[openstreetmap/openstreetmap-website] OAuth2 support? (#1408)

mmd notifications at github.com
Tue Oct 13 21:38:46 UTC 2020


I've seen some issues with a user having to log in first at the rails port and then follow a redirect back to discourse (example: http://railsport.internal/login?referer=http://discourse.internal/auth/oauth2_basic/callback).

`safe_referer` in the app controller sanitises the referer url so that the redirect no longer works. When commenting out all that logic, discourse reports an csrf_detected error...

Long story short, I believe it would make sense to somehow include discourse in the tests. They offer a container image which is good enough for testing. https://hub.docker.com/r/bitnami/discourse/

Inside the discourse container, the oauth2-basic plugin needs to be installed:

git clone https://github.com/discourse/discourse-oauth2-basic.git /opt/bitnami/discourse/plugins/discourse-oauth2-basic
chown -R discourse:discourse /opt/bitnami/discourse/plugins/discourse-oauth2-basic

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/1408#issuecomment-708023884
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20201013/3ac5d71b/attachment-0001.htm>


More information about the rails-dev mailing list