I've got a Rail 4 app with Devise.
I'm trying to configure OmniAuth to use our corporate Ping OpenID Connect IdP.
It appears that I have to write an OmniAuth strategy in Rack Middleware.
I took the 'omniauth-digitalocean' gem (which has their strategy) and carefully replaced all references of 'digitalocean' with another name. I was careful to respect all case to conform to convention.
The problem I'm having now is that I appear to have a private gem.
I added it to my Gemfile with:
gem 'omniauth-private', :path => "/var/lib/gems/2.0.0/gems/omniauth-private-0.1.0"
I get no errors when I run 'bundle install'.
I was getting this error with 'rake db:migrate':
fatal: Not a git repository (or any of the parent directories): .git
I believe this was caused by a .gitignore file in my custom gem.
I deleted the .gitignore file and now I'm getting:
Devise::OmniAuth::StrategyNotFound: Could not find a strategy with name `Private'. Please ensure it is required or explicitly set it using the :strategy_class option.
This is the same error message I was getting before I figure out I needed to write n Omniuth strategy, so I think it means my gem is not being recognized.
So I'm not sure exactly what's going on. I think I'm struggling with this private gem. But it could be an OmniAuth problem too.
Anyone ever gotten a private OpenID Connect IdP working with OmniAuth?
I had the same "Could not find a strategy with the name..." with my custom Omniauth OAuth2 strategy.
I created a custom strategy as per these instructions https://github.com/intridea/omniauth-oauth2, and saved my file in config/initializers - this then loads the module on ruby boot.
I feel that I should be able to store this in the lib/ folder, but can't work out what the filename or folder structure should be!
You need to add:
require 'strategies/private'
to the top of config/devise.rb. This points to your strategy file at /lib/strategies/private.rb
The "fatal" error about "Not a git repo" comes from the fact that gems use 'git ls'. Just running "git init" should fix it. I did that and then committed to github.
"Could not find a strategy with the name..." error is fixed by loading the custom gem properly. I did that by adding this line to my Gemfile:
gem 'omniauth-private', :path => "/var/lib/gems/2.0.0/gems/omniauth-private-0.1.0
In your devise/initializers file check and make sure you have the correct name
of the auth you want to configure example:
config.omniauth :facebook, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo'
config.omniauth :private, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo'
config.omniauth :github, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo'
Related
I am trying to run omniauth. I have my initializer as follows:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :coinbase, ENV['CLIENT_ID'], ENV['CLIENT_SECRET'], scope: 'wallet:user:read wallet:user:email wallet:accounts:read'
end
with my client ID and secret saved in my .env file. When I boot my server, however, both of these variables are listed as nil. I can get the procedure to work when it is hard coded, but this is obviously not a good practice. How can I get the variables from my .env file into my initializer?
Problem was solved by leveraging the dotenv gem and following the instructions in the readme
So i am trying to set up uploading of files in my production environment. I am currently using CarrierWave along with Fog-Google. I have no issues storing files locally as i do not use Fog for development. However i am currently trying to test out the file uploading functionality in production, but i cannot even push my app up to Heroku.
Here's a snippet of the error i'm receiving when attempting to push to Heroku.
[fog][WARNING] Unrecognized arguments: google_storage_secret_access_key_id, google_storage_secret_access_key
rake aborted!
ArgumentError: Invalid keyfile or passphrase
Now i am relatively new to setting up ENV secret ids and all of that. So instead i'll just say what i know and what i have done just to be sure that i did everything correctly.
So as i am currently using Cloud9 IDE, in my .bashrc file i have
export GOOGLE_STORAGE_ACCESS_KEY_ID=XXXXX
export GOOGLE_STORAGE_SECRET_ACCESS_KEY=XXXXX
export GOOGLE_STORAGE_BUCKET_NAME=XXXXX
In my /config/initializers/carrierwave.rb
require 'carrierwave'
CarrierWave.configure do |config|
config.fog_provider = 'fog/google' # required
config.fog_credentials = {
provider: 'Google',
google_storage_access_key_id: ENV['GOOGLE_STORAGE_ACCESS_KEY_ID'],
google_storage_secret_access_key: ENV['GOOGLE_STORAGE_SECRET_ACCESS_KEY']
}
config.fog_directory = ENV['GOOGLE_STORAGE_BUCKET_NAME']
end
and in my /config/initializers/fog.rb
GoogleStorage = Fog::Storage.new(
provider: 'Google',
google_project: 'XXXX',
google_client_email: 'XXXXXX',
google_key_location: Rails.root.join('private','google-cloud-service-key.p12'),
google_storage_secret_access_key_id: ENV["GOOGLE_STORAGE_SECRET_ACCESS_KEY_ID"],
google_storage_secret_access_key: ENV["GOOGLE_STORAGE_SECRET_ACCESS_KEY"]
)
Like mentioned i am actually quite new to all of these so i've tried my best in following the documentation on both Fog and CarrierWave's github page.
As far as i know i should use .bashrc to store my secret keys etc and then call on them using ENV['SECRET_KEY_NAME'] method. I've set up both the CarrierWave.rb and Fog.rb files in the initializer folder so i'm not quite sure what i'm missing as well.
Additionally i have also tried doing heroku config:set GOOGLE_STORAGE_SECRET_ACCESS_KEY_ID=XXXXXX but that didn't seem to work as well.
I'm not quite sure what to do now and what may be causing the error when attempting to push to Heroku, much less whether any of this is even working in production.
EDIT:
I think the error is largely from the fog.rb file. So i amended it to the following:
GoogleStorage = Fog::Storage::Google.new(
google_project: 'XXX',
google_client_email: 'XXX',
google_json_key_location: '~/.fog/XXXX.json'
)
And now when i try pushing to Heroku the error i get instead is
Errno::ENOENT: No such file or directory # rb_sysopen - /app/.fog/XXX.json
Just to share, i created a .fog folder under the ~ directory. Inside the .fog folder i added in the Private JSON key.
All help and advice would be greatly appreciated. Thank you!
So i've solved the problem and managed to successfully push my code to Heroku.
[Kindly note that this does not mean it functions perfectly in production, it just means i am now able to push to Heroku without any errors]
So there were 2 main errors.
1) Not including my Private Key JSON file in my app.
2) Error in the config/initializers/fog.rb file
To solve the first issue, i created a .fog folder in my App and added in my Private Key JSON file which was from Google's Cloud Platform.
Next i amended the code in config/initializers/fog.rb to:
GoogleStorage = Fog::Storage::Google.new(
:google_project => 'XXXX',
:google_client_email => 'XXXXX',
:google_json_key_location => Rails.root.join('.fog/XXXX'),
:google_storage_access_key_id => ENV['GOOGLE_STORAGE_ACCESS_KEY_ID'],
:google_storage_secret_access_key => ENV['GOOGLE_STORAGE_SECRET_ACCESS_KEY']
)
I was then able to successfully push my code to Heroku.
I am trying to write a script in my Rails 4.2 application that will send an email using the Amazon SES API using the Ruby SDK version 1. For compatibility reasons with other gems, I need to use Version 1.
The problem that I am experiencing is that when I load the console with rails c I am able to execute these methods perfectly:
ses = AWS::SimpleEmailService.new
ses.identities.map(&:identity)
ses.send_email(.......)
so on and so forth. However, my script/amazon_ses.rb file seems to fail when I try to execute it and I'm not sure why that is.
Here is my initializer file:
ActionMailer::Base.add_delivery_method :amazon_ses,
AWS::SimpleEmailService,
access_key_id: ENV['AWS_ACCESS_KEY_ID'],
secret_access_key: ENV['AWS_SECRET_ACCESS_KEY'],
region: 'email.us-east-1.amazonaws.com',
server: 'email.us-east-1.amazonaws.com'
This is my script/amazon_ses.rb file:
require 'aws-sdk-v1'
ses = AWS::SimpleEmailService.new
identity = ses.identities.map(&:identity)
ses.send_email(.......code.....)
rescue in block in define_attribute_getter': unable to find the identity (AWS::Core::Resource::NotFound)
I'm not sure what to make of this but I have the feeling that Core::Resource is not being loaded, inherited, included etc. Has anyone encounted this problem before?
try adding
require File.expand_path('../../config/environment', __FILE__)
to the top of your script. This will pull in your rails environment.
or without adding the above try
bin/rails runner script/amazon_ses.rb
This question already has answers here:
SSL Error When installing rubygems, Unable to pull data from 'https://rubygems.org/
(26 answers)
Closed 8 years ago.
I'm trying to authenticate a user via Facebook or Twitter, get them to fill out their information, and then click save (thus creating a user record). I'm getting an OpenSSL error on that final step -- after clicking save. This happens at the Devise RegistrationsController#create method.
So I'm getting this error in my Rails application, hosted on Heroku:
2012-07-28T18:25:13+00:00 app[web.1]: OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed)
I've seen plenty of solutions, none of them work. Here are some things I've tried:
1) Installing the certified gem
2) Upgrading the Heroku gem to v2.30, pushing again
3) This:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :twitter, TWITTER_KEY, TWITTER_SECRET, {:client_options => {:ssl => {:ca_file => "/usr/lib/ssl/certs/ca-certificates.crt"}}}
provider :facebook, FACEBOOK_KEY, FACEBOOK_SECRET, {:scope => "publish_actions,user_location,email", :client_options => {:ssl => {:ca_file => "/usr/lib/ssl/certs/ca-certificates.crt"}}}
end
It seems like one problem could be that this cert file doesn't actually exist -- I've seen it in several places, and it seems like that is the default path to the ca_cert file for Heroku, but I could be wrong.
Oddly enough, this is happening after I've already authenticated via FB/Twitter, and am trying to create a user's account. Why would this be, and how can I solve/debug this? Sincerely confused.
Update: I added this line to the Omniauth initializer, and now it "works". Thus I've diagnosed the problem is with Omniauth. However, I'd like to still have the SSL verification... this obviously leaves a security gap.
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
After some searching here is what I found:
If you’re using Ruby to open connections to an external server over https, eg. the Facebook Graph API, you may run into the following error:
OpenSSL::SSL::SSLError:SSL_connectreturned=1errno=0state=SSLv3readservercertificateB:certificateverifyfailed
This error is due to Ruby not being able to find the certification authority certificates (CA Certs) used to verify the authenticity of secured web servers. The solution is to download the this ca-bundle.crt into your application’s lib/ directory:
Then add the following code to config/initializers/fix_ssl.rb:
require 'open-uri'
require 'net/https'
module Net
class HTTP
alias_method :original_use_ssl=, :use_ssl=
def use_ssl=(flag)
self.ca_file = Rails.root.join('lib/ca-bundle.crt').to_s
self.verify_mode = OpenSSL::SSL::VERIFY_PEER
self.original_use_ssl = flag
end
end
end
This should force ruby to use the CA bundle from your application’s lib/ directory.
Taken from: http://jimneath.org/2011/10/19/ruby-ssl-certificate-verify-failed.html
UPDATE:
You may need to use self.ca_path= instead of self.ca_file= depending on your system.
It sounds like you've got the right openssl configuration in OmniAuth, but perhaps your CA certs path isn't correct?
You can check that on your heroku servers by running:
heroku run bash
... and then running openssl to display the proper path:
$ openssl version -a
OpenSSL 1.0.0e 6 Sep 2011
OPENSSLDIR: "/usr/lib/ssl"
... You should find the ca_certificates.crt file at $OPENSSLDIR/certs/ca-certificates.crt
I would confirm that path an update your code to match.
I am trying to use signet for OAuth to Google services. And get this error:
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
Following these questions:
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
OmniAuth & Facebook: certificate verify failed
Seems the solution is either to fix ca_path or to set VERIFY_NONE for SSL.
The ca_path fix posted only works on Linux (port install) and the fix for VERIFY_NONE seems to be for faraday.
Is there a solution for Windows/signet gem?
Actually the best way I found to solve this in windows for Ruby itself, not just one gem, is to do the following:
Download https://curl.haxx.se/ca/cacert.pem into c:\railsinstaller\cacert.pem. Make sure you save it as a .pem file, rather than a text file.
Go to your Computer -> Advanced Settings -> Environment Variables
Create a new System Variable:
Variable: SSL_CERT_FILE
Value: C:\RailsInstaller\cacert.pem
Close all your command prompts, including your Rails server command prompt, etc.
Start a new ruby irb prompt, and try the following:
$irb>require 'open-uri'
$irb>open('https://www.gmail.com')
It should all work now just fine.
Solution for Windows, which I cobbled together from a few different answers:
Download https://curl.haxx.se/ca/cacert.pem and put it in YOUR_APP/lib/assets (or wherever)
In config/initializers/omniauth.rb:
#config/initializers/omniauth.rb
Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook, CUSTOMER_KEY, CUSTOMER_SECRET, {client_options: {ssl: {ca_file: Rails.root.join('lib/assets/cacert.pem').to_s}}}
end
Obviously, restart your server.
Footnotes:
You might be able to cut out a lot of the unnecessary certificates in the cacert.pem file to reduce the size. If you only need this solution for development, you could save the file outside of your project and do a if Rails.env.development? _provider line with the client_options hash_ else _provider line without client_options hash_ end
After too much searching and wasted time, I found a very simple solution to fix this issue in Ruby with Windows.
Two simple steps:
In command prompt write: C:\gem install certified
In your rb file add: require 'certified'
That's it.
Updating the rubygems package management framework solved this issue for me on Windows 7.
https://rubygems.org/pages/download
gem update --system # may need to be administrator or root
yes, I've set the omniouth.rb file in the initializers folder to this:
provider :facebook, FACEBOOK_KEY, FACEBOOK_SECRET, {:client_options => {:ssl => {:verify => false}}}
and this seems to work fine now. But don't use this for production.
Using the http:// URL instead of https:// make this easier to you
Change the gem source to http://rubygems.org/ by using the following line of command on your ruby command line
gem sources -a http://rubygems.org/
Adding onto DevDude's solution, but using Windows Powershell:
Download http://curl.haxx.se/ca/cacert.pem into c:\railsinstaller\cacert.pem
At the powershell prompt:
$env:SSL_CERT_FILE = 'c:\RailsInstaller\cacert.pem'
I was then able to run gem update successfully
Note: you can simply define that environment variable in your profile notepad $profile
Go to the rubygems-update download page: https://rubygems.org/gems/rubygems-update
Click on the Download link, and you'll download a file called rubygems-update-2.6.7.gem. At the command line, navigate to the directory you downloaded the .gem file to and type:
gem install rubygems-update-2.6.7.gem
(or whatever the filename was, if a newer version)
Then type:
update_rubygems
You can verify it's updated with:
gem --version
I had this error whilst trying to setup rails 5 on a windows machine, turns out I had to update the rubygem version to 2.6.7 and then it worked.
step 1 download rubygem from below
https://rubygems.org/downloads/rubygems-update-2.6.7.gem
step 2 - install by pointing to downloaded rubygems
gem install --local C:\rubygems-update-2.6.7.gem
step 3 - check new version is 2.6.7
gem --version
step 4 - now safely un-install rubygems-update gem
gem uninstall rubygems-update -x
step 5 tried to install rails 5 again
gem install rails --version 5.0.0
worked like a charm!
I got info from:
http://guides.rubygems.org/ssl-certificate-update/#installing-using-update-packages
I was able to eliminate the PATH or SYSTEM VARIABLE setting mentioned above by importing the certificate as a Trusted Authority.
Invoke certmgr.msc
Right-click the Trusted Root Certificate Authority folder.
Select "All Tasks"
Select "Import"
Select All Files in file type dropdown and select the cacert.pem file.
You should receive a message "Import Successful"
I believe the correct answer is to update your gem installer: rubygems-update. The explanation for why this is needed is found at: Ssl Certificate Updates
save your cacert.pmp file from https://curl.haxx.se/ca/cacert.pem and then add this file to location yourruby-installation folder\lib\ruby\2.3.0\rubygems\ssl_certs
for example:C:\Ruby23\lib\ruby\2.3.0\rubygems\ssl_certs
This helped me:
https://coderwall.com/p/ubl6iw/fix-ssl_connect-returned-1-errno-0-state-sslv3-read-server-certificate-b-certificate-verify-failed-openssl-ssl-sslerror
My ruby on rails project is posting data to an api internally, and it cannot verify the internal certificate.
These lines helped:
require 'https'
http = Net::HTTP.new('example.com', 443)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
http.cert_store = OpenSSL::X509::Store.new
http.cert_store.set_default_paths
http.cert_store.add_file('/path/to/internal.cert.pem')
Hope this can help.
I was also facing this issue when I installed older ruby versions. When I installed the latest Ruby version this problem went away. So basically the SSL certificate needed to be updated.
For people who are using rails 4.
Add this in devise.rb
require "omniauth-google-oauth2"
config.omniauth :google_oauth2, "CLIENT_ID", "CLIENT_SECRET", { access_type: "offline", approval_prompt: "", :client_options => {:ssl => {:verify => false}} }