So I'm trying to get Google authentication to work with rails and devise. I followed this github setup and when the user gets redirected after a successful login I get this error:
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
I've literally tried every solution I can find online and nothing seems to work. I downloaded the new cert which is in /usr/local/etc/openssl/certs/cert.pem and this is in my devise.rb:
config.omniauth :google_oauth2, "92780849937-vk78tsfss43p1m9k95ijfhimi422hfh7.apps.googleusercontent.com", "oEM4yvhazRJBgL7ANtpVtpU5", { :client_options => {:ssl => {:ca_path => "/usr/local/etc/openssl/certs"}}}
I'm running ruby 2.1.0 and Rails 4.2.4
Is there something I'm missing? Maybe a different solution for this version of rails?
I added this to my application.rb so I can keep working but obviously its pretty horrible hahahaha
require 'openssl'
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
You can add the gem 'certified' to your Gemfile to fix this issue.
Check their Github page
And this SO question
Related
I’m using Rails 4.2.5 and I’m trying to enable authentication through Google to allow access to my application. I’m following the https://www.digitalocean.com/community/tutorials/how-to-configure-devise-and-omniauth-for-your-rails-application'>devise tutorial. I have added these gems
gem 'devise'
gem 'omniauth'
gem 'omniauth-digitalocean'
gem 'omniauth-google'
and likewise followed the other steps in the tutorial including adding google as an OAuth provider into my devise config in the config/initializers/devise.rb file …
config.omniauth :google, “myclientid”, “myclientsecret”
When I start and run my Rails server, I can see my sign up page at
http://localhost:3000/users/sign_in
and when I click “Sign in with Google”, which points at this URL — http://localhost:3000/users/auth/google, I get this error …
OAuth::Unauthorized
400 Bad Request
Extracted source (around line #216):
self.token_request(http_method, uri.path, token, request_options, arguments)
when (400..499)
raise OAuth::Unauthorized, response
else
response.error!
end
Anyone have any idea what I have overlooked?
I had the same issue.
The solution here worked for me.
Change from omniauth-google to omniauth-google-oauth2
Apologies if this has been answered already, but I'm going through the posts here and can't find something that works.
I've got Devise working with rails for authentication, and I'm trying to integrate OmniAuth for facebook. I'm getting the SSL error that has been posted about in the past.
My error:
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
I've been through the solutions for windows and none seem to work. I'm just trying to get this working in dev on a windows machine, so I'm willing to take unsecure shortcuts to get it up and running and then figure out what's necessary in production later on.
I'm using:
rails 3.2.2
warden 1.1.1
devise 2.0.4
faraday 0.7.6
oauth2 0.5.2
omniauth 1.0.3
omniauth-oauth2 1.0.0
omniauth-facebook 1.2.0
I've tried a couple different things in omniauth.rb:
omniauth.rb:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook, APP_ID, APP_SECRET, {client_options: {ssl: {ca_file: Rails.root.join('lib/assets/cacert.pem').to_s}}}
#provider :facebook, APP_ID, APP_SECRET, {:client_options => {:ssl => {:verify => false}}}
end
The second option (commented) is supposed to suppress ssl cert checking entirely, as far as I understand it. But that doesn't work - same error. With the first option, I downloaded the appropriate file and put it in by lib/assets directory, but that doesn't seem to work either.
Has something changed recently with this? Am I missing something obvious?
Looks like the way to do it is here:
https://gist.github.com/867550
Try following the instructions given in this link:
http://jimneath.org/2011/10/19/ruby-ssl-certificate-verify-failed.html
And you have to make this minor change in fix_ssl.rb at the end:
self.ca_file = Rails.root.join('lib/ca-bundle.crt').to_s
I hope this helps.
I am building an app that uses authlogic and requires authentication through Facebook through the Oauth2 framework. I thought this was going to be a piece of cake using the authlogic_oauth2 gem http://github.com/haraldmartin/authlogic_oauth2. However, after running bundle, my server nor any rails generators would work (as described here: Server won't start on using authlogic-oauth2).
I tried to run bundle install with the gem hosted by robdimarco like so:
gem 'authlogic_oauth2', :git => 'git:github.com/robdimarco/authlogic_oauth2.git'
But that threw up the error:
ssh: connect to host git port 22: Operation timed out
fatal: The remote end hung up unexpectedly
Is there no more support for oauth2 in authlogic? Or am I missing something obvious?
You need to use :git => 'git://github.com/robdimarco/authlogic_oauth2.git', not :git => 'git:github.com/robdimarco/authlogic_oauth2.git'.
(Typo at the beginning of the URL.)
I am trying to authenticate users with Facebook using OmniAuth. Initially, it was working, but along the way it just stopped working and started to give me this error message:
OpenSSL::SSL::SSLError SSL_connect
returned=1 errno=0 state=SSLv3 read
server certificate B: certificate
verify failed
The same code works well for Twitter and I can't seem to understand why it doesn't work for Facebook. I have looked online for help, but I haven't been successful.
This is the link to the website I am building: http://www.bestizz.com/
And this url would give you the error message: http://www.bestizz.com/auth/facebook
Ruby cannot find any root certificates. Here is an option for debugging purposes. Put following code at the begining of your script:
require 'openssl'
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
Add the following code to config/initializers/fix_ssl.rb
require 'open-uri'
require 'net/https'
module Net
class HTTP
alias_method :original_use_ssl=, :use_ssl=
def use_ssl=(flag)
self.ca_file = "/etc/pki/tls/certs/ca-bundle.crt" # for Centos/Redhat
self.verify_mode = OpenSSL::SSL::VERIFY_PEER
self.original_use_ssl = flag
end
end
end
Note:
Many operating systems already come with a supplied certificate bundle.
For example in Red Hat Enterprise Linux and CentOS it's installed in:
/etc/pki/tls/certs/ca-bundle.crt
For Ubuntu its at:
/etc/ssl/certs/ca-certificates.crt
I've been facing the same problem after updating Ruby running on Yosemite, but while trying to authenticate with Google.
Following this: https://toadle.me/2015/04/16/fixing-failing-ssl-verification-with-rvm.html seemed to solve my problem.
For the sake of history I'll quote:
So the rvm-installed ruby does look into the wrong directory for certificates whereas the OSX-ruby will look into the correct one. In it's case that is a OSX system-directory.
So the rvm-installed ruby is the problem.
This discussion on Github finally gave the solution: Somehow RVM comes with a precompiled version of ruby that is statically linked against an openssl that looks into /etc/openssl for it's certificates.
What you wanna do is NOT TO USE any of the precompiled rubies and rather have ruby compiled on your local machine, like so: rvm install 2.2.0 --disable-binary
In the end, I had to run:
rvm uninstall ruby-2.2.4
rvm install ruby-2.2.4 --disable-binary
gem pristine --all
Hope this helps
Looks like SSL verification is failing for Facebook. I'm no OpenSSL master, but I think this should work for you.
Assuming you're using an up-to-date version of OmniAuth (>= 0.2.2, I assume you are) and a version of Faraday >= 0.6.1 (the stack trace says you are), you can pass the location of your CA certificates bundle. Modify your OmniAuth setup for Facebook accordingly:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook, 'appid', 'appsecret', {:scope => 'publish_stream,email', :client_options => {:ssl => {:ca_path => '/etc/ssl/certs'}}}
# other providers...
end
and replace '/etc/ssl/certs' with the path to your bundle. If you need one, I believe this file will work for you--just put it somewhere, give it necessary permissions, and point your app at it.
Thanks to Alex Kremer at this SO answer for the detailed instructions.
This link should work. https://gist.github.com/fnichol/867550 Just follow the instructions. You will need to download Rails installer and run two command line functions.
Do this, this will get ride of the certificate error with openssl
sudo curl http://curl.haxx.se/ca/cacert.pem -o /opt/local/etc/openssl/cert.pem
An ugly workaround I just did is to override the class in Net::HTTP and set the variable which tells it to not verify ssl certs:
require 'net/http'
require 'openssl'
class Net::HTTP
alias_method :orig_connect, :connect
def connect
#ssl_context.verify_mode = OpenSSL::SSL::VERIFY_NONE
orig_connect
end
end
I did it this way because I don't want to muck with the source code of the gem which calls the gem which calls the gem which calls Net::HTTP. I should really go back and figure out how to nudge it to look at a separate cacert.pem file instead. I can't modify the server's cacert.pem file, or that would be the best route.
My application uses the OAuth2 gem (0.1.1) to connect to Facebook, and the ActiveMerchant gem (1.12.0) to connect to PayPal. Under what is the current Rails/Ruby distribution (3.0.5, 1.9.2), both of these gems throw the following OpenSSL::SSL::SSLError when used:
SSL_connect returned=1 errno=0
state=SSLv3 read server certificate
B: certificate verify failed
I did some digging, and found two patches. The first involves plugging this into my initializers folder as "faraday.rb" (http://bit.ly/hZqNwQ). The OAuth2 (Facebook) side of things does work with this patch. However, the ActiveMerchant (PayPal) code still throws the same SSL_connect error.
The second patch I've tried (unsuccessfully) is the 'always_verify_ssl_certificates' gem (http://bit.ly/dXmuUh). I did the following things: (1) gem 'always_verify_ssl_certificates' in the Gemfile (2) require 'always_verify_ssl_certificates' in the ApplicationController file. However, both OAuth2 (Facebook) and ActiveMerchant (PayPal) throw the following TypeError:
wrong argument (NilClass)! (Expected
kind of OpenSSL::SSL::SSLContext)
The links to my OAuth2 Facebook code AuthorizeController and my ActiveMerchant PayPal (PaymentsController as they stand now are in the comments below. This is after following the 2010 OAuth2 guide by Michael Bleigh and the 2008 Cody Fauser ActiveMerchant tutorial. Any help is greatly appreciated! I'm very confused at this point.
No need. After some painful Googling, putting the following into the ApplicationController fixes it. Hope this helps somebody! OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE