そのため、まず、あまり意味のない CSRF エラーが発生しました。omniauth のコールバック フェーズで失敗していました。
Started GET "/auth/lightspeed" for 127.0.0.1 at 2015-12-02 14:48:32 +1100
I, [2015-12-02T14:48:32.949808 #32768] INFO -- omniauth: (lightspeed) Request phase initiated.
Started GET "/auth/lightspeed/callback?code=b8cb8bcc6f741f2f919e3924e0dc3c648f67d129&state=457c2b3ab0917bdc88180edf1fdc8be63c1011b0a9939a7e" for 127.0.0.1 at 2015-12-02 14:48:44 +1100
I, [2015-12-02T14:48:44.254381 #32768] INFO -- omniauth: (lightspeed) Callback phase initiated.
E, [2015-12-02T14:48:44.254727 #32768] ERROR -- omniauth: (lightspeed) Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected
E, [2015-12-02T14:48:44.255305 #32768] ERROR -- omniauth: (lightspeed) Authentication failure! invalid_credentials: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected
[Rollbar] Reporting exception: csrf_detected | CSRF detected
[Rollbar] Exception not reported because Rollbar is disabled
OmniAuth::Strategies::OAuth2::CallbackError - csrf_detected | CSRF detected:
omniauth (1.2.2) lib/omniauth/failure_endpoint.rb:25:in `raise_out!'
omniauth (1.2.2) lib/omniauth/failure_endpoint.rb:20:in `call'
omniauth (1.2.2) lib/omniauth/failure_endpoint.rb:12:in `call'
omniauth (1.2.2) lib/omniauth/strategy.rb:475:in `fail!'
omniauth-oauth2 (1.3.1) lib/omniauth/strategies/oauth2.rb:75:in `callback_phase'
omniauth (1.2.2) lib/omniauth/strategy.rb:227:in `callback_call'
omniauth (1.2.2) lib/omniauth/strategy.rb:184:in `call!'
omniauth (1.2.2) lib/omniauth/strategy.rb:164:in `call'
omniauth (1.2.2) lib/omniauth/builder.rb:59:in `call'
rack (1.6.4) lib/rack/etag.rb:24:in `call'
rack (1.6.4) lib/rack/conditionalget.rb:25:in `call'
rack (1.6.4) lib/rack/head.rb:13:in `call'
actionpack (4.2.3) lib/action_dispatch/middleware/params_parser.rb:27:in `call'
actionpack (4.2.3) lib/action_dispatch/middleware/flash.rb:260:in `call'
rack (1.6.4) lib/rack/session/abstract/id.rb:225:in `context'
rack (1.6.4) lib/rack/session/abstract/id.rb:220:in `call'
actionpack (4.2.3) lib/action_dispatch/middleware/cookies.rb:560:in `call'
activerecord (4.2.3) lib/active_record/query_cache.rb:36:in `call'
activerecord (4.2.3) lib/active_record/connection_adapters/abstract/connection_pool.rb:653:in `call'
activerecord (4.2.3) lib/active_record/migration.rb:377:in `call'
actionpack (4.2.3) lib/action_dispatch/middleware/callbacks.rb:29:in `block in call'
activesupport (4.2.3) lib/active_support/callbacks.rb:84:in `run_callbacks'
actionpack (4.2.3) lib/action_dispatch/middleware/callbacks.rb:27:in `call'
actionpack (4.2.3) lib/action_dispatch/middleware/reloader.rb:73:in `call'
actionpack (4.2.3) lib/action_dispatch/middleware/remote_ip.rb:78:in `call'
rollbar (1.5.3) lib/rollbar/middleware/rails/rollbar.rb:24:in `block in call'
rollbar (1.5.3) lib/rollbar.rb:799:in `scoped'
rollbar (1.5.3) lib/rollbar/middleware/rails/rollbar.rb:22:in `call'
better_errors (2.1.1) lib/better_errors/middleware.rb:84:in `protected_app_call'
better_errors (2.1.1) lib/better_errors/middleware.rb:79:in `better_errors_call'
better_errors (2.1.1) lib/better_errors/middleware.rb:57:in `call'
actionpack (4.2.3) lib/action_dispatch/middleware/debug_exceptions.rb:17:in `call'
rollbar (1.5.3) lib/rollbar/middleware/rails/show_exceptions.rb:22:in `call_with_rollbar'
actionpack (4.2.3) lib/action_dispatch/middleware/show_exceptions.rb:30:in `call'
railties (4.2.3) lib/rails/rack/logger.rb:38:in `call_app'
railties (4.2.3) lib/rails/rack/logger.rb:20:in `block in call'
activesupport (4.2.3) lib/active_support/tagged_logging.rb:68:in `block in tagged'
activesupport (4.2.3) lib/active_support/tagged_logging.rb:26:in `tagged'
activesupport (4.2.3) lib/active_support/tagged_logging.rb:68:in `tagged'
railties (4.2.3) lib/rails/rack/logger.rb:20:in `call'
actionpack (4.2.3) lib/action_dispatch/middleware/request_id.rb:21:in `call'
rack (1.6.4) lib/rack/methodoverride.rb:22:in `call'
rack (1.6.4) lib/rack/runtime.rb:18:in `call'
activesupport (4.2.3) lib/active_support/cache/strategy/local_cache_middleware.rb:28:in `call'
rack (1.6.4) lib/rack/lock.rb:17:in `call'
actionpack (4.2.3) lib/action_dispatch/middleware/static.rb:116:in `call'
rack (1.6.4) lib/rack/sendfile.rb:113:in `call'
railties (4.2.3) lib/rails/engine.rb:518:in `call'
railties (4.2.3) lib/rails/application.rb:165:in `call'
rack (1.6.4) lib/rack/content_length.rb:15:in `call'
thin (1.6.4) lib/thin/connection.rb:86:in `block in pre_process'
thin (1.6.4) lib/thin/connection.rb:84:in `pre_process'
thin (1.6.4) lib/thin/connection.rb:53:in `process'
thin (1.6.4) lib/thin/connection.rb:39:in `receive_data'
eventmachine (1.0.8) lib/eventmachine.rb:193:in `run'
thin (1.6.4) lib/thin/backends/base.rb:73:in `start'
thin (1.6.4) lib/thin/server.rb:162:in `start'
rack (1.6.4) lib/rack/handler/thin.rb:19:in `run'
rack (1.6.4) lib/rack/server.rb:286:in `start'
railties (4.2.3) lib/rails/commands/server.rb:80:in `start'
railties (4.2.3) lib/rails/commands/commands_tasks.rb:80:in `block in server'
railties (4.2.3) lib/rails/commands/commands_tasks.rb:75:in `server'
railties (4.2.3) lib/rails/commands/commands_tasks.rb:39:in `run_command!'
railties (4.2.3) lib/rails/commands.rb:17:in `<top (required)>'
bin/rails:4:in `<main>'
リクエスト フェーズ中にセッションで設定されていた「omniauth.state」は nil でした。
でoauth2.rb:
elsif !options.provider_ignores_state && (request.params["state"].to_s.empty? || request.params["state"] != session.delete("omniauth.state"))
オプションprovider_ignores_state: trueを設定してみましたが、セッションのためにまだ問題がありました。
他の人がドメインについて言及しているのを見ました。私たちはドメインを設定していませんでしたが、ドメインが一致していることに固執しました. 問題は、別のアプリにリダイレクトするアプリがあり、そのアプリが Lightspeed 認証にリダイレクトしていたことです。
昨日これにかなりの時間を費やしたので、同様の状況に陥る可能性のある他の人を助けるためにこれを書いています.
私たちのドメインは正確には一致しませんでした。nginx の設定を修正した後、CSRF エラーはなくなりました!
その後、redirect_uri エラーが発生し続けました。
その間、私は宝石を更新しました(ばか、私は知っています)。1.4.0には重大な変更があります。omniauth-oauth2
gem を 1.3.1 にロックしました。