Fix omniauth (SAML/CAS) sign-in routes not having CSRF protection (#15228)
This commit is contained in:
parent
13206fcfb8
commit
13b07b88f1
1
Gemfile
1
Gemfile
|
@ -44,6 +44,7 @@ gem 'net-ldap', '~> 0.16'
|
|||
gem 'omniauth-cas', '~> 2.0'
|
||||
gem 'omniauth-saml', '~> 1.10'
|
||||
gem 'omniauth', '~> 1.9'
|
||||
gem 'omniauth-rails_csrf_protection', '~> 0.1'
|
||||
|
||||
gem 'color_diff', '~> 0.1'
|
||||
gem 'discard', '~> 1.2'
|
||||
|
|
|
@ -375,6 +375,9 @@ GEM
|
|||
addressable (~> 2.3)
|
||||
nokogiri (~> 1.5)
|
||||
omniauth (~> 1.2)
|
||||
omniauth-rails_csrf_protection (0.1.2)
|
||||
actionpack (>= 4.2)
|
||||
omniauth (>= 1.3.1)
|
||||
omniauth-saml (1.10.3)
|
||||
omniauth (~> 1.3, >= 1.3.2)
|
||||
ruby-saml (~> 1.9)
|
||||
|
@ -741,6 +744,7 @@ DEPENDENCIES
|
|||
oj (~> 3.10)
|
||||
omniauth (~> 1.9)
|
||||
omniauth-cas (~> 2.0)
|
||||
omniauth-rails_csrf_protection (~> 0.1)
|
||||
omniauth-saml (~> 1.10)
|
||||
ox (~> 2.13)
|
||||
paperclip (~> 6.0)
|
||||
|
|
|
@ -22,7 +22,6 @@
|
|||
|
||||
.actions
|
||||
- resource_class.omniauth_providers.each do |provider|
|
||||
= link_to omniauth_authorize_path(resource_name, provider), class: "button button-#{provider}" do
|
||||
= t("auth.providers.#{provider}", default: provider.to_s.chomp("_oauth2").capitalize)
|
||||
= link_to t("auth.providers.#{provider}", default: provider.to_s.chomp("_oauth2").capitalize), omniauth_authorize_path(resource_name, provider), class: "button button-#{provider}", method: :post
|
||||
|
||||
.form-footer= render 'auth/shared/links'
|
||||
|
|
Reference in New Issue