Hallo Team,
Ich versuche, discourse-zoom in eine Community-App für mein Team zu integrieren. Nachdem ich eine Server-zu-Server-OAuth-App erstellt und validiert hatte, schien alles in Ordnung zu sein. Ich habe das Plugin ‘discourse-oauth2-basic’ installiert, um die URL ‘/auth/oauth2_basic/callback’ zu erhalten, die zur Autorisierung des Meetings SDK benötigt wird. Nachdem ich das SDK konfiguriert und versucht hatte, den Autorisierungsfluss zu starten, indem ich die generierte URL in meinen Browser eingefügt habe, erhalte ich immer wieder die folgende Fehlermeldung.
Ich habe recherchiert und festgestellt, dass eine CSRF-Ausnahme vom zugrunde liegenden OmniAuth-Strategiecode ausgelöst wird.
(oauth2_basic) Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected
Backtrace
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/omniauth-1.9.2/lib/omniauth/strategy.rb:163:in `log'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/omniauth-1.9.2/lib/omniauth/strategy.rb:486:in `fail!'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/omniauth-oauth2-1.7.3/lib/omniauth/strategies/oauth2.rb:87:in `callback_phase'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/omniauth-1.9.2/lib/omniauth/strategy.rb:238:in `callback_call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/omniauth-1.9.2/lib/omniauth/strategy.rb:189:in `call!'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/omniauth-1.9.2/lib/omniauth/strategy.rb:169:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/omniauth-1.9.2/lib/omniauth/builder.rb:45:in `call'
/var/www/discourse/lib/middleware/omniauth_bypass_middleware.rb:43:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/rack-2.2.9/lib/rack/tempfile_reaper.rb:15:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/rack-2.2.9/lib/rack/conditional_get.rb:27:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/rack-2.2.9/lib/rack/head.rb:12:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/actionpack-7.0.8.1/lib/action_dispatch/http/permissions_policy.rb:38:in `call'
/var/www/discourse/lib/content_security_policy/middleware.rb:12:in `call'
/var/www/discourse/lib/middleware/anonymous_cache.rb:393:in `call'
/var/www/discourse/lib/middleware/csp_script_nonce_injector.rb:12:in `call'
/var/www/discourse/config/initializers/008-rack-cors.rb:14:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/rack-2.2.9/lib/rack/session/abstract/id.rb:266:in `context'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/rack-2.2.9/lib/rack/session/abstract/id.rb:260:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/actionpack-7.0.8.1/lib/action_dispatch/middleware/cookies.rb:704:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/actionpack-7.0.8.1/lib/action_dispatch/middleware/callbacks.rb:27:in `block in call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/activesupport-7.0.8.1/lib/active_support/callbacks.rb:99:in `run_callbacks'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/actionpack-7.0.8.1/lib/action_dispatch/middleware/callbacks.rb:26:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/actionpack-7.0.8.1/lib/action_dispatch/middleware/debug_exceptions.rb:28:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/actionpack-7.0.8.1/lib/action_dispatch/middleware/show_exceptions.rb:29:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/logster-2.19.1/lib/logster/middleware/reporter.rb:40:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/railties-7.0.8.1/lib/rails/rack/logger.rb:40:in `call_app'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/railties-7.0.8.1/lib/rails/rack/logger.rb:27:in `call'
/var/www/discourse/config/initializers/100-quiet_logger.rb:20:in `call'
/var/www/discourse/config/initializers/100-silence_logger.rb:29:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/actionpack-7.0.8.1/lib/action_dispatch/middleware/remote_ip.rb:93:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/actionpack-7.0.8.1/lib/action_dispatch/middleware/request_id.rb:26:in `call'
/var/www/discourse/lib/middleware/enforce_hostname.rb:24:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/rack-2.2.9/lib/rack/method_override.rb:24:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/actionpack-7.0.8.1/lib/action_dispatch/middleware/executor.rb:14:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/rack-2.2.9/lib/rack/sendfile.rb:110:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/actionpack-7.0.8.1/lib/action_dispatch/middleware/host_authorization.rb:131:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/rack-mini-profiler-3.3.1/lib/mini_profiler.rb:334:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/message_bus-4.3.8/lib/message_bus/rack/middleware.rb:60:in `call'
/var/www/discourse/lib/middleware/request_tracker.rb:291:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/railties-7.0.8.1/lib/rails/engine.rb:530:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/railties-7.0.8.1/lib/rails/railtie.rb:226:in `public_send'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/railties-7.0.8.1/lib/rails/railtie.rb:226:in `method_missing'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/rack-2.2.9/lib/rack/urlmap.rb:74:in `block in call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/rack-2.2.9/lib/rack/urlmap.rb:58:in `each'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/rack-2.2.9/lib/rack/urlmap.rb:58:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/unicorn-6.1.0/lib/unicorn/http_server.rb:634:in `process_client'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/unicorn-6.1.0/lib/unicorn/http_server.rb:739:in `worker_loop'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/unicorn-6.1.0/lib/unicorn/http_server.rb:547:in `spawn_missing_workers'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/unicorn-6.1.0/lib/unicorn/http_server.rb:143:in `start'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/unicorn-6.1.0/bin/unicorn:128:in `<top (required)>'
/var/www/discourse/vendor/bundle/ruby/3.3.0/bin/unicorn:25:in `load'
/var/www/discourse/vendor/bundle/ruby/3.3.0/bin/unicorn:25:in `<main>'
Env
Die Methode callback_phase löst diesen Fehler aus.
def callback_phase # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
error = request.params["error_reason"] || request.params["error"]
if !options.provider_ignores_state && (request.params["state"].to_s.empty? || !secure_compare(request.params["state"], session.delete("omniauth.state")))
fail!(:csrf_detected, CallbackError.new(:csrf_detected, "CSRF detected"))
elsif error
fail!(error, CallbackError.new(request.params["error"], request.params["error_description"] || request.params["error_reason"], request.params["error_uri"]))
else
self.access_token = build_access_token
self.access_token = access_token.refresh! if access_token.expired?
super
end
rescue ::OAuth2::Error, CallbackError => e
fail!(:invalid_credentials, e)
rescue ::Timeout::Error, ::Errno::ETIMEDOUT, ::OAuth2::TimeoutError, ::OAuth2::ConnectionError => e
fail!(:timeout, e)
rescue ::SocketError => e
fail!(:failed_to_connect, e)
end
Kann mir bitte jemand weiterhelfen, wie ich mit dem Autorisierungsteil fortfahren kann? Das Herumspielen mit ‘options.provider_ignores_state’ scheint aufgrund von Sicherheitsbedenken keine gute Idee zu sein, und ich bin mir auch nicht sicher, ob ‘omniauth.state’ initialisiert wird, wenn ich nur die ‘callback’-URL aufrufe, aber ich bin mit OmniAuth nicht vertraut genug, um dies effektiv zu beheben.
Die Installations-/Konfigurationsanleitung für discourse-zoom erwähnt die Verwendung von ‘discourse-oauth2-basic’ nicht explizit. Gibt es eine bessere oder kompatiblere Plugin, die mir bei der Autorisierung des Meetings SDK helfen kann?
Danke