ruby_native 0.1.6 → 0.1.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/ruby_native/oauth_middleware.rb +29 -8
- data/lib/ruby_native/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d9b49c97d0f100aa8dc0964d9701187edaa62441f0a1c8d0049233ce8b5fa3c2
|
|
4
|
+
data.tar.gz: b5cce869ec41fda99a9ec98f8b7e930a3b410fadc0103dba4392a75e339ae51b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: bd3606567a7f826d197e947c5f059fe25ecd31be3a90f0b04f97c9c694bba417fac707419a7bbc20fe2c40a73d648ef4c35052b834c1ac31c927edcb86f7e996
|
|
7
|
+
data.tar.gz: 6c349b9fa7c260c6b49f2e0af984b7ef8ee1c2bcedf4fb9ce87f1634d7f1fdb0dbc948e698c909a1bdc812603979732b34e760ff470a0e6ac2adfbad67d8c7ca
|
|
@@ -8,12 +8,17 @@ module RubyNative
|
|
|
8
8
|
|
|
9
9
|
def call(env)
|
|
10
10
|
request = ActionDispatch::Request.new(env)
|
|
11
|
-
|
|
12
|
-
|
|
11
|
+
on_oauth_path = oauth_path?(request)
|
|
12
|
+
started_native_oauth = on_oauth_path && request.params["ruby_native"] == "1"
|
|
13
|
+
callback_scheme = request.params["callback_scheme"] if started_native_oauth
|
|
13
14
|
|
|
14
15
|
status, headers, body = @app.call(env)
|
|
15
16
|
|
|
16
|
-
if
|
|
17
|
+
if on_oauth_path && redirect?(status)
|
|
18
|
+
relax_cookie_samesite!(headers)
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
if started_native_oauth && callback_scheme.present? && redirect?(status)
|
|
17
22
|
Rails.logger.debug { "[RubyNative] OAuth started for #{request.path}, setting tracking cookie" }
|
|
18
23
|
set_cookie(headers, callback_scheme)
|
|
19
24
|
end
|
|
@@ -65,9 +70,8 @@ module RubyNative
|
|
|
65
70
|
|
|
66
71
|
private
|
|
67
72
|
|
|
68
|
-
def
|
|
69
|
-
|
|
70
|
-
request.params["ruby_native"] == "1"
|
|
73
|
+
def oauth_path?(request)
|
|
74
|
+
oauth_paths.any? { |p| request.path == p }
|
|
71
75
|
end
|
|
72
76
|
|
|
73
77
|
def set_cookie(headers, callback_scheme)
|
|
@@ -76,8 +80,8 @@ module RubyNative
|
|
|
76
80
|
value: signed,
|
|
77
81
|
path: "/",
|
|
78
82
|
httponly: true,
|
|
79
|
-
secure:
|
|
80
|
-
same_site: :
|
|
83
|
+
secure: true,
|
|
84
|
+
same_site: :none,
|
|
81
85
|
max_age: 300
|
|
82
86
|
})
|
|
83
87
|
end
|
|
@@ -102,6 +106,23 @@ module RubyNative
|
|
|
102
106
|
)
|
|
103
107
|
end
|
|
104
108
|
|
|
109
|
+
# Apple Sign In uses form_post (a cross-origin POST callback).
|
|
110
|
+
# SameSite=Lax cookies are not sent on cross-origin POSTs, which
|
|
111
|
+
# breaks OmniAuth's state verification. Relax existing cookies
|
|
112
|
+
# to SameSite=None so the session cookie survives Apple's callback.
|
|
113
|
+
def relax_cookie_samesite!(headers)
|
|
114
|
+
raw = headers["set-cookie"]
|
|
115
|
+
return unless raw
|
|
116
|
+
|
|
117
|
+
cookies = raw.is_a?(Array) ? raw : raw.split("\n")
|
|
118
|
+
headers["set-cookie"] = cookies.map { |cookie|
|
|
119
|
+
next cookie unless cookie.match?(/SameSite=Lax/i)
|
|
120
|
+
cookie.gsub(/SameSite=Lax/i, "SameSite=None").then { |c|
|
|
121
|
+
c.include?("Secure") ? c : "#{c}; Secure"
|
|
122
|
+
}
|
|
123
|
+
}.join("\n")
|
|
124
|
+
end
|
|
125
|
+
|
|
105
126
|
def redirect?(status)
|
|
106
127
|
(300..399).cover?(status)
|
|
107
128
|
end
|
data/lib/ruby_native/version.rb
CHANGED