-
Notifications
You must be signed in to change notification settings - Fork 61
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
omnigollum not handing off to omniauth? #64
Comments
Having exactly the same issue here using the github provider. It goes to |
I also experience the same issue with github provider, it redirects to |
I found this is due to the recent security fixes in OmniAuth that disabled GET access to "/auth/:provider".
Though, this is not an optimal solution in terms of security. After applying the above change, I could configure wiki to be invisible to unauthorized users, still I couldn't make it editable for authorized users (got "error updating page" message). I don't know if this is due to that my fix is incomplete. |
Same problem here with the Github provider. |
I got OAuth working with Gollum here: I'm going about this by configuring Nginx to do OAuth, and then swiping the email address from the headers. |
any update on this issue? this issue basically makes omnigollum unusable since I'm not able to edit any pages. |
Omnigollum is broken: arr2036/omnigollum#64 Switched to supporting oauth2 proxy, use somthing like class Precious::App before do email = request.get_header("HTTP_X_FORWARDED_EMAIL") unless email halt 403, "Sorry, nothing for you here." end session["gollum.author"] = { name: email, email: email } @gollum_author_email = email @gollum_logout_link = "/oauth2/sign_out" end end
I followed the setup for using zquestz/omniauth-google-oauth2 and put that into the omnigollum_options:
but when trying to access a protected route, I get bounced to
/__omnigollum__/auth/google_oauth2?origin=%2F
, which404
's with no errors in the console.I'm not sure if this is a version thing with sinatra or some other component, but digging into the code, this part seems... wrong? https://github.com/arr2036/omnigollum/blob/4c098d2/lib/omnigollum.rb#L310
If the intent is to pass control back to OmniAuth, shouldn't this be
pass
orforward
orcall
instead of halt?The text was updated successfully, but these errors were encountered: