-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
「omniauth を使って GitHub 認証を実装する」答案提出 #7
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
概ね大丈夫ですが、細かいところいくつかコメントしていますのでご確認ください。
# frozen_string_literal: true | ||
|
||
class Users::RegistrationsController < Devise::RegistrationsController | ||
# before_action :configure_sign_up_params, only: [:create] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
コメントアウトが大量にあると見づらいので削除して欲しいです。
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
コメントありがとうございます。削除しました。
Gemfile
Outdated
@@ -62,3 +62,5 @@ gem 'carrierwave' | |||
gem 'devise' | |||
gem 'devise-i18n' | |||
gem 'kaminari' | |||
gem 'omniauth-github', github: 'omniauth/omniauth-github', branch: 'master' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
こちら `gem 'omniauth-github' だけで良いと思うのですが、何故ブランチ指定してるのでしょうか?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@@ -62,3 +62,5 @@ gem 'carrierwave' | |||
gem 'devise' | |||
gem 'devise-i18n' | |||
gem 'kaminari' | |||
gem 'omniauth-github', github: 'omniauth/omniauth-github', branch: 'master' | |||
gem 'omniauth-rails_csrf_protection' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
こちらはあっても問題無いですが、必要でも無いと思うのですが、何故追加したのでしょうか?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
DeviseのWikiに以下のように記載があったため、追加してあります。
OmniAuth 2.0+: make sure you also add the OmniAuth Rails CSRF Protection gem to your
Gemfile
機能上は不要だと思いますが、セキュリティ上、CSRF攻撃を防ぐために必要なものだと思っていました。GitHub認証では不要なのでしょうか?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
なるほど。 Deviseのwikiに書いてあったなら根拠としては十分ですね。
同じ問題について omniauth/omniauth#960
omniauth側でも対応してるようなのですが、まったく同じ内容なのか分かりません。時期からして omniauthの問題なら対応していそうなものですが 🤔
ちょっと他のメンターにも聞いてみます。
プラクティスとしては十分な根拠があって追加しているので問題無いです 🙆♀️
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284
こちらに omniauth 側の説明もありましたね。問題無さそうです 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ご確認ありがとうございます 😄 勉強になりました 🧑🎓
@@ -271,7 +271,7 @@ | |||
# ==> OmniAuth | |||
# Add a new OmniAuth provider. Check the wiki for more information on setting | |||
# up on your models and hooks. | |||
# config.omniauth :github, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo' | |||
config.omniauth :github, ENV['GITHUB_KEY'], ENV['GITHUB_SECRET'], scope: 'read:user' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
必須では無いですが、環境変数が必要になるので READMEなどに設定方法を書いておくと良いですね。
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
コメントありがとうございます。READMEに追記しました。
お世話になっております。
「omniauth を使って GitHub 認証を実装する」の答案を提出いたします。
ご確認をよろしくお願いいたします。