Ruby on rails OAuth2错误:检测到CSRF
我正在Rails中使用ominauth-google-oauth2 gem。我不能说这是一个错误,但我很难解决它。我已经编写了一个超级简单的Rails程序来验证这个问题。我跟在后面 似乎当我尝试登录我的gmail.com帐户时,当我有其他启用google oauth的帐户时,我会遇到以下异常:Ruby on rails OAuth2错误:检测到CSRF,ruby-on-rails,oauth,Ruby On Rails,Oauth,我正在Rails中使用ominauth-google-oauth2 gem。我不能说这是一个错误,但我很难解决它。我已经编写了一个超级简单的Rails程序来验证这个问题。我跟在后面 似乎当我尝试登录我的gmail.com帐户时,当我有其他启用google oauth的帐户时,我会遇到以下异常: OmniAuth::Strategies::OAuth2::CallbackError at /auth/google_oauth2/callback csrf_detected | CSRF detec
OmniAuth::Strategies::OAuth2::CallbackError at /auth/google_oauth2/callback
csrf_detected | CSRF detected
以下是堆栈跟踪的顶部:
Started GET "/auth/google_oauth2/callback?state=732fc603c628199503f01781639123426e7fbfa874a36a4a&code=4%2FF2VhN4EQfwYxr5cAmyp5S9sufuFMLP9Rpl-o85zWyyE" for 127.0.0.1 at 2017-10-16 12:01:03 -0400
I, [2017-10-16T12:01:03.814169 #58394] INFO -- omniauth: (google_oauth2) Callback phase initiated.
E, [2017-10-16T12:01:03.814832 #58394] ERROR -- omniauth: (google_oauth2) Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected
E, [2017-10-16T12:01:03.815656 #58394] ERROR -- omniauth: (google_oauth2) Authentication failure! invalid_credentials: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected
OmniAuth::Strategies::OAuth2::CallbackError - csrf_detected | CSRF detected:
omniauth (1.7.1) lib/omniauth/failure_endpoint.rb:25:in `raise_out!'
omniauth (1.7.1) lib/omniauth/failure_endpoint.rb:20:in `call'
omniauth (1.7.1) lib/omniauth/failure_endpoint.rb:12:in `call'
omniauth (1.7.1) lib/omniauth/strategy.rb:486:in `fail!'
omniauth-oauth2 (1.4.0) lib/omniauth/strategies/oauth2.rb:71:in `callback_phase'
omniauth (1.7.1) lib/omniauth/strategy.rb:236:in `callback_call'
omniauth (1.7.1) lib/omniauth/strategy.rb:188:in `call!'
omniauth (1.7.1) lib/omniauth/strategy.rb:168:in `call'
omniauth (1.7.1) lib/omniauth/builder.rb:63:in `call'
rack (2.0.3) lib/rack/etag.rb:25:in `call'
以下是所有相关的代码片段:
初始化者/omniauth.rb
routes.rb
views/home/show.html.erb
应用程序\u controller.rb
class ApplicationController
会话\u controller.rb
class sessioncontroller
- 我使用rails server-P3000运行服务器
- 我使用
- 这将显示带有登录按钮的页面,我按下了该按钮
- 这显示了我所有可能的谷歌登录的列表(我想有4个)
- 我点击其中一个,得到以下异常:
OmniAuth::Strategies::OAuth2::CallbackError位于/auth/google\u OAuth2/callback 检测到csrf|u |检测到csrf
您能否仅复制stacktrace中显示到达服务器的请求的行?大概它显示了一个PUT或POST请求,但确认一下会很有帮助。我把它放在了主消息中啊,是的,对不起,你提供的所有信息中都漏掉了。您是否看到了这一潜在原因:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :google_oauth2,
"redacted",
"redacted"
end
get 'login', to: redirect('/auth/google_oauth2'), as: 'login'
get 'logout', to: 'sessions#destroy', as: 'logout'
get 'auth/:provider/callback', to: 'sessions#create'
get 'auth/failure', to: redirect('/')
get 'home', to: 'home#show'
get 'me', to: 'me#show', as: 'me'
<%= link_to "Sign in with Google", "/auth/google_oauth2", id: "sign_in" %>
class ApplicationController < ActionController::Base
protect_from_forgery with: :exception
helper_method :current_user
def authenticate
redirect_to :login unless user_signed_in?
end
def current_user
@current_user ||= User.find(session[:user_id]) if session[:user_id]
end
def user_signed_in?
# converts current_user to a boolean by negating the negation
!current_user.nil?
end
end
class SessionsController < ApplicationController
def create
@user = User.find_or_create_from_auth_hash(request.env["omniauth.auth"])
session[:user_id] = @user.id
redirect_to :me
end
def destroy
session[:user_id] = nil
redirect_to root_path
end
end