I recently forked https://github.com/fortuity/rails3-mongoid-omniauth and tried to get login working for different providers. It works for Twitter and Facebook (You can try it out at http://jgodse-omniauth-mongoid.heroku.com/), but I couldn't get it working for Github. The code snapshot is here at github.
My environment looks like this:
$ heroku info
=== jgodse-omniauth-mongoid
Web URL: http://jgodse-omniauth-mongoid.heroku.com/
Git Repo: git#heroku.com:jgodse-omniauth-mongoid.git
Dynos: 1
Workers: 0
Repo size: 7M
Slug size: 5M
Stack: bamboo-mri-1.9.2
Data size: (empty)
Addons: Basic Logging, MongoHQ MongoHQ Free, Shared Database 5MB
Owner: xxxxx#yyy.com
Jay#JAY-PC ~/rapps/rails3-mongoid-omniauth (master)
$ heroku config --long
BUNDLE_WITHOUT => development:test
DATABASE_URL => postgres://xxxxxxxxxxxxxxxxxxxx.compute-1.amazonaws.com/rrretnhwhj
FACEBOOK_APP_ID => xxxxxxxxxxxxxxxxxxxx
FACEBOOK_APP_SECRET => xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
GITHUB_CLIENT_ID => xxxxxxxxxxxxxxxxxxxxx
GITHUB_SECRET => xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
LANG => en_US.UTF-8
MONGOHQ_URL => mongodb://heroku:9xxxxxxxxxxxxxxxx.mongohq.com:27098/app527030
RACK_ENV => production
SHARED_DATABASE_URL => postgres://xxxxxxxxxxxxxxxxxxxxx.compute-1.amazonaws.com/rrretnhwhj
TWITTER_KEY => xxxxxxxxxxxxxxxxxxx
TWITTER_SECRET => xxxxxxxxxxxxxxxxxxxxxxxxxxxx
My github information for "OAuth Application: Jay's Rails3 Mongoid OAuth" is as follows (from my app profile page):
Authorization Token: https://github.com/login/oauth/authorize
Access Token URL: https://github.com/login/oauth/access_token
URL: http://jgodse-omniauth-mongoid.heroku.com/
Callback URL: http://jgodse-omniauth-mongoid.heroku.com/
Client ID: xxxxxxx
Secret: xxxxxxxxxxxxxxxx
The client and secret are set as environment variables in omniauth.rb
The authentication happens, but it redirects to http://jgodse-omniauth-mongoid.heroku.com/?error=redirect_uri_mismatch and I haven't apparently logged in. If I change the Callback URL to http://jgodse-omniauth-mongoid.heroku.com/callback, the application crashes.
What am I missing to get github authentication to work?
I don't fu%^&*g believe this.
I went to github.com where the application secret, key, url, callback is configured and removed the trailing slash from the "Callback URL" and "URL", and it worked.
URL: http://jgodse-omniauth-mongoid.heroku.com
Callback URL: http://jgodse-omniauth-mongoid.heroku.com
This is nuts! Twitter wants the trailing slash on the callback but Github does not. Github and twitter should allow both and then trim it automatically if needed.
Related
Rails 6
I created the credentials file, as follows:
EDITOR=vi rails credentials:edit
production:
mysql:
db: acme-production
user: deploy
password: xxxxxxxxxxxx
smartagent:
token: lnroftb7sgr8c7f1ogqvij24xl
test:
mysql:
db: acme-test
user: deploy
password: xxxxxxxxxxxx
smartagent:
token: lnroftb7sgr8c7f1ogqvij24xl
secret_key_base: xxxxxxxxxxxxxx
master.key is in the correct place (in the config folder, locally, and as an environment setting on the server).
I am having trouble with the smartagent token.
When I do:
rails c
and
Rails.application.credentials.dig(Rails.env.to_sym, :mysql, :db)
I get:
=> "acme-test"
However, when I do:
Rails.application.credentials.dig(Rails.env.to_sym, :smartagent, :token)
I get:
=> nil
Any idea why this might be happening?
Solution:
I deleted the credentials file, re-populated it, and restarted the Rails app. That fixed the problem, so this must have been either an indentation issue (spaces vs tabs), or that the server had not restarted properly, after earlier changes were made
After changing proxy settings in open_uri.rb and server_manage.rb I finally managed to install neo4j behind a proxy server. The neo4j server is running on port 7000 ( It opens in the browser) but when i enter :
$rails generate scaffold post title body
Error:
/.rvm/gems/ruby-2.2.3/gems/neo4j-core-5.1.6/lib/neo4j-server/cypher_session.rb:51:in `open': Server not available on http://localhost:7000 (response code 403) (RuntimeError)
What should I do ?
Any help is appreciated!!
$ ruby --version
ruby 2.2.3p173 (2015-08-18 revision 51636) [x86_64-linux]
$ rails --version
Rails 4.2.2
My guess - proxy issues. Things may behave differently in your browser and code (because those are 2 different environment).
To check what exactly is going on with your database, you should try to make request to Neo4j manually, from command line.
Example with using curl:
# if auth enabled
curl -i --user username:password http://localhost:7000/db/data/
# if auth disabled
curl -i http://localhost:7000/db/data/
This will give you more details on what exactly is not working.
Also you can assemble basic ruby script that will make HTTP request, to check what you receive in response in this case.
A 403 might mean that your Neo4j authentication credentials are wrong. See http://neo4jrb.readthedocs.org/en/5.1.x/Setup.html#rails-configuration for details but basically, adding something like this to application.rb might do the trick:
config.neo4j.session_options = { basic_auth: { username: 'foo', password: 'bar'} }
Also, since you mentioned needing help with the proxy, you can add an initialize key to set that.
init = { proxy: { uri: 'http://myproxy', user: 'username', password: 'password' }}
auth = { username: 'neo4j', password: 'pwhere'}
config.neo4j.session_options = { basic_auth: auth, initialize: init }
I am working on a basic grails app protected by OAuth2 authentication -- code here. It is nothing more than what spring-security and spring-security-oauth plugins have for a getting started app. In my bootstrap I have (as per getting started):
Role roleUser = new Role(authority: 'ROLE_USER').save(flush: true)
User user = new User(
username: 'user',
password: 'password',
enabled: true,
accountExpired: false,
accountLocked: false,
passwordExpired: false
).save(flush: true)
UserRole.create(user, roleUser, true)
new Client(
clientId: 'my-client',
authorizedGrantTypes: ['authorization_code', 'refresh_token', 'implicit', 'password', 'client_credentials'],
authorities: ['ROLE_CLIENT'],
scopes: ['read', 'write'],
redirectUris: ['http://example.com']
).save(flush: true)
I am trying to understand the OAuth login flow following the example flows listed in the documentation.
Whenever I try to authenticate using the "Resource Owner Password Credentials Grant" with this request:
$ curl -X POST -d "client_id=my-client" \
-d "grant_type=password" -d "username=user" \
-d "password=password" -d "scope=read" \
http://localhost:9090/grails-oauth-service/oauth/token
I get the following message:
{"error":"invalid_client","error_description":"Bad client credentials"}
What am I doing wrong? How would I (or my client) correctly make a single call to authenticate to the service?
It's amazing what sleep can do to solve a problem. Came in ready to recreate the whole setup figuring I messed something up following the getting started guides.
Started from the plugin download page and looked at the latest plugin version:
spring-security-oauth2-provider:2.0-RC5
and checked that against my app where for some reason I had
spring-security-oauth2-provider:2.0-RC3
I upgraded the plugin, re-ran the s2-init-oauth2-provider script, fired it up and the curl post above WORKED! Glancing through the change log for RC-5 I see
Resolve minor problems affecting stateless access of OAuth 2.0 resources
So basically I was running into a bug with that version of the oauth provider plugin. Fun times.
I am using GitLab Omnibus 7.10.0 on RHEL 6.6. I have enabled LDAP using the following configuration:
gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' # remember to close this block with 'EOS' below
main: # 'main' is the GitLab 'provider ID' of this LDAP server
label: 'FOO COM Active Directory (LDAP)'
host: 'ad.server.foo.com'
port: 3268
uid: 'someuser'
method: 'plain' # "tls" or "ssl" or "plain"
bind_dn: 'CN=My Whole. Name,OU=Some Users,DC=ad,DC=server,DC=foo,DC=com'
password: 'thepassword'
active_directory: true
allow_username_or_email_login: false
block_auto_created_users: false
base: 'DC=ad,DC=server,DC=foo,DC=com'
user_filter: ''
# ## EE only
# group_base: ''
# admin_group: ''
# sync_ssh_keys: false
#
# secondary: # NOT FILLED OUT
EOS
My problem is that I can't get users to authenticate via LDAP. I'm not sure if the configuration is wrong, or I need to do something on the server side (which I have no direct access to). When I run
gitlab-rake gitlab:ldap:check RAILS_ENV=production
I get this
Checking LDAP ...
LDAP users with access to your GitLab server (only showing the first 100 results)
Server: ldapmain
Checking LDAP ... Finished
I can search for individual users using java with this account (my personal account) or another account for a different application, but can't get AD working with gitlab. I got the bind_dn "My Whole. Name" by running this command on a Windows box.
gpresult -r
I have also tried a bind_dn of:
uid=myADaccountname,OU=Some Users,DC=ad,DC=server,DC=foo,DC=com
and
myADaccountname#ad.server.foo.com
but I still have the same problem.
For Active Directory, the uid should be:
uid: 'sAMAccountName'
Gitlab should connect using the user specified in the bind_dn, with the given password.
Since GitLab 9.5.1 the uid now requires [ ]
See this issue: https://gitlab.com/gitlab-org/gitlab-ce/issues/37120
This might just be a bug which will be fixed.
I had to update the value for Active Directory from the answer above to:
uid: ['sAMAccountName']
I'm trying to get my refinery cms image storage to Amazon s3 and I'm following this guide:
http://refinerycms.com/guides/how-to-use-amazon-s3-for-storage
But I'm blocked here:
There are a number of ways to set
these with your credentials, including
unix variables or settings them
manually through Ruby using ENV.
How do I define these credentials. Do I put something like :S3_KEY =>
"my_key" in my environments.rb file? I tried this and it didn't work.
I also tried this:
AWS::S3::Base.establish_connection!(
:access_key_id => ENV['S3_KEY'] || 'key_goes_here',
:secret_access_key => ENV['S3_SECRET'] || 's3_secret_key_here',
)
Can't figure out how to do this. Any ideas are greatly appreciated.
The safest way is to specify them as environment variables, so they aren't included in your source code. If you're the only one with access to the source, then specifying them as you describe should work.
You can specify them in your ~/.bashrc
export S3_KEY=mykey
export S3_SECRET=mysecret
Or if you're just testing locally you can prepend them to your rails command.
$ S3_KEY=mykey S3_SECRET=mysecret rails server
If you don't want to/can't use environment variables, another method is to use an initializer to load credentials from a yml file: config/initializers/s3_credentials.rb
# Load AWS::S3 configuration values
#
S3_CREDENTIALS = \
YAML.load_file(File.join(Rails.root, 'config/s3_credentials.yml'))[Rails.env]
# Set the AWS::S3 configuration
#
AWS::S3::Base.establish_connection! S3_CREDENTIALS['connection']
config/s3_credentials.yml
development: &defaults
connection:
:access_key_id: AAAAAA_your-key-here
:secret_access_key: 4rpsi235js_your-secret-here
:use_ssl: true
bucket: project-development
acl: public-read
production:
<<: *defaults
bucket: project