/woodpecker/pr/lint Pipeline was successful Details
ci/woodpecker/pr/test Pipeline was successful Details
ci/woodpecker/pr/build-arm64 unknown status Details
ci/woodpecker/pr/build-amd64 unknown status Details
ci/woodpecker/pr/docs unknown status Details
77000b8ffd update tests for oauth consumer
tcmal changed title from WIP: Fix OAuth consumer mode to Fix OAuth consumer mode 2023-12-17 21:48:50 +00:00
floatingghost commented 2023-12-29 16:12:29 +00:00
Owner
Copy Link

thanks! this passes all tests, lemme like spin up a way to actually test this and i'll make sure everything looks ok

(i'll be honest this auth mode has been neglected since way before this fork existed)

thanks! this passes all tests, lemme like spin up a way to actually test this and i'll make sure everything looks ok (i'll be honest this auth mode has been neglected since way before this fork existed)
floatingghost merged commit b4ccddab39 into develop 2024-02-02 10:05:42 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
approved, awaiting change

   
bug

Something is not working

  
configuration

This requires config changes

  
documentation

This is about human-readable docs

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
extremely low priority

   
feature request

Something new?

  
Fix it yourself

Support has been attempted

  
help wanted

Need some help

  
invalid

Something is wrong

  
mastodon_api

   
needs docs

   
needs tests

   
not a bug

   
planned

   
pleroma_api

   
privacy

   
question

More information is needed

  
static_fe

   
triage

   
wontfix

This won't be fixed

No Label
approved, awaiting change
bug
configuration
documentation
duplicate
enhancement
extremely low priority
feature request
Fix it yourself
help wanted
invalid
mastodon_api
needs docs
needs tests
not a bug
planned
pleroma_api
privacy
question
static_fe
triage
wontfix
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: AkkomaGang/akkoma#668
No description provided.
Delete Branch ":develop"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?