diff --git a/back/Gemfile b/back/Gemfile index b2a120a..fdab0f8 100644 --- a/back/Gemfile +++ b/back/Gemfile @@ -64,7 +64,5 @@ gem 'omniauth-github' gem "omniauth-rails_csrf_protection" # GitHubAPI用 gem "octokit" -# フロントとバックを分けているので同じサイト判定させるためのgem -gem 'rails_same_site_cookie' # envを使うためのGem gem 'dotenv-rails' \ No newline at end of file diff --git a/back/Gemfile.lock b/back/Gemfile.lock index ce32ff8..f5c2438 100644 --- a/back/Gemfile.lock +++ b/back/Gemfile.lock @@ -241,9 +241,6 @@ GEM rails-html-sanitizer (1.6.0) loofah (~> 2.21) nokogiri (~> 1.14) - rails_same_site_cookie (0.1.9) - rack (>= 1.5) - user_agent_parser (~> 2.6) railties (7.1.3.2) actionpack (= 7.1.3.2) activesupport (= 7.1.3.2) @@ -292,7 +289,6 @@ GEM tzinfo (2.0.6) concurrent-ruby (~> 1.0) uri (0.13.0) - user_agent_parser (2.17.0) version_gem (1.1.4) warden (1.2.9) rack (>= 2.0.9) @@ -326,7 +322,6 @@ DEPENDENCIES puma (>= 5.0) rack-cors rails (~> 7.1.3, >= 7.1.3.2) - rails_same_site_cookie rspec-rails shoulda-matchers tzinfo-data diff --git a/back/app/controllers/application_controller.rb b/back/app/controllers/application_controller.rb index eef3bba..d7e3630 100644 --- a/back/app/controllers/application_controller.rb +++ b/back/app/controllers/application_controller.rb @@ -1,14 +1,14 @@ class ApplicationController < ActionController::API include ActionController::Cookies include DeviseTokenAuth::Concerns::SetUserByToken - before_action :set_auth_headers_from_cookies + prepend_before_action :set_auth_headers_from_cookies private def set_auth_headers_from_cookies - request.headers['access-token'] ||= cookies['access-token'] - request.headers['client'] ||= cookies['client'] - request.headers['uid'] ||= cookies['uid'] - request.headers['expiry'] ||= cookies['expiry'] + request.headers['access-token'] ||= request.cookies['access-token'] + request.headers['client'] ||= request.cookies['client'] + request.headers['uid'] ||= request.cookies['uid'] + request.headers['expiry'] ||= request.cookies['expiry'] end end diff --git a/back/app/controllers/auth/omniauth_callbacks_controller.rb b/back/app/controllers/auth/omniauth_callbacks_controller.rb index 23ebeb7..3bb0bd4 100644 --- a/back/app/controllers/auth/omniauth_callbacks_controller.rb +++ b/back/app/controllers/auth/omniauth_callbacks_controller.rb @@ -1,4 +1,9 @@ class Auth::OmniauthCallbacksController < DeviseTokenAuth::OmniauthCallbacksController + skip_before_action :set_auth_headers_from_cookies + + # API-only mode does not include flash, so no-op to prevent NameError + def set_flash_message(key, kind, options = {}); end + alias_method :set_flash_message!, :set_flash_message def redirect_callbacks user = User.from_omniauth(request.env['omniauth.auth']) diff --git a/back/spec/requests/api/v1/users_spec.rb b/back/spec/requests/api/v1/users_spec.rb index be25a1a..159a61f 100644 --- a/back/spec/requests/api/v1/users_spec.rb +++ b/back/spec/requests/api/v1/users_spec.rb @@ -12,6 +12,19 @@ expect(json['success']).to be true expect(json['user']['name']).to eq(user.name) end + + it 'Cookieで認証できる' do + tokens = auth_headers(user) + cookies['access-token'] = tokens['access-token'] + cookies['client'] = tokens['client'] + cookies['uid'] = tokens['uid'] + cookies['expiry'] = tokens['expiry'] + + get '/api/v1/me' + expect(response).to have_http_status(:ok) + json = JSON.parse(response.body) + expect(json['success']).to be true + end end context '未認証の場合' do diff --git a/back/spec/requests/auth/omniauth_callbacks_spec.rb b/back/spec/requests/auth/omniauth_callbacks_spec.rb new file mode 100644 index 0000000..d83a4bb --- /dev/null +++ b/back/spec/requests/auth/omniauth_callbacks_spec.rb @@ -0,0 +1,62 @@ +require 'rails_helper' + +RSpec.describe 'Auth::OmniauthCallbacks', type: :request do + let(:omniauth_auth) do + OmniAuth::AuthHash.new({ + provider: 'github', + uid: 'github_uid_test', + info: { name: 'Test User', email: 'test@example.com', nickname: 'testuser' }, + credentials: { token: 'github_access_token' } + }) + end + + before do + OmniAuth.config.test_mode = true + OmniAuth.config.request_validation_phase = nil + OmniAuth.config.mock_auth[:github] = omniauth_auth + end + + after do + OmniAuth.config.test_mode = false + OmniAuth.config.request_validation_phase = OmniAuth::AuthenticityTokenProtection + end + + describe 'GET /omniauth/github/callback' do + context '新規ユーザーの場合' do + it 'ユーザーを作成してrecordページにリダイレクトする' do + get '/omniauth/github/callback' + expect(response).to redirect_to("#{ENV['FRONT_URL']}/record") + end + + it '認証Cookieをセットする' do + get '/omniauth/github/callback' + expect(response.cookies['access-token']).to be_present + expect(response.cookies['client']).to be_present + expect(response.cookies['uid']).to be_present + expect(response.cookies['expiry']).to be_present + end + end + + context '既存ユーザーの場合' do + before { create(:user, uid: 'github_uid_test', provider: 'github') } + + it 'recordページにリダイレクトする' do + get '/omniauth/github/callback' + expect(response).to redirect_to("#{ENV['FRONT_URL']}/record") + end + end + + context 'GitHubユーザーが取得できない場合' do + before do + allow(User).to receive(:from_omniauth).and_return( + build(:user, uid: nil).tap { |u| u.valid? } + ) + end + + it 'エラーページにリダイレクトする' do + get '/omniauth/github/callback' + expect(response.location).to include('status=error') + end + end + end +end