我正在用facebook和devise实现oauth登录,当从接受应用程序(弹出窗口)返回时,我收到以下错误:
无法通过Facebook验证您,因为“Csrf已检测到”.
这是日志:
Started GET “/users/auth/facebook/callback” for 127.0.0.1 at 2014-01-23 23:59:58 +0100
ActiveRecord::SchemaMigration Load (0.3ms) SELECT “schema_migrations”.* FROM “schema_migrations”
(facebook) Callback phase initiated.
(facebook) Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError,csrf_detected | CSRF detected
我的用户模型
- class User < ActiveRecord::Base
- devise :token_authenticatable,:database_authenticatable,:registerable,:recoverable,:rememberable,:trackable,:validatable,:confirmable,:omniauthable,:omniauth_providers => [:facebook]
- before_save :ensure_authentication_token
- has_one :user_settings
- has_many :predictions
- has_many :user_leagues
- has_many :leagues,through: :user_leagues # this wasn't working,solution found: https://stackoverflow.com/questions/1781202/could-not-find-the-association-problem-in-rails
- valid_email_regex = /\A[\w+\-.]+@[a-z\d\-]+(\.[a-z]+)*\.[a-z]+\z/i
- validates :email,format: { with: valid_email_regex }
- validates :firstName,:lastName,:username,presence:true
- acts_as_voter
- def self.find_for_facebook_oauth(auth)
- where(auth.slice(:provider,:uid)).first_or_initialize.tap do |user|
- user.provider = auth.provider
- user.uid = auth.uid
- user.email = auth.info.email
- user.password = Devise.friendly_token[0,20]
- user.firstName = auth.info.name # assuming the user model has a name
- # user.image = auth.info.image # assuming the user model has an image
- user.save!
- end
- end
- end
我有我的facebook id和我在devise.rb的秘密
- require "omniauth-facebook"
- OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE if Rails.env.development?
- config.omniauth :facebook,ENV["APP_ID"],ENV['FACEBOOK_SECRET']
我正在通过javascript进行验证
- jQuery ->
- $('body').prepend('<div id="fb-root"></div>')
- $.ajax
- url: "#{window.location.protocol}//connect.facebook.net/en_US/all.js"
- dataType: 'script'
- cache: true
- window.fbAsyncInit = ->
- FB.init(appId: '123512341234',cookie: true)
- $('#sign_in').click (e) ->
- e.preventDefault()
- FB.login (response) ->
- #console.log(response)
- window.location = '/users/auth/facebook/callback' if response.authResponse
- $('#sign_out').click (e) ->
- FB.getLoginStatus (response) ->
- FB.logout() if response.authResponse
- true
以及bundle install中的gem列表
- rake (10.1.1)
- i18n (0.6.9)
- minitest (4.7.5)
- multi_json (1.8.4)
- atomic (1.1.14)
- thread_safe (0.1.3)
- tzinfo (0.3.38)
- activesupport (4.0.0)
- builder (3.1.4)
- erubis (2.7.0)
- rack (1.5.2)
- rack-test (0.6.2)
- actionpack (4.0.0)
- mime-types (1.25.1)
- polyglot (0.3.3)
- treetop (1.4.15)
- mail (2.5.4)
- actionmailer (4.0.0)
- activemodel (4.0.0)
- active_model_serializers (0.8.1)
- activerecord-deprecated_finders (1.0.3)
- arel (4.0.1)
- activerecord (4.0.0)
- acts_as_votable (0.8.0)
- addressable (2.3.5)
- bcrypt-ruby (3.1.2)
- coderay (1.1.0)
- better_errors (1.1.0)
- sass (3.2.13)
- bootstrap-sass (2.3.2.2)
- mini_portile (0.5.2)
- nokogiri (1.6.1)
- xpath (2.0.0)
- capybara (2.1.0)
- certified (0.1.1)
- ffi (1.9.3)
- childprocess (0.4.0)
- coffee-script-source (1.6.3)
- execjs (2.0.2)
- coffee-script (2.2.0)
- thor (0.18.1)
- railties (4.0.0)
- coffee-rails (4.0.1)
- diff-lcs (1.2.5)
- gherkin (2.12.2)
- multi_test (0.0.3)
- cucumber (1.3.10)
- bundler (1.5.1)
- hike (1.2.3)
- tilt (1.4.1)
- sprockets (2.10.1)
- sprockets-rails (2.0.1)
- rails (4.0.0)
- cucumber-rails (1.4.0)
- orm_adapter (0.5.0)
- warden (1.2.3)
- devise (3.0.4)
- launchy (2.4.2)
- email_spec (1.5.0)
- factory_girl (4.3.0)
- factory_girl_rails (4.3.0)
- faker (1.2.0)
- multipart-post (2.0.0)
- faraday (0.9.0)
- hashie (2.0.5)
- jbuilder (1.0.2)
- jquery-rails (3.0.4)
- json (1.8.1)
- jwt (0.1.11)
- multi_xml (0.5.5)
- oauth2 (0.9.3)
- omniauth (1.2.1)
- omniauth-oauth2 (1.1.2)
- omniauth-facebook (1.6.0)
- pg (0.17.1)
- rack-cors (0.2.9)
- rails_serve_static_assets (0.0.2)
- rails_stdout_logging (0.0.3)
- rails_12factor (0.0.2)
- rdoc (3.12.2)
- rspec-core (2.13.1)
- rspec-expectations (2.13.0)
- rspec-mocks (2.13.1)
- rspec-rails (2.13.1)
- rubyzip (0.9.9)
- sass-rails (4.0.1)
- sdoc (0.3.20)
- websocket (1.0.7)
- selenium-webdriver (2.35.1)
- turbolinks (1.1.1)
- uglifier (2.1.1)
Rails 4.0.0
非常感谢先进!
解决方法
我将其添加到我的app_name / config / initializers / devise.rb中
- { provider_ignores_state: true }
所以最终成了
- require "omniauth-facebook"
- config.omniauth :facebook,ENV["FACEBOOK_APP_ID"],ENV['FACEBOOK_SECRET'],provider_ignores_state: true
希望这有助于其他人!