CVE-2015-9284

OmniAuth: Standardized Multi-Provider Authentication An Introduction OmniAuth is a library that standardizes multi-provider authentication for web applications It was created to be powerful, flexible, and do as little as possible Any developer can create strategies for OmniAuth that can authenticate users via disparate systems OmniAuth strategies have been created for e

A lightweight authorization library for Ruby on Rails that protects your routes with a simple password form.

Balrog Balrog is a lightweight authorization library for Ruby on Rails >= 5 written by Pixie Labs that can protect your routes Balrog can be configured to authorize users using a simple password or single sign-on or both If you choose to protect your routes with a password, the password will be stored as a password hash, not plain text, and Balrog provides a lightw

An Omniauth strategy for Login.gov

logingov Omniauth strategy This gem is an Omniauth strategy to provide authentication with Logingov in a rack application with the OpenID:Connect protocol ⚠️ Common Vulnerabilities and Exposure Warning: There is a known vulnerability with Omniauth that affects this gem as well as any implementation of Omniauth with a single strategy Please review CVE-2015-9284 for m

omniauth-ebay-oauth

omniauth-ebay-oauth OmniAuth Strategy for eBay Apps (for using with eBay REST APIs) Preface Why do I need it? There are a couple of other gems with OmniAuth strategies for eBay? eBay has two different authorization methods: Auth'n'auth and OAuth Technically, they are both uses OAuth2 protocol (just to embrace a little confusion) This gem implements authorization w

Recipe Catalog app [Rails/JQuery].

RECIPE-CAT Recipe-Cat is a Rails-based recipe catalog application It was developed using Ruby v231 The user can add recipes, view recipes, search recipes by ingredient, favorite a recipe, and comment on a recipe This application was created to meet the requirements of the learnco Rails portfolio project 12-Dec-20 Mitigate CVE-2015-9284 10-Dec-20 Update Heroku sta

Reproduction recipe for a problem with Bundler

Describe the problem as clearly as you can I wanted to upgrade a specific gem in our repository (activerecord-postgis-adapter) This is the entire diff: diff --git a/Gemfile b/Gemfile index 27df2168388edf2f4f5c 100644 --- a/Gemfile +++ b/Gemfile @@ -7,7 +7,7 @@ ruby "273" gem "actionpack-action_caching", git: "githubcom/rails/actionpack-ac

Deviseとomniauth-google-oauth2 omniauth v2 CSRF脆弱性 CVE-2015-9284の対応に伴う変更が入りv2から、 サービスプロバイダーのサービス認可画面へリダイレクトするエンドポイントPOSTのみに変更となりました。 解決策 omniauth-rails_csrf_protectionを導入 gem "omniauth-rails_csrf_protection"

UMD Libraries Fedora 4 Repository Administration Tool

archelon Archelon is the Web front-end for a Fedora 4 repository-based set of applications known collectively as "umd-fcrepo" The umd-fcrepo system consists of the following parts: umd-fcrepo-docker - a set of Docker images for running the Fedora repository platform Plastron - a utility application for performing batch operations on the Fedora repository Archelon -

Amazon Omniauth Sandbox Brought back this old PoC app to remind myself how Amazon OmniAuth works and confirm the plumbing is still OK Reminder to self—docs, right now, live here Also see CVE 2015 9284

Provides CSRF protection on OmniAuth request endpoint on Jets application

Omniauth - Jets CSRF Protection This gem provides protection against CVE-2015-9284 (Cross-Site Request Forgery on the request phase when using OmniAuth gem with a Ruby on Jets application) for Jets applications using OmniAuth gem It achieves this by integrating a CSRF token verifier that leverages the ActionController::RequestForgeryProtection This is a fork of cookpad/omn

OmniAuth Strategy for eBay Apps (for using with eBay REST APIs)

omniauth-ebay-oauth OmniAuth Strategy for eBay Apps (for using with eBay REST APIs) Preface Why do I need it? There are a couple of other gems with OmniAuth strategies for eBay? eBay has two different authorization methods: Auth'n'auth and OAuth Technically, they are both uses OAuth2 protocol (just to embrace a little confusion) This gem implements authorizatio

OmniAuth strategy for DingTalk.

Omniauth DingTalk Strategies Strategy to authenticate with DingTalk via OAuth2 in OmniAuth Get your API key at: open-devdingtalkcom/ Note the appId and the appSecret For more details, read the DingTalk docs: open-docdingtalkcom/docs/dochtm?spm=0000oVQWJc&treeId=168&articleId=104878&docType=1 Resolving-CVE-2015-9284 Go to: https

run code quality and security audit report with one command

CodeQuality Run code quality and security audit report with one command code_quality Principle If you can’t measure it, you can’t improve it Installation gem install code_quality Or add this line to your application's Gemfile: group :development do gem 'code_quality' end

Omniauth strategy to connect to https://forge.autodesk.com

Omniauth::Forge Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem Put your Ruby code in the file lib/omniauth/forge To experiment with that code, run bin/console for an interactive prompt TODO: Delete this and the text above, and describe your gem Installation Add this line to your applicatio

OmniAuth: Standardized Multi-Provider Authentication This is the documentation for the in-development branch of OmniAuth You can view the documentation for our latest release v204 here An Introduction OmniAuth is a library that standardizes multi-provider authentication for web applications It was created to be powerful, flexible, and do as little as possible Any deve

Provides CSRF protection on OmniAuth request endpoint on Rails application.

OmniAuth - Rails CSRF Protection This gem provides a mitigation against CVE-2015-9284 (Cross-Site Request Forgery on the request phase when using OmniAuth gem with a Ruby on Rails application) by implementing a CSRF token verifier that directly uses ActionController::RequestForgeryProtection code from Rails Usage Add this line to your application's Gemfile: gem "omn