Upgrade omniauth-github to 2.1.4

Author: arthurchui

Gemfile.lock

@@ -13,7 +13,7 @@ PATH
       jquery-rails (~> 4.4)
       lodash-rails (~> 4.17)
       octokit (~> 5.6.0)
-      omniauth-github (~> 1.4)
+      omniauth-github (~> 2.0)
       paquito
       pubsubstub (~> 0.2)
       rails (~> 8.0.1)
@@ -246,15 +246,17 @@ GEM
     octokit (5.6.1)
       faraday (>= 1, < 3)
       sawyer (~> 0.9)
-    omniauth (1.9.2)
+    omniauth (2.1.4)
       hashie (>= 3.4.6)
-      rack (>= 1.6.2, < 3)
-    omniauth-github (1.4.0)
-      omniauth (~> 1.5)
-      omniauth-oauth2 (>= 1.4.0, < 2.0)
-    omniauth-oauth2 (1.7.3)
+      logger
+      rack (>= 2.2.3)
+      rack-protection
+    omniauth-github (2.0.1)
+      omniauth (~> 2.0)
+      omniauth-oauth2 (~> 1.8)
+    omniauth-oauth2 (1.8.0)
       oauth2 (>= 1.4, < 3)
-      omniauth (>= 1.9, < 3)
+      omniauth (~> 2.0)
     ostruct (0.6.2)
     paquito (0.10.0)
       msgpack (>= 1.5.2)
@@ -276,6 +278,9 @@ GEM
       redis (~> 4.0)
     racc (1.8.1)
     rack (2.2.17)
+    rack-protection (3.2.0)
+      base64 (>= 0.1.0)
+      rack (~> 2.2, >= 2.2.4)
     rack-session (1.0.2)
       rack (< 3)
     rack-test (2.2.0)

app/controllers/concerns/shipit/authentication.rb

@@ -21,15 +21,15 @@ def force_github_authentication
       if current_user.logged_in? && current_user.requires_fresh_login?
         Rails.logger.warn("User #{current_user.id} requires a fresh login, logging out...")
         reset_session
-        redirect_to(Shipit::Engine.routes.url_helpers.github_authentication_path(origin: request.original_url))
+        redirect_to(Shipit::Engine.routes.url_helpers.github_authentication_login_path(origin: request.original_url))
       elsif Shipit.authentication_disabled? || current_user.logged_in?
         unless current_user.authorized?
           team_handles = Shipit.github_teams.map(&:handle)
           team_list = team_handles.to_sentence(two_words_connector: ' or ', last_word_connector: ', or ')
           render(plain: "You must be a member of #{team_list} to access this application.", status: :forbidden)
         end
       else
-        redirect_to(Shipit::Engine.routes.url_helpers.github_authentication_path(origin: request.original_url))
+        redirect_to(Shipit::Engine.routes.url_helpers.github_authentication_login_path(origin: request.original_url))
       end
     end
 

app/controllers/shipit/github_authentication_controller.rb

@@ -4,6 +4,8 @@ module Shipit
   class GithubAuthenticationController < ActionController::Base
     include Shipit::Engine.routes.url_helpers
 
+    layout 'shipit', only: 'login'
+
     def callback
       return_url = request.env['omniauth.origin'] || root_path
       auth = request.env['omniauth.auth']

app/views/shipit/github_authentication/login.html.erb

@@ -0,0 +1,14 @@
+<% content_for :page_title do %>
+  <h1>Login</h1>
+<% end %>
+
+<div class="wrapper">
+  <section>
+    <%= form_with url: github_authentication_path, method: :post do |form| %>
+      <%= form.hidden_field :origin, value: params[:origin] %>
+      <div class="field-wrapper">
+        <%= form.submit "Login with GitHub", class: 'btn primary' %>
+      </div>
+    <% end %>
+  </section>
+</div>

config/routes.rb

@@ -68,7 +68,8 @@
   end
 
   scope '/github/auth/github', as: :github_authentication, controller: :github_authentication do
-    get '/', action: :request
+    get :login
+    post '/', action: :request
     post :callback
     get :callback
     get :logout

lib/shipit/engine.rb

@@ -45,6 +45,7 @@ class Engine < ::Rails::Engine
       ActiveModel::Serializer.include(Engine.routes.url_helpers)
 
       if Shipit.github.oauth?
+        OmniAuth::AuthenticityTokenProtection.default_options(key: "_csrf_token", authenticity_param: "authenticity_token")
         OmniAuth::Strategies::GitHub.configure(path_prefix: '/github/auth')
         app.middleware.use(OmniAuth::Builder) do
           provider(:github, *Shipit.github.oauth_config)

shipit-engine.gemspec

@@ -31,7 +31,7 @@ Gem::Specification.new do |s|
   s.add_dependency('jquery-rails', '~> 4.4')
   s.add_dependency('lodash-rails', '~> 4.17')
   s.add_dependency('octokit', '~> 5.6.0')
-  s.add_dependency('omniauth-github', '~> 1.4')
+  s.add_dependency('omniauth-github', '~> 2.0')
   s.add_dependency('paquito')
   s.add_dependency('pubsubstub', '~> 0.2')
   s.add_dependency('rails', '~> 8.0.1')

test/controllers/api_clients_controller_test.rb

@@ -13,7 +13,7 @@ class ApiClientsControllerTest < ActionController::TestCase
     test "GitHub authentication is mandatory" do
       session[:user_id] = nil
       get :index
-      assert_redirected_to '/github/auth/github?origin=http%3A%2F%2Ftest.host%2Fapi_clients'
+      assert_redirected_to '/github/auth/github/login?origin=http%3A%2F%2Ftest.host%2Fapi_clients'
     end
 
     test "current_user must be a member of at least a Shipit.github_teams" do

test/controllers/github_authentication_controller_test.rb

@@ -4,6 +4,12 @@
 
 module Shipit
   class GithubAuthenticationControllerTest < ActionController::TestCase
+    test ":login can render a page to start the OAuth Flow" do
+      get :login
+
+      assert_response :ok
+    end
+
     test ":callback can sign in to github" do
       auth = OmniAuth::AuthHash.new(
         credentials: OmniAuth::AuthHash.new(

test/controllers/repositories_controller_test.rb

@@ -13,7 +13,7 @@ class RepositoriesControllerTest < ActionController::TestCase
     test "GitHub authentication is mandatory" do
       session[:user_id] = nil
       get :index
-      assert_redirected_to '/github/auth/github?origin=http%3A%2F%2Ftest.host%2Frepositories'
+      assert_redirected_to '/github/auth/github/login?origin=http%3A%2F%2Ftest.host%2Frepositories'
     end
 
     test "current_user must be a member of at least a Shipit.github_teams" do