From 71490d898b155d511d1ddc177a2cdbbd30835b2c Mon Sep 17 00:00:00 2001 From: Zachary Wood Date: Mon, 1 Jan 2024 19:50:18 -0500 Subject: [PATCH] web: add sign in with apple --- web/Gemfile | 2 ++ web/Gemfile.lock | 35 +++++++++++++++++++++++ web/config/application.rb | 5 ++++ web/config/credentials.yml.enc | 2 +- web/config/credentials/production.yml.enc | 2 +- web/config/initializers/omniauth.rb | 10 +++++++ 6 files changed, 54 insertions(+), 2 deletions(-) diff --git a/web/Gemfile b/web/Gemfile index 3e7bfb0..9bd217e 100644 --- a/web/Gemfile +++ b/web/Gemfile @@ -44,6 +44,8 @@ gem "rest-client", require: false # Use Sass to process CSS gem "sassc-rails" +gem "omniauth-apple" + # Use Active Storage variants [https://guides.rubyonrails.org/active_storage_overview.html#transforming-images] # gem "image_processing", "~> 1.2" diff --git a/web/Gemfile.lock b/web/Gemfile.lock index 2348171..05cb6fa 100644 --- a/web/Gemfile.lock +++ b/web/Gemfile.lock @@ -76,6 +76,7 @@ GEM tzinfo (~> 2.0) addressable (2.8.5) public_suffix (>= 2.0.2, < 6.0) + aes_key_wrap (1.1.0) annotate (3.2.0) activerecord (>= 3.2, < 8.0) rake (>= 10.4, < 14.0) @@ -89,6 +90,7 @@ GEM base64 (0.1.1) bcrypt (3.1.20) bigdecimal (3.1.4) + bindata (2.4.15) bindex (0.8.1) blueprinter (0.30.0) bootsnap (1.17.0) @@ -113,6 +115,13 @@ GEM drb (2.1.1) ruby2_keywords erubi (1.12.0) + faraday (2.8.1) + base64 + faraday-net_http (>= 2.0, < 3.1) + ruby2_keywords (>= 0.0.4) + faraday-follow_redirects (0.3.0) + faraday (>= 1, < 3) + faraday-net_http (3.0.2) ffi (1.16.3) fiber-annotation (0.2.0) fiber-local (1.0.0) @@ -138,6 +147,13 @@ GEM actionview (>= 5.0.0) activesupport (>= 5.0.0) json (2.7.1) + json-jwt (1.16.4) + activesupport (>= 4.2) + aes_key_wrap + bindata + faraday (~> 2.0) + faraday-follow_redirects + jwt (2.7.1) language_server-protocol (3.17.0.3) loofah (2.21.4) crass (~> 1.0.2) @@ -155,6 +171,7 @@ GEM mini_portile2 (2.8.5) minitest (5.20.0) msgpack (1.7.2) + multi_xml (0.6.0) mutex_m (0.1.2) net-imap (0.4.4) date @@ -174,10 +191,23 @@ GEM racc (~> 1.4) nokogiri (1.15.4-x86_64-linux) racc (~> 1.4) + oauth2 (2.0.9) + faraday (>= 0.17.3, < 3.0) + jwt (>= 1.0, < 3.0) + multi_xml (~> 0.5) + rack (>= 1.2, < 4) + snaky_hash (~> 2.0) + version_gem (~> 1.1) omniauth (2.1.1) hashie (>= 3.4.6) rack (>= 2.2.3) rack-protection + omniauth-apple (1.3.0) + json-jwt + omniauth-oauth2 + omniauth-oauth2 (1.8.0) + oauth2 (>= 1.4, < 3) + omniauth (~> 2.0) omniauth-rails_csrf_protection (1.0.1) actionpack (>= 4.2) omniauth (~> 2.0) @@ -284,6 +314,9 @@ GEM sprockets (> 3.0) sprockets-rails tilt + snaky_hash (2.0.1) + hashie + version_gem (~> 1.1, >= 1.1.1) sprockets (4.2.1) concurrent-ruby (~> 1.0) rack (>= 2.2.4, < 4) @@ -306,6 +339,7 @@ GEM unf_ext unf_ext (0.0.8.2) unicode-display_width (2.5.0) + version_gem (1.1.3) web-console (4.2.1) actionview (>= 6.0.0) activemodel (>= 6.0.0) @@ -338,6 +372,7 @@ DEPENDENCIES importmap-rails jbuilder omniauth + omniauth-apple omniauth-rails_csrf_protection pg (~> 1.1) puma (~> 6.0) diff --git a/web/config/application.rb b/web/config/application.rb index a398ac6..766036a 100644 --- a/web/config/application.rb +++ b/web/config/application.rb @@ -18,5 +18,10 @@ class Application < Rails::Application # # config.time_zone = "Central Time (US & Canada)" # config.eager_load_paths << Rails.root.join("extras") + + config.action_dispatch.cookies_same_site_protection = + lambda do |request| + request.path.starts_with?("/auth/apple") ? :none : :lax + end end end diff --git a/web/config/credentials.yml.enc b/web/config/credentials.yml.enc index fd0cd91..c5a35b3 100644 --- a/web/config/credentials.yml.enc +++ b/web/config/credentials.yml.enc @@ -1 +1 @@ -jZ6hM9vP1z7C5ykx0rvwZEhNeXK/VbNOSfhgy4gchOft8CXe/g6k5YHky07+9L5M6S4BeiDH4UtjNdk9qRdkeZdkd9QVTBd5BHHOFl1N/vkS3w5toNc3R8rjkKlCP4AFVnFKLgtRv+lwhzTqo/IaZz1i8eYduQVs6/CLiMRdArQ+rHVgU9zozYixdd90Wt5lqgyZkY83IiJu1/6GO0DJJWxqnWeo9AteMBDkJm0nGkqaVM4Pa2d3/y1LQ5ppLPWkQ1qyRrb/QC9U9tKe3xtrlbf4ncqLd1va55LxmuFxrCiVQIXXYotFEzXFNJ5ubU8Ck3LYNKI99/sMP4uHnm620UIrhg8gSP5LS+cvxNL/OZv/0gx8OKxMeKF8WQ5s4Jid1MerxmZLObhYB8HR5IWOeAHOAgHWbQy1RXeU1wetWrolgzyiG0KWZyqZiO5MK4uRExBUsF0olIPYuFSAvlJXPf7zuTo5fXKrXsXunz7le3SAl6ZQ3XT1wXyew9Wp5QiUeGjzz6MDDAsZb32jMNBlOSBgP68uph2Z5dJEn61ep0Dydg6jwbD54KSBsoDahapuQPIRW9vBDO9RDLVdPaT3vqjBKJRqYMlqs3mO4GjLPv9xcBEd1Uf9ARrkddKlP+1iMVSog87Dk4Z2hqWuMmMwa15ZmxcU7ic6U7/7P0eH33/FG8C/XbY6srdSFplINRXdVDlEgdK4qUkelC+0GrH1KE1O7yL4e4IIoi6YYIqZubE9/8Iz7/WqJNv0QlXm9UF1gVNoxyxuTeRMWslq99XO9sKl73Zf9NEWtrMTpvh4pIUErDeNXZl5Y6AH8oYwO6iu60z8HPQ/qeWamUkQ+Fu3rlprXy3ZUpNBxGM7E076qLOoE01WR4fLV6QM2C4y6RuoWp6BajxCeD7Wm7zd2/bdp9j3--d/IAaIF4mP5prvOR--eYUbx+54YLNQyMBotYRMOQ== \ No newline at end of file +te5rvlvkqoILBvUJ94/ZlacmuIDo415hfFmMIl09quuUjboEg6SeoNjkQBSSUWThqeOCznAi15t1EGb4Vnrevkck0DwljrIwb9bdokVkhXK2WM27kln0w2xTbHchmqEeVELDpFSpSWMcR5eR8EWSTsDPpqy5nN+fJ5y1ztJIorrq+O64QVMBRnMDQHpsC4ha5op4RA8uCXZFr/xSSQBQs482e8I3V03BOQO8SOq/78gBqsI5k+baAu9GQadvz7ZCSO8CCv1zCRJtLscjY2cjy/RaVSJD4IaIWV5YUj+aL8qbHt5x5Wi+Qknb5Zqf9r0tYsvkHgRQDb+Ut3zRTe+RYcb20dt1sCgq8rN1IHvknODT+c3gVqH8Ux82e1Mi52X2CJ3vl9JB9x6OIMsFdSyshy7uWQWsCMB5X7xLu4nxYKRXzJSeZmTm8V1YlSzeZmmbQ49Qc+MXyGmHTOExnv4lky2T+7O0DMnAABZxv6VPQmV4SE2R8G6WuY21nuaKdZW4NQ9CzCx4+0NkXZUvHOorTkHJSX8yS5og8z850quuQ1i4ArGLEPiga/EmJ8gN8AFHozYRHrlK8DhA/p2RIPOkW0cAzWwYj1FCSKDpTgYw2U+pkWe25q9TUqkka6i3xforem24rKQYyr9xRlVupQ5pmQHYzQe2jKrcrSp714lBUDlH1Gf5W46k1UdCfdEV7bufokwz1t94xZGRYTlwgrO2SNQnxr6har4ysL9FW99c16lfgm/K8UvsmH7yyPiwsZasE8xD5ckPp89Xa0QTRrC6CnGvEXRVnZ8LCQGy6grPttpVXYTEm/Jpa2HW2WDxv5nuHzu2uJnPTeTVz3HndTVUBA+FXUUAZg5c5VQoB70I6+HVr5S4ezwQPMXC5y/hIkAO6rCLp6+bVGUOCi9v1s0HFsumIrs/Cg0ZcJCpDznM/Qqb0AKT4Iy05gDWvtGVwW/QhaigrnZx7jKTRE6khbmXxOtQkTvtZiJsKfmUQ284uY9N7EL/Go+Wx0Pz1QoHE4IbBQBgnyL5WLb3gwq444Z3SJTF2U0YdOwIIUT5ColcrtHAWkrA7WmqPNG3Uio7JWsAGrXBGX6mFbobMvOIiYW+HOQlh5jw9V9V9fbyRCm2zZymv4mikmg/HnYTmZIv7OIulv1tQ0ZZvfY8IPSmoPtpuk5Hy7cHGADt/ms7T/XNLmZqYlQEjClZdkFyW0lyZPwryh46FCedFYBSQTIfkr0FAH204nZW62g4OTt4dwjbNZXTXAgX558Oa1/nhpZ4/XbPFO3WeE5OnxUQjTmB8aFw+7dTegAvjoOSKLr4cqhhTBAlQGkttSFmjE/BzJPVAPMgcsTRZWo5hA0XT49vnfgvU3l8WCCaTHs50f1RHAtSqmD3pzfLhpk7YFStAinNBcXs74DrfnsS--v3N17oqR3MyE4ODY--XTdGTGq5hEiZOpfc1913dQ== \ No newline at end of file diff --git a/web/config/credentials/production.yml.enc b/web/config/credentials/production.yml.enc index dff6875..9cf1985 100644 --- a/web/config/credentials/production.yml.enc +++ b/web/config/credentials/production.yml.enc @@ -1 +1 @@ -PfEynluRc170jbfF3A6UroVT72EMLRQVtwNZUJ4mq7EjhWEXjZqPPelECQee54F0vqVgTGn+f49vLj6qZCGGB+AsQCa4ftSJ6st0R3jnXk++vjeGj6wSbf3/uwnuDNb4txk9owc599aB0LCbC1jLn0nyhK/190H5HyNad1FKV7JDoABmTXbmbVDbj4yd4j+qgPHrgvq6H+nSEGakWKAKJX+sVaIt5eHeOvUaRpIV2xieNUXXEqrwazEp5ss1f9zW/bi8Ih0IcWTxBwnG1aerzz4sx1aCZqIyxj+XoW143fEVxaLvcBEubUB9HGhgGUn97dPLklsU+WoJkz3zWhQBlXXfZUjWU3VFE/kE1dFwX9axIq4V+VuVlgttCfkizy71sXQoZisUIqQdjRFyPoc6Mn8wZWgcqZ5yZXRqktl+/a67bHW6PgZypSZLq6knyo/iEiC03eKXFbMu8UqJps81r/Sb9bCCeXfDz17PiOquPK9tDLbIwy41vXUZIHC6n42MdlrlE044Pf6kh5BxtCPxgHXGtJFR+Pi66GQKJ2Que1+AU6cHf81y9Q816aa4ctX3dheauasyzB5hwrcjmpnLJ5IBnxvdhs4CoKp1jGUV5dY8zwxSMFEL2yKnPNZ06VWqk/nhqmcvqvBSRbHNQRJvw2WtmCGFg2Nzgx86X0884usDItvIJpQJ2DBmzmgmJEjUNga8gIPf4wxyAmiq--SHJGfiAfGKqPO3X2--E1KEGRP94E2mIDogwgrBKg== \ No newline at end of file +ptc8lWrq5q7JntOc1moufrtzQEtEoEmfdvqRQTqEXEj/y0VOr7Dyn18kKv/W2Zl52pDgH1TQjq/E9O5deBWuGL2kEdFrTmVIOdFQxFg+3e8x7r+eA5yxCCtL26zL1FobkPC9bIk1Fzj4BFrQG3Mr8+HBNC1KCL1h8+PGb0nfSL98btzW4TE05F4QYqkRAJXoSEkK+UJNlrFKCB/cnkWQSoXBbk/LTGcUabS4UlYlTN9Pf+Mz2F66sV8ENFqzKG0YigAhfWGLa0O1VyWKNXWRHRTVejHUTbL9mb0SA6AnpgeAtMPG2pxb4tsIYk6tDnLu7BbdPKMmUh69/XoQi5D2x3/pXmyw660asZOeKpC51W60Uz4GUG72sMqfHcvDCgLMmTUrWh0T1KfJCPmElpHdhQQWQnsunddtyBdlBq8LqOtRck414YtaTslJjz2yyJebuOTJuqMDq8C7Hft46FT5oG+GxlAdmoo4EeB13/DyGN00q4pXOmeZjb5VnnjNUoVP7Rqp55aWvWm0/6BhcD3YWmBUijlhbkorDANkcbm+zsouM9w7L1wcgpkMoBHqujLmQPZMakYiPFX61d3bP5YFDT0S9+inEuuA1YRzgh6mIdzd6k9qGgZGPHD20xh2WIObmvqgApSI+HRQEW9XpgOeKsxI1ZHNUTAcjFPhqh8xA1ITZ0hK+gXaASqOJ6MZIMAAbE6tpvJQ16xEU/kPdLNO8ELKOAnjWUUZeWpN87cqbBtFX+mXKJ9X/SHu01jd0j5/J4wcUYDmdrkjNbSvkkDaT++il6Fh2ycWvNn+5YXfyjVQWy60tlKJuHBUcW0OInc9Cz60xr2rnacnXrjra3cRUbCAa44HiSnq4PxLg1cWcQnHBq38FD/vdZjtMdwzQeHMGP4wdHU6B54mX4PW9gYn++klFkDgFupnVVNf1Hf5D8zfpYM4ar7A61ZhYmGqQpnUs/QbXRk08JU/azUlV9Ozmb5XQmFaDJguxen5Q8Ouf5lpncz6WLNPjxfih8dSLwyhQauXGSRSBNWN5PU/LZH8bgbFbU/3A8MRGz1fezBS1R8yBOb6rh/HFcd6G5c4GGgUhu0jq4e+hgeK+5AWeMtuqow+hh4MrrHod6GAWnUO9EeO/GjiK+N3dQbwRbszKT1e6NrnCtG8uA0dLuNnfiQI6SPbf2hlRGPrUBkFXZ19exG/8xT7LrHLbXCo2c6FiOpu--XLlKpOHPQTsE1T5D--ksdQSXRxxsEhhnuymtTsLg== \ No newline at end of file diff --git a/web/config/initializers/omniauth.rb b/web/config/initializers/omniauth.rb index 455a8f3..6d9dda9 100644 --- a/web/config/initializers/omniauth.rb +++ b/web/config/initializers/omniauth.rb @@ -1,3 +1,13 @@ Rails.application.config.middleware.use OmniAuth::Builder do provider :developer unless Rails.env.production? # You should replace it with your provider + + provider :apple, + Rails.application.credentials.dig(:apple, :client_id), + "", + { + scope: "email name", + team_id: Rails.application.credentials.dig(:apple, :team_id), + key_id: Rails.application.credentials.dig(:apple, :key_id), + pem: Rails.application.credentials.dig(:apple, :pem) + } end