mediawiki_oauth strategy continues after `fail!`and does not redirect to failure point
10 views
Skip to first unread message
Sage Ross
Jan 28, 2016, 6:31:15 PM1/28/16
to omniauth
Hi!
I'm using an omniauth OAuth strategy for Wikipedia, a fork of the mediawiki_oauth strategy gem: https://github.com/ragesoss/omniauth-mediawiki
The problem I'm having is that the strategy breaks if it gets an error response from Wikipedia, but instead of redirecting the user to /auth/failure, it ends up serving a 500 error. I've looked at many other OAuth strategies, but they don't seem to have nearly as much going on as this strategy, and I'm stuck.
What happens is this:
* If there is an authorization error, then MediaWiki returns a json error code and message instead of a JWT. That causes a JWT::DecodeError here: https://github.com/ragesoss/omniauth-mediawiki/blob/master/lib/omniauth/strategies/mediawiki.rb#L121
* Even if I rescue the JWT::DecodeError and call `fail!(:login_failure)`, the rest of the auth procedure still breaks and results in a 500 error, specifically a NoMethodError here: https://github.com/ragesoss/omniauth-mediawiki/blob/master/lib/omniauth/strategies/mediawiki.rb#L58
What would be the typical way to this kind of failure in an OmniAuth strategy?
Thanks! For context, here's how we patched our way around it for a quick fix: https://github.com/WikiEducationFoundation/WikiEduDashboard/commit/978a66bca55617d4e1eda32ceb68679ead5e6c72
-Sage (ragesoss)
I'm using an omniauth OAuth strategy for Wikipedia, a fork of the mediawiki_oauth strategy gem: https://github.com/ragesoss/omniauth-mediawiki
The problem I'm having is that the strategy breaks if it gets an error response from Wikipedia, but instead of redirecting the user to /auth/failure, it ends up serving a 500 error. I've looked at many other OAuth strategies, but they don't seem to have nearly as much going on as this strategy, and I'm stuck.
What happens is this:
* If there is an authorization error, then MediaWiki returns a json error code and message instead of a JWT. That causes a JWT::DecodeError here: https://github.com/ragesoss/omniauth-mediawiki/blob/master/lib/omniauth/strategies/mediawiki.rb#L121
* Even if I rescue the JWT::DecodeError and call `fail!(:login_failure)`, the rest of the auth procedure still breaks and results in a 500 error, specifically a NoMethodError here: https://github.com/ragesoss/omniauth-mediawiki/blob/master/lib/omniauth/strategies/mediawiki.rb#L58
What would be the typical way to this kind of failure in an OmniAuth strategy?
Thanks! For context, here's how we patched our way around it for a quick fix: https://github.com/WikiEducationFoundation/WikiEduDashboard/commit/978a66bca55617d4e1eda32ceb68679ead5e6c72
-Sage (ragesoss)
Reply all
Reply to author
Forward
0 new messages