Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Twitter-omniauth bug after Request Phase on normalized_uri #5523

Closed
1dolinski opened this issue Sep 27, 2022 · 4 comments
Closed

Twitter-omniauth bug after Request Phase on normalized_uri #5523

1dolinski opened this issue Sep 27, 2022 · 4 comments

Comments

@1dolinski
Copy link

Environment

Gemfile:

ruby "3.1.0"
gem 'rails', '6.0.3.1'

gem 'devise' (4.8.1 in Gemfile.lock)
gem 'omniauth-facebook'
gem 'omniauth-twitter'
gem "omniauth-rails_csrf_protection", "~> 1.0"
link_to for CSRF with POST, previously GET

Current behavior

Upgraded Rails to 6 along with devise.

After updating for this CSRF error #5236 arrived at:

Started POST "/users/auth/twitter" for ::1 at 2022-09-22 21:24:44 -0400
(twitter) Request phase initiated.
(twitter) Authentication failure! undefined method `downcase' for nil:NilClass

        "#{u.scheme.downcase}://#{u.host.downcase}#{(u.scheme.casecmp("http").zero? && u.port != 80) || (u.scheme.casecmp("https").zero? && u.port != 443) ? ":#{u.port}" : ""}#{u.path && u.path != "" ? u.path : "/"}"
                                        ^^^^^^^^^: NoMethodError, undefined method `downcase' for nil:NilClass

Processing by Users::OmniauthCallbacksController#failure as HTML

<%= link_to "Log In" user_twitter_omniauth_authorize_path  method: :post, "data-turbo": false %>

In omniauth.rb

    OmniAuth.config.allowed_request_methods = [:post]
class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
    def self.provides_callback_for(provider)
      class_eval %Q{
        def #{provider}
          
          
          @user = User.find_for_oauth(request.env["omniauth.auth"], current_user)
          skip_authorization
          authorize @user, policy_class: OmniauthCallbackPolicy
          if @user.persisted?
            
            @user.remember_me
            sign_in_and_redirect @user, event: :authentication
            set_flash_message(:notice, :success, kind: "#{provider}".capitalize) if is_navigational_format?
          else
            
            session["devise.#{provider}_data"] = request.env["omniauth.auth"]
            redirect_to new_user_registration_url
          end
        end
      }
    end
    
    [:twitter, :facebook, :apple].each do |provider|
      provides_callback_for provider
    end
    
    def failure
      redirect_to root_path
    end
  end

The line of code that errors our seems to be defined here https://rubydoc.info/gems/oauth/0.5.5/OAuth%2FRequestProxy%2FBase:normalized_uri

Expected behavior

I used to be able to login with twitter oauth before this, looking for same
@1dolinski
Copy link
Author

Ongoing discussion, with SO bounty here

https://stackoverflow.com/questions/73822206/upgraded-to-rails-6-devise-omniauth-twitter-nomethoderror/73879754#73879754

Open chat here: https://chat.stackoverflow.com/rooms/248415/discussion-between-tibic4-and-1dolinski

@1dolinski
Copy link
Author

Updated SO bounty to 100.. still no fix

@OrceMaceski
Copy link

This has helped me:
arunagw/omniauth-twitter#141

@nashby
Copy link
Collaborator

nashby commented Feb 19, 2023

According to SO accepted answer, this was resolved by upgrading oauth gem

@nashby nashby closed this as completed Feb 19, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nashby @1dolinski @OrceMaceski