Salut l’équipe,
J’essaie d’intégrer discourse-zoom dans une application communautaire pour mon équipe. Après avoir créé et validé une application Oauth serveur à serveur, tout semblait bien se passer. J’ai installé le plugin ‘discourse-oauth2-basic’ afin d’obtenir l’URL ‘/auth/oauth2_basic/callback’ nécessaire pour autoriser le SDK Meetings. Après avoir configuré le SDK et tenté de démarrer le flux d’autorisation en collant l’URL générée dans mon navigateur, je reçois continuellement l’erreur suivante.
J’ai fait quelques recherches et j’ai découvert qu’une exception CSRF est levée par le code de stratégie OmniAuth sous-jacent.
(oauth2_basic) Échec de l'authentification ! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF détecté
Backtrace
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/omniauth-1.9.2/lib/omniauth/strategy.rb:163:in `log'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/omniauth-1.9.2/lib/omniauth/strategy.rb:486:in `fail!'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/omniauth-oauth2-1.7.3/lib/omniauth/strategies/oauth2.rb:87:in `callback_phase'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/omniauth-1.9.2/lib/omniauth/strategy.rb:238:in `callback_call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/omniauth-1.9.2/lib/omniauth/strategy.rb:189:in `call!'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/omniauth-1.9.2/lib/omniauth/strategy.rb:169:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/omniauth-1.9.2/lib/omniauth/builder.rb:45:in `call'
/var/www/discourse/lib/middleware/omniauth_bypass_middleware.rb:43:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/rack-2.2.9/lib/rack/tempfile_reaper.rb:15:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/rack-2.2.9/lib/rack/conditional_get.rb:27:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/rack-2.2.9/lib/rack/head.rb:12:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/actionpack-7.0.8.1/lib/action_dispatch/http/permissions_policy.rb:38:in `call'
/var/www/discourse/lib/content_security_policy/middleware.rb:12:in `call'
/var/www/discourse/lib/middleware/anonymous_cache.rb:393:in `call'
/var/www/discourse/lib/middleware/csp_script_nonce_injector.rb:12:in `call'
/var/www/discourse/config/initializers/008-rack-cors.rb:14:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/rack-2.2.9/lib/rack/session/abstract/id.rb:266:in `context'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/rack-2.2.9/lib/rack/session/abstract/id.rb:260:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/actionpack-7.0.8.1/lib/action_dispatch/middleware/cookies.rb:704:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/actionpack-7.0.8.1/lib/action_dispatch/middleware/callbacks.rb:27:in `block in call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/activesupport-7.0.8.1/lib/active_support/callbacks.rb:99:in `run_callbacks'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/actionpack-7.0.8.1/lib/action_dispatch/middleware/callbacks.rb:26:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/actionpack-7.0.8.1/lib/action_dispatch/middleware/debug_exceptions.rb:28:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/actionpack-7.0.8.1/lib/action_dispatch/middleware/show_exceptions.rb:29:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/logster-2.19.1/lib/logster/middleware/reporter.rb:40:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/railties-7.0.8.1/lib/rails/rack/logger.rb:40:in `call_app'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/railties-7.0.8.1/lib/rails/rack/logger.rb:27:in `call'
/var/www/discourse/config/initializers/100-quiet_logger.rb:20:in `call'
/var/www/discourse/config/initializers/100-silence_logger.rb:29:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/actionpack-7.0.8.1/lib/action_dispatch/middleware/remote_ip.rb:93:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/actionpack-7.0.8.1/lib/action_dispatch/middleware/request_id.rb:26:in `call'
/var/www/discourse/lib/middleware/enforce_hostname.rb:24:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/rack-2.2.9/lib/rack/method_override.rb:24:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/actionpack-7.0.8.1/lib/action_dispatch/middleware/executor.rb:14:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/rack-2.2.9/lib/rack/sendfile.rb:110:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/actionpack-7.0.8.1/lib/action_dispatch/middleware/host_authorization.rb:131:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/rack-mini-profiler-3.3.1/lib/mini_profiler.rb:334:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/message_bus-4.3.8/lib/message_bus/rack/middleware.rb:60:in `call'
/var/www/discourse/lib/middleware/request_tracker.rb:291:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/railties-7.0.8.1/lib/rails/engine.rb:530:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/railties-7.0.8.1/lib/rails/railtie.rb:226:in `public_send'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/railties-7.0.8.1/lib/rails/railtie.rb:226:in `method_missing'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/rack-2.2.9/lib/rack/urlmap.rb:74:in `block in call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/rack-2.2.9/lib/rack/urlmap.rb:58:in `each'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/rack-2.2.9/lib/rack/urlmap.rb:58:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/unicorn-6.1.0/lib/unicorn/http_server.rb:634:in `process_client'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/unicorn-6.1.0/lib/unicorn/http_server.rb:739:in `worker_loop'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/unicorn-6.1.0/lib/unicorn/http_server.rb:547:in `spawn_missing_workers'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/unicorn-6.1.0/lib/unicorn/http_server.rb:143:in `start'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/unicorn-6.1.0/bin/unicorn:128:in `<top (required)>'
/var/www/discourse/vendor/bundle/ruby/3.3.0/bin/unicorn:25:in `load'
/var/www/discourse/vendor/bundle/ruby/3.3.0/bin/unicorn:25:in `<main>'
Env
La méthode callback_phase est celle qui déclenche cette erreur.
def callback_phase # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
error = request.params["error_reason"] || request.params["error"]
if !options.provider_ignores_state && (request.params["state"].to_s.empty? || !secure_compare(request.params["state"], session.delete("omniauth.state")))
fail!(:csrf_detected, CallbackError.new(:csrf_detected, "CSRF detected"))
elsif error
fail!(error, CallbackError.new(request.params["error"], request.params["error_description"] || request.params["error_reason"], request.params["error_uri"]))
else
self.access_token = build_access_token
self.access_token = access_token.refresh! if access_token.expired?
super
end
rescue ::OAuth2::Error, CallbackError => e
fail!(:invalid_credentials, e)
rescue ::Timeout::Error, ::Errno::ETIMEDOUT, ::OAuth2::TimeoutError, ::OAuth2::ConnectionError => e
fail!(:timeout, e)
rescue ::SocketError => e
fail!(:failed_to_connect, e)
end
Quelqu’un pourrait-il m’indiquer la bonne direction pour procéder à la partie autorisation ? Jouer avec ‘options.provider_ignores_state’ ne semble pas être une bonne idée en raison de préoccupations de sécurité, et je ne suis pas non plus sûr que ‘omniauth.state’ soit initialisé si je ne fais que frapper l’URL ‘callback’, mais je ne suis pas assez familier avec OmniAuth pour dépanner efficacement cela.
Le guide d’installation/configuration de discourse-zoom ne mentionne pas explicitement l’utilisation de ‘discourse-oauth2-basic’. Y a-t-il une meilleure façon ou un plugin plus compatible pour m’aider à autoriser le SDK Meetings ?
Merci