rgsoc-teams icon indicating copy to clipboard operation
rgsoc-teams copied to clipboard

Published 20 hours ago verified publisher icon rails-girls-summer-of-code

Application should catch problems with Github authentication

Open carpodaster opened this issue 10 years ago • 4 comments

if something bad happens on the GH-side (likely because the user didn't authorize the app) and Omniauth redirects back to our app, it (or Devise?) tries to redirect to new_session_path. We don't have that since we don't know how to login users other than through GH auth. Instead of a meaningful error ("We couldn't log you in, fix Github!" or something), the user gets a 500 Internal Server Error.

carpodaster avatar Apr 08 '15 18:04 carpodaster

Effect:

NoMethodError: undefined method `new_session_path' for

Caused by:

 OAuth2::Error: bad_verification_code: The code passed is incorrect or expired.
 error=bad_verification_code&error_description=The+code+passed+is+incorrect+or+expired.&error_uri=https%3A%2F%2Fdeveloper.github.com%2Fv3%2Foauth%2F%23bad-verification-code
   File "/app/vendor/bundle/ruby/2.2.0/gems/oauth2-0.9.3/lib/oauth2/client.rb", line 137, in get_token
   File "/app/vendor/bundle/ruby/2.2.0/gems/oauth2-0.9.3/lib/oauth2/strategy/auth_code.rb", line 29, in get_token
   File "/app/vendor/bundle/ruby/2.2.0/gems/omniauth-oauth2-1.1.2/lib/omniauth/strategies/oauth2.rb", line 93, in build_access_token
   File "/app/vendor/bundle/ruby/2.2.0/gems/omniauth-oauth2-1.1.2/lib/omniauth/strategies/oauth2.rb", line 75, in callback_phase

carpodaster avatar Apr 08 '15 21:04 carpodaster

Oooh. I want to add this to Team Cheesy's project plan. Looks like a great warmer-upper.

emcoding avatar Apr 12 '15 16:04 emcoding

I think I found how to show a "meaningfull error" when github auth errors occur.

But that won't solve the error regarding the new_session_path. While the underlying explanation you show above, is about a bad verification code: https://developer.github.com/v3/oauth/#bad-verification-code. I can't find that the bad verification code and the new_session_path thingy are related. Could it be 2 different issues?

emcoding avatar Jul 11 '15 20:07 emcoding

The new_session_path is a side-effect of devise's authentication chain. We don't have a new_session_path (not do we want to build one): it is meant as a fallback login mechanism (here: classic username+password). We only support GH authentication. To fix this error, we need to hook into devise's failure handling and intercept the GH callback error before devise tries to fallback to a traditional login.

carpodaster avatar Jul 12 '15 13:07 carpodaster