RubyGems - rails_simple_auth - Versions diffs - 1.0.8 → 1.0.10 - Mend

rails_simple_auth 1.0.8 → 1.0.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +12 -0
data/app/controllers/rails_simple_auth/omniauth_callbacks_controller.rb +11 -0
data/lib/rails_simple_auth/engine.rb +3 -0
data/lib/rails_simple_auth/version.rb +1 -1
metadata +1 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c725500a464716b536ca185da3cb3c5cd4fafc0f4953336e67b1cbaa51fad2ee
-  data.tar.gz: aba285ded6dfdbfd51385f0d82ae5c61e1862d957c57a1ee38a481d15f4b57f9
+  metadata.gz: 5e3b095ff64262301ce80addfe5b6a2bcd05c3356bd36cd3cb0ba545ac78bccb
+  data.tar.gz: f076015e2bb501c1590eff06f722ae8d18a0dbcb307dd31ab934851abd45c83b
 SHA512:
-  metadata.gz: ee180cbc6a661d5dc4e7bc8ff77f33fad7907a4e0ae7dd94382e110e3855306e8eedadfef4d0013fa2296c9011c3a4b43abdb9072eb62de8d364ffa0c2e9824b
-  data.tar.gz: 2c87bee543511aa70ce9cf0186dafe97d7baa5d1afc56bbc5cebba8be9da197d85e51b61a3cd9e1dee588f11b10693d9029dfb53d989df86c6bb3bd3a27ae910
+  metadata.gz: de19631e5a5e5f3db9792591442e53bdc29ae7cfc32fb877e2091256d499207d7d363bfa36fa6fbab33172153ca208077ed8bb7d9a0bc97c933877fdd6edfa7f
+  data.tar.gz: 95e036ece7c8518c326257e018b19b691c1dfe79f0785d562284dae2dc4ba67d28e9f4e962b3d4da0b0ffc5eac672aa8c53f1b8ba6628de9a85b041f65ee52e4

data/CHANGELOG.md CHANGED Viewed

@@ -7,6 +7,18 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [Unreleased]
+## [1.0.10] - 2026-01-19
+### Fixed
+- **OAuth authenticity token error** - Disabled OmniAuth's `AuthenticityTokenProtection` which was blocking OAuth requests even with valid CSRF tokens. POST-only enforcement already prevents CSRF attacks.
+## [1.0.9] - 2026-01-19
+### Added
+- **OAuth failure logging** - Logs error type, strategy, and error message when OAuth fails to help debug authentication issues
 ## [1.0.8] - 2026-01-19
 ### Fixed

data/app/controllers/rails_simple_auth/omniauth_callbacks_controller.rb CHANGED Viewed

@@ -28,6 +28,17 @@ module RailsSimpleAuth
     end
     def failure
+      error = request.env['omniauth.error']
+      error_type = request.env['omniauth.error.type']
+      strategy = request.env['omniauth.error.strategy']&.name
+      Rails.logger.error(
+        "[RailsSimpleAuth] OAuth failure: " \
+        "type=#{error_type.inspect}, " \
+        "strategy=#{strategy.inspect}, " \
+        "error=#{error&.message.inspect}"
+      )
       redirect_to new_session_path, alert: 'Authentication failed. Please try again.'
     end
   end

data/lib/rails_simple_auth/engine.rb CHANGED Viewed

@@ -24,9 +24,12 @@ module RailsSimpleAuth
     end
     # Secure OmniAuth by default - only allow POST to initiate OAuth (prevents CSRF)
+    # Disable OmniAuth's authenticity token protection since POST-only already prevents CSRF
+    # and Rails handles CSRF protection at the application level
     initializer 'rails_simple_auth.omniauth', after: :load_config_initializers do
       if defined?(OmniAuth)
         OmniAuth.config.allowed_request_methods = %i[post]
+        OmniAuth.config.request_validation_phase = nil
       end
     end
   end

data/lib/rails_simple_auth/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module RailsSimpleAuth
-  VERSION = '1.0.8'
+  VERSION = '1.0.10'
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rails_simple_auth
 version: !ruby/object:Gem::Version
-  version: 1.0.8
+  version: 1.0.10
 platform: ruby
 authors:
 - Ivan Kuznetsov