Prepare for OmniAuth version 2.x

We are currently using OmniAuth version 1.x. Version 2.x is now available. In the version 2.x announcement, OmniAuth announced that "OmniAuth now defaults to only POST as the allowed request_phase method." This commit changes offending GET requests to POST and adds the `omniauth-rails_csrf_protection` gem. Ref: - #2473 (comment) - https://www.mintbit.com/blog/updating-omniauth-from-version-1-to-2 - https://github.com/omniauth/omniauth/releases/tag/v2.0.0 - #2452
thoughtbot · May 3, 2024 · 33a31ca · 33a31ca
1 parent 5a6edf5
commit 33a31ca
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 4 deletions.
diff --git a/Gemfile b/Gemfile
@@ -33,6 +33,7 @@ gem "nokogiri"
 gem "octokit"
 gem "omniauth"
 gem "omniauth-github"
+gem "omniauth-rails_csrf_protection"
 gem "paperclip"
 gem "pg"
 gem "pg_search"
@@ -50,15 +51,15 @@ gem "responders"
 gem "rexml"
 gem "sassc"
 gem "scenic"
-gem "sentry-ruby"
 gem "sentry-rails"
+gem "sentry-ruby"
 gem "sprockets-rails"
 gem "sprockets-redirect"
 gem "uglifier"
 gem "validates_email_format_of"
 gem "vanity"
-gem "wrapped"
 gem "webrick"
+gem "wrapped"
 
 source "https://rails-assets.org" do
   gem "rails-assets-lodash"

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -317,6 +317,9 @@ GEM
     omniauth-oauth2 (1.7.3)
       oauth2 (>= 1.4, < 3)
       omniauth (>= 1.9, < 3)
+    omniauth-rails_csrf_protection (0.1.2)
+      actionpack (>= 4.2)
+      omniauth (>= 1.3.1)
     paperclip (6.1.0)
       activemodel (>= 4.2.0)
       activesupport (>= 4.2.0)
@@ -573,6 +576,7 @@ DEPENDENCIES
   octokit
   omniauth
   omniauth-github
+  omniauth-rails_csrf_protection
   paperclip
   pg
   pg_search

diff --git a/app/views/acceptances/new.html.erb b/app/views/acceptances/new.html.erb
@@ -3,7 +3,7 @@
     <h3 class="authentication-message">
       <%= t(".sign_in_to_join_the_team", team_name: @invitation.team_name) %>
     </h3>
-    <%= link_to github_auth_path, class: "cta-button secondary-button" do %>
+    <%= link_to github_auth_path, method: :post, class: "cta-button secondary-button" do %>
       <%= image_tag("github.svg", class: "github-logo", alt: "") %>
       <%= t("authenticating.github_signin") %>
     <% end %>

diff --git a/app/views/sessions/new.html.erb b/app/views/sessions/new.html.erb
@@ -1,6 +1,6 @@
 <% content_for :page_title, "Sign In to Upcase" %>
 <section id="auth-form-container">
-  <%= link_to github_auth_path, class: 'cta-button secondary-button' do %>
+  <%= link_to github_auth_path, method: :post, class: 'cta-button secondary-button' do %>
     <%= image_tag("github-black.svg", class: "github-logo", alt: "") %>
     <%= t("authenticating.github_signin") %>
   <% end %>