Fix Admin LDAP login option

I'm not sure the LDAP login option has ever worked since we added the omniauth-ldap gem back in https://github.com/NREL/api-umbrella/issues/131 (we were missing some additional pieces needed beyond just adding the gem).

I recently had a need for the LDAP authentication setup, so I had fixed the issues in master a couple months ago: https://github.com/NREL/api-umbrella/commit/362b91733a27339f445fd853baa25220e93579c5

However, after merging in all the Rails 4 upgrade stuff (https://github.com/NREL/api-umbrella/pull/312), the LDAP login option became broken again. The issue now is that LDAP login page doesn't have the Rails CSRF token on it, so Rails is rejecting the callback endpoint.

This CSRF issue is pretty similar to the issue we've seen with the developer login strategy: https://github.com/omniauth/omniauth/pull/674 For the developer strategy, we've just disabled CSRF, since it's only used in development, but we probably don't want to do that for the LDAP strategy.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Fix Admin LDAP login option #316

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Fix Admin LDAP login option #316

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions