chinwag/chinwagsocial
chinwag/chinwagsocial
2
0
Fork 0
Code Issues Pull requests Releases 14 Wiki Activity

Merge pull request from GHSA-vm39-j3vx-pch3

Browse source 
* Prevent different identities from a same SSO provider from accessing a same account

* Lock auth provider changes behind `ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH=true`

* Rename methods to avoid confusion between OAuth and OmniAuth
This commit is contained in:
Claire 2024-02-14 15:16:07 +01:00 committed by GitHub
commit 6f36b633a7
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 43 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

2
app/controllers/auth/omniauth_callbacks_controller.rb
View file

@ -5,7 +5,7 @@ class Auth::OmniauthCallbacksController < Devise::OmniauthCallbacksController
def self.provides_callback_for(provider)
define_method provider do
@user = User.find_for_oauth(request.env['omniauth.auth'], current_user)
@user = User.find_for_omniauth(request.env['omniauth.auth'], current_user)
if @user.persisted?
LoginActivity.create(