由于 bundle install 引起的 Google 身份验证问题

pfaffman · 2024 年12 月 4 日 20:56

我认为这是一个 bug，但我不知道为什么我是第一个抱怨的人，而且 Google 身份验证在 Meta 上也能正常工作。。。

我有几个网站使用 Google 身份验证，这些身份验证设置在 YML 文件中的 ENV 变量中。它们已经运行了很多年。今天其中一个停止工作了，但另外两个仍然工作。我升级了那些网站，现在它们都返回此消息：

抱歉，授权您的帐户时出错。请重试。

当第一个网站停止工作时，我认为可能是 Google 端的问题，但正确的 URL 仍然存在。

我不知道 google-protobuf 是什么——这可能与之有关吗？Build(deps): Bump google-protobuf from 4.28.3 to 4.29.0 (#29969) · discourse/discourse@996f993 · GitHub (编辑：不。它不能：“Protobuf.dev 使用来自 Google 的 cookie 来提供和增强其服务的质量并分析流量”)

编辑：嗯，日志显示“(google_oauth2) 身份验证失败！authenticity_error: OmniAuth::AuthenticityError, Forbidden”，所以听起来 Google 不喜欢我的凭据。

这些凭据与其它网站正在使用的凭据相同，也是这些网站在上次升级之前使用的凭据。我看到预期的值在 /var/www/discourse/config/discourse.conf 中，也在 Rails 的 SiteSettings 中。

supermathie · 2024 年12 月 4 日 21:17

如果您在站点设置中进行设置，而不是通过 ENV 进行设置，它的行为是否不同？

您能否发布 /logs 堆栈跟踪？

pfaffman · 2024 年12 月 4 日 21:20

我将尝试编辑 discourse.conf 并通过 site-settings 进行设置

Message (4 copies reported)

(google_oauth2) Authentication failure! authenticity_error: OmniAuth::AuthenticityError, Forbidden

Backtrace

/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/activesupport-7.2.2/lib/active_support/broadcast_logger.rb:134:in `block in error'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/activesupport-7.2.2/lib/active_support/broadcast_logger.rb:231:in `block in dispatch'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/activesupport-7.2.2/lib/active_support/broadcast_logger.rb:231:in `each'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/activesupport-7.2.2/lib/active_support/broadcast_logger.rb:231:in `dispatch'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/activesupport-7.2.2/lib/active_support/broadcast_logger.rb:134:in `error'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/omniauth-2.1.2/lib/omniauth/strategy.rb:163:in `log'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/omniauth-2.1.2/lib/omniauth/strategy.rb:540:in `fail!'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/omniauth-2.1.2/lib/omniauth/strategy.rb:261:in `rescue in request_call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/omniauth-2.1.2/lib/omniauth/strategy.rb:233:in `request_call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/omniauth-2.1.2/lib/omniauth/strategy.rb:193:in `call!'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/omniauth-2.1.2/lib/omniauth/strategy.rb:169:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/omniauth-2.1.2/lib/omniauth/builder.rb:44:in `call'
/var/www/discourse/lib/middleware/omniauth_bypass_middleware.rb:43:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/rack-2.2.10/lib/rack/tempfile_reaper.rb:15:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/rack-2.2.10/lib/rack/conditional_get.rb:40:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/rack-2.2.10/lib/rack/head.rb:12:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/actionpack-7.2.2/lib/action_dispatch/http/permissions_policy.rb:38:in `call'
/var/www/discourse/lib/content_security_policy/middleware.rb:12:in `call'
/var/www/discourse/lib/middleware/anonymous_cache.rb:399:in `call'
/var/www/discourse/lib/middleware/csp_script_nonce_injector.rb:12:in `call'
/var/www/discourse/config/initializers/008-rack-cors.rb:14:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/rack-2.2.10/lib/rack/session/abstract/id.rb:266:in `context'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/rack-2.2.10/lib/rack/session/abstract/id.rb:260:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/actionpack-7.2.2/lib/action_dispatch/middleware/cookies.rb:704:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/actionpack-7.2.2/lib/action_dispatch/middleware/callbacks.rb:31:in `block in call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/activesupport-7.2.2/lib/active_support/callbacks.rb:101:in `run_callbacks'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/actionpack-7.2.2/lib/action_dispatch/middleware/callbacks.rb:30:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/actionpack-7.2.2/lib/action_dispatch/middleware/debug_exceptions.rb:31:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/actionpack-7.2.2/lib/action_dispatch/middleware/show_exceptions.rb:32:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/logster-2.20.0/lib/logster/middleware/reporter.rb:40:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/railties-7.2.2/lib/rails/rack/logger.rb:41:in `call_app'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/railties-7.2.2/lib/rails/rack/logger.rb:29:in `call'
/var/www/discourse/config/initializers/100-quiet_logger.rb:20:in `call'
/var/www/discourse/config/initializers/100-silence_logger.rb:29:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/actionpack-7.2.2/lib/action_dispatch/middleware/request_id.rb:33:in `call'
/var/www/discourse/lib/middleware/enforce_hostname.rb:24:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/rack-2.2.10/lib/rack/method_override.rb:24:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/actionpack-7.2.2/lib/action_dispatch/middleware/executor.rb:16:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/rack-2.2.10/lib/rack/sendfile.rb:110:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/rack-mini-profiler-3.3.1/lib/mini_profiler.rb:191:in `call'
/var/www/discourse/lib/middleware/processing_request.rb:12:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/message_bus-4.3.8/lib/message_bus/rack/middleware.rb:60:in `call'
/var/www/discourse/lib/middleware/request_tracker.rb:360:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/actionpack-7.2.2/lib/action_dispatch/middleware/remote_ip.rb:96:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/railties-7.2.2/lib/rails/engine.rb:535:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/railties-7.2.2/lib/rails/railtie.rb:226:in `public_send'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/railties-7.2.2/lib/rails/railtie.rb:226:in `method_missing'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/rack-2.2.10/lib/rack/urlmap.rb:74:in `block in call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/rack-2.2.10/lib/rack/urlmap.rb:58:in `each'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/rack-2.2.10/lib/rack/urlmap.rb:58:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/unicorn-6.1.0/lib/unicorn/http_server.rb:634:in `process_client'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/unicorn-6.1.0/lib/unicorn/http_server.rb:739:in `worker_loop'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/unicorn-6.1.0/lib/unicorn/http_server.rb:547:in `spawn_missing_workers'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/unicorn-6.1.0/lib/unicorn/http_server.rb:143:in `start'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/unicorn-6.1.0/bin/unicorn:128:in `<top (required)>'
/var/www/discourse/vendor/bundle/ruby/3.3.0/bin/unicorn:25:in `load'
/var/www/discourse/vendor/bundle/ruby/3.3.0/bin/unicorn:25:in `<main>'

Env

HTTP HOSTS: looks.right.to.me.com

不清楚详细日志是否包含更多信息。

我现在正在重新构建其中一个站点，原因与此无关。

pfaffman · 2024 年12 月 4 日 21:37

哦，天哪。我又进行了一次升级，现在它能用了。

然后我升级了另一个网站，它也能用了。我在提交记录或我的代码中看不到任何能解释这一切的原因。通常我至少能证明问题是我造成的。

pfaffman · 2024 年12 月 5 日 14:43

叹气。现在什么都没变，昨天下午我通过重建两个站点“修复”它时起作用的东西，现在却显示
抱歉，授权您的帐户时出错。请重试。
对两者都如此。

改变的是我进入了两个容器并编辑了 /var/www/discourse/plugins/discourse-data-explorer/plugins.rb 并执行了 sv restart unicorn。

那么重启 unicorn 会导致问题吗？这说不通。我不想重启容器，因为它们都在进行长时间的导入，还需要 30-40 小时。

pfaffman · 2024 年12 月 5 日 17:13

这可能是一个线索。对于提到的每个错误，还有一个 Attack prevented by OmniAuth::AuthenticityTokenProtection。

消息（报告了 8 份副本）

Attack prevented by OmniAuth::AuthenticityTokenProtection

回溯

/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/activesupport-7.2.2/lib/active_support/broadcast_logger.rb:130:in `block in warn'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/activesupport-7.2.2/lib/active_support/broadcast_logger.rb:231:in `block in dispatch'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/activesupport-7.2.2/lib/active_support/broadcast_logger.rb:231:in `each'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/activesupport-7.2.2/lib/active_support/broadcast_logger.rb:231:in `dispatch'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/activesupport-7.2.2/lib/active_support/broadcast_logger.rb:130:in `warn'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/omniauth-2.1.2/lib/omniauth/authenticity_token_protection.rb:26:in `deny'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/rack-protection-3.2.0/lib/rack/protection/base.rb:57:in `react'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/omniauth-2.1.2/lib/omniauth/authenticity_token_protection.rb:18:in `call!'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/omniauth-2.1.2/lib/omniauth/authenticity_token_protection.rb:11:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/omniauth-2.1.2/lib/omniauth/strategy.rb:240:in `request_call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/omniauth-2.1.2/lib/omniauth/strategy.rb:193:in `call!'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/omniauth-2.1.2/lib/omniauth/strategy.rb:169:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/omniauth-2.1.2/lib/omniauth/builder.rb:44:in `call'
/var/www/discourse/lib/middleware/omniauth_bypass_middleware.rb:43:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/rack-2.2.10/lib/rack/tempfile_reaper.rb:15:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/rack-2.2.10/lib/rack/conditional_get.rb:40:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/rack-2.2.10/lib/rack/head.rb:12:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/actionpack-7.2.2/lib/action_dispatch/http/permissions_policy.rb:38:in `call'
/var/www/discourse/lib/content_security_policy/middleware.rb:12:in `call'
/var/www/discourse/lib/middleware/anonymous_cache.rb:399:in `call'
/var/www/discourse/lib/middleware/csp_script_nonce_injector.rb:12:in `call'
/var/www/discourse/config/initializers/008-rack-cors.rb:14:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/rack-2.2.10/lib/rack/session/abstract/id.rb:266:in `context'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/rack-2.2.10/lib/rack/session/abstract/id.rb:260:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/actionpack-7.2.2/lib/action_dispatch/middleware/cookies.rb:704:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/actionpack-7.2.2/lib/action_dispatch/middleware/callbacks.rb:31:in `block in call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/activesupport-7.2.2/lib/active_support/callbacks.rb:101:in `run_callbacks'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/actionpack-7.2.2/lib/action_dispatch/middleware/callbacks.rb:30:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/actionpack-7.2.2/lib/action_dispatch/middleware/debug_exceptions.rb:31:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/actionpack-7.2.2/lib/action_dispatch/middleware/show_exceptions.rb:32:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/logster-2.20.0/lib/logster/middleware/reporter.rb:40:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/railties-7.2.2/lib/rails/rack/logger.rb:41:in `call_app'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/railties-7.2.2/lib/rails/rack/logger.rb:29:in `call'
/var/www/discourse/config/initializers/100-quiet_logger.rb:20:in `call'
/var/www/discourse/config/initializers/100-silence_logger.rb:29:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/actionpack-7.2.2/lib/action_dispatch/middleware/request_id.rb:33:in `call'
/var/www/discourse/lib/middleware/enforce_hostname.rb:24:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/rack-2.2.10/lib/rack/method_override.rb:24:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/actionpack-7.2.2/lib/action_dispatch/middleware/executor.rb:16:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/rack-2.2.10/lib/rack/sendfile.rb:110:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/rack-mini-profiler-3.3.1/lib/mini_profiler.rb:191:in `call'
/var/www/discourse/lib/middleware/processing_request.rb:12:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/message_bus-4.3.8/lib/message_bus/rack/middleware.rb:60:in `call'
/var/www/discourse/lib/middleware/request_tracker.rb:360:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/actionpack-7.2.2/lib/action_dispatch/middleware/remote_ip.rb:96:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/railties-7.2.2/lib/rails/engine.rb:535:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/railties-7.2.2/lib/rails/railtie.rb:226:in `public_send'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/railties-7.2.2/lib/rails/railtie.rb:226:in `method_missing'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/rack-2.2.10/lib/rack/urlmap.rb:74:in `block in call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/rack-2.2.10/lib/rack/urlmap.rb:58:in `each'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/rack-2.2.10/lib/rack/urlmap.rb:58:in `call'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/unicorn-6.1.0/lib/unicorn/http_server.rb:634:in `process_client'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/unicorn-6.1.0/lib/unicorn/http_server.rb:739:in `worker_loop'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/unicorn-6.1.0/lib/unicorn/http_server.rb:547:in `spawn_missing_workers'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/unicorn-6.1.0/lib/unicorn/http_server.rb:143:in `start'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/unicorn-6.1.0/bin/unicorn:128:in `<top (required)>'
/var/www/discourse/vendor/bundle/ruby/3.3.0/bin/unicorn:25:in `load'
/var/www/discourse/vendor/bundle/ruby/3.3.0/bin/unicorn:25:in `<main>'

环境

HTTP HOSTS: six.imports.literatehosting.com

supermathie · 2024 年12 月 6 日 01:09

毫无疑问！

我不接触堆栈的这部分，所以我不知道……除非……

你是如何安装这个版本的？Discourse 锁定的版本是 1.9.2

这可能是一个不兼容问题。你在这里做了什么……不寻常……的事情吗？

pfaffman · 2024 年12 月 6 日 01:47

哇！你注意到了版本！

就是这样！（也许吧）

我运行了 apt update 来安装一些东西（vim，特别是用于导入的 tiny_tds。所以也许我升级的某些东西强制升级了 omniauth。

不。不是这样的。我删除了 Gemfile.lock，所以当我运行 bundle install 时，它升级了 omniauth？

所以，这可能不是一个烦恼，而是真的有助于找到新 omniauth 的问题。

我看看是否能重现它，也许通过升级 omniauth。也许只是删除 Gemfile.lock 并运行 bundle？

哦。也许这就是为什么设置 IMPORT=1 比我想象的更重要。

编辑：是的。这肯定是因为运行 bundle install 来添加用于导入的 tiny_tds。我经常不使用 IMPORT=1，因为它会导致其他问题。我会尝试确认是 Omni auth 升级导致了问题，但这似乎非常有可能。

supermathie · 2024 年12 月 6 日 02:55

你一这样做，整个东西就变得不受支持了。主要的 gem 版本升级需要进行测试，我并不惊讶你会遇到问题。

（据我所知）当我们进行导入时，我们会做必要的事情来获取数据，然后我们进行备份并将其恢复到一个干净的站点。

在其他条件相同的情况下，我会先尝试这样做。

pfaffman · 2024 年12 月 6 日 10:16

是的！感谢你注意到这个版本！

我不确定如何在不升级版本的情况下安装 tiny tds（也许 IMPORT=1 可以做到），但至少我现在有了一个解释。这也解释了为什么构建一个新容器可以解决问题。

非常感谢你注意到这一点。我都要疯了。

也许 be 版本有不同的参数或其他东西，所以它根本没有得到设置。

pfaffman · 2025 年1 月 5 日 10:17

此主题在上次回复后 30 天自动关闭。不再允许回复。

话题		回复	浏览量
Google Login Stopped Working after manual update Support	6	1007	2019 年4 月 7 日
Google login regression, possibly after recent changes Support social-auth	5	187	2025 年1 月 5 日
Discourse now stops loading at login dialog when viewed with any browser Installation	22	1274	2023 年1 月 29 日
Google Authentication Bug On Discourse Bug	5	1492	2016 年1 月 11 日
OAuth login with Google and Facebook not working Support	10	3132	2024 年6 月 8 日

由于 bundle install 引起的 Google 身份验证问题

相关话题