diff --git a/Gemfile b/Gemfile index 9d12852..081d36e 100644 --- a/Gemfile +++ b/Gemfile @@ -52,6 +52,7 @@ gem 'will_paginate-bootstrap4', '~> 0.2.2' gem 'devise', '~> 4.8.0' gem 'omniauth' +gem 'omniauth-rails_csrf_protection' gem 'omniauth-github' # Use ActiveModel has_secure_password diff --git a/Gemfile.lock b/Gemfile.lock index de1be85..fe592c8 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -97,8 +97,15 @@ GEM diffy (3.4.0) erubi (1.10.0) execjs (2.7.0) - faraday (1.0.0) + faraday (1.4.1) + faraday-excon (~> 1.1) + faraday-net_http (~> 1.0) + faraday-net_http_persistent (~> 1.1) multipart-post (>= 1.2, < 3) + ruby2_keywords (>= 0.0.4) + faraday-excon (1.1.0) + faraday-net_http (1.0.1) + faraday-net_http_persistent (1.1.0) ffi (1.15.0) font-awesome-sass (5.15.1) sassc (>= 1.11) @@ -114,7 +121,7 @@ GEM rails-dom-testing (>= 1, < 3) railties (>= 4.2.0) thor (>= 0.14, < 2.0) - jwt (2.2.1) + jwt (2.2.3) listen (3.5.1) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) @@ -129,7 +136,7 @@ GEM mini_portile2 (2.5.1) minitest (5.14.4) msgpack (1.4.2) - multi_json (1.14.1) + multi_json (1.15.0) multi_xml (0.6.0) multipart-post (2.1.1) mysql2 (0.5.3) @@ -137,21 +144,25 @@ GEM nokogiri (1.11.4) mini_portile2 (~> 2.5.0) racc (~> 1.4) - oauth2 (1.4.3) + oauth2 (1.4.7) faraday (>= 0.8, < 2.0) jwt (>= 1.0, < 3.0) multi_json (~> 1.3) multi_xml (~> 0.5) rack (>= 1.2, < 3) - omniauth (1.9.1) + omniauth (2.0.4) hashie (>= 3.4.6) rack (>= 1.6.2, < 3) - omniauth-github (1.4.0) - omniauth (~> 1.5) - omniauth-oauth2 (>= 1.4.0, < 2.0) - omniauth-oauth2 (1.6.0) - oauth2 (~> 1.1) - omniauth (~> 1.9) + rack-protection + omniauth-github (2.0.0) + omniauth (~> 2.0) + omniauth-oauth2 (~> 1.7.1) + omniauth-oauth2 (1.7.1) + oauth2 (~> 1.4) + omniauth (>= 1.9, < 3) + omniauth-rails_csrf_protection (1.0.0) + actionpack (>= 4.2) + omniauth (~> 2.0) orm_adapter (0.5.0) popper_js (1.16.0) public_suffix (4.0.6) @@ -159,6 +170,8 @@ GEM nio4r (~> 2.0) racc (1.5.2) rack (2.2.3) + rack-protection (2.1.0) + rack rack-test (1.1.0) rack (>= 1.0, < 3) rails (6.1.3.2) @@ -203,6 +216,7 @@ GEM actionpack (>= 5.0) railties (>= 5.0) rexml (3.2.5) + ruby2_keywords (0.0.4) sassc (2.4.0) ffi (~> 1.9) sassc-rails (2.1.2) @@ -267,6 +281,7 @@ DEPENDENCIES mysql2 (~> 0.5.2) omniauth omniauth-github + omniauth-rails_csrf_protection puma (~> 5.0) rails (= 6.1.3.2) rails-controller-testing diff --git a/app/views/layouts/_header.html.erb b/app/views/layouts/_header.html.erb index 1961bff..000b870 100644 --- a/app/views/layouts/_header.html.erb +++ b/app/views/layouts/_header.html.erb @@ -32,9 +32,9 @@ <% else %>
  • <% if Rails.env.development? %> - <%= link_to t('application.sign_in_with_github'), user_developer_omniauth_authorize_path, class: 'nav-link' %> + <%= link_to t('application.sign_in_with_github'), user_developer_omniauth_authorize_path, method: :post, class: 'nav-link' %> <% else %> - <%= link_to t('application.sign_in_with_github'), user_github_omniauth_authorize_path, class: 'nav-link' %> + <%= link_to t('application.sign_in_with_github'), user_github_omniauth_authorize_path, method: :post, class: 'nav-link' %> <% end %>
    • <% end %> diff --git a/test/integration/translator_flow_test.rb b/test/integration/translator_flow_test.rb index f507a18..375b318 100644 --- a/test/integration/translator_flow_test.rb +++ b/test/integration/translator_flow_test.rb @@ -8,7 +8,7 @@ class TranslatorFlowTest < ActionDispatch::IntegrationTest end test "can login via github" do - get '/users/auth/github' + post '/users/auth/github' assert_response :redirect follow_redirect! follow_redirect!