Slide 1
Slide 1 text
وํOmniAuth::AuthHash
Λ͍ͬͯ·͔͢ʁ
@teitei_tk
Slide 2
Slide 2 text
͓લ୭ͳΜͩɻ
• ΠϯλʔωοτͰ@teitei_tkɺ
teitei-tkͰੜଉ͍ͯ͠·͢ɻΞ
ΠίϯӈͰ͓ͬͯΓ·͢ɻ
• ࠓͷͱ͜Ζɺfreeeͱ͍͏ձࣾʹ
ॴଐ͍ͯ͠·͢ɻ
• झຯมͳTγϟπΛணΔ͜ͱɻ
23:00͔Βχϡʔε൪ͷ࣮گΛ
͢Δ͜ͱͰ͢ɻ
• কདྷσΟετϐΞͳੈքͰ
ʹͳͬͯ༨ੜΛա͍ͨ͝͠ɻ
Slide 3
Slide 3 text
ࠓ͢͜ͱ
Slide 4
Slide 4 text
ͷલʹ
OmniAuthʹ͍ͭͯ
Slide 5
Slide 5 text
OmniAuthʹ͍ͭͯͷৼΓฦΓ
• WebΞϓϦέʔγϣϯʹͯϓϩόΠμೝূͷखஈΛఏڙ͢
ΔϥΠϒϥϦ
• ޠฐΛڪΕͣʹݴ͑ɺ͍ΘΏΔOAuthೝূ(Twitterɺ
GithubɺGoogle, etc)ΛؾܰʹఏڙͰ͖ΔϥΠϒϥϦ
• ࣗલͷOAuthೝূ࣮͢Δ͜ͱ͕Ͱ͖·͢ɻ
Slide 6
Slide 6 text
OmniAuthͰGithubΛݕࡧ
• Repository 3k
• Code 1M
• Commits 66k
• https://github.com/
search?q=omniauth
• ͍ΘΏΔσϑΝΫτε
λϯμʔυ
Slide 7
Slide 7 text
ຊ
Slide 8
Slide 8 text
وํOmniAuth::AuthHash
Λ͍ͬͯ·͔͢ʁ
Slide 9
Slide 9 text
OmniAuth::AuthHashʹ͍ͭͯ
• ϓϩόΠμೝূޙ
ʹؼͬͯ͘Δύϥ
ϝʔλͷͷClass
Ͱ͢ɻ
• ͜ͷUMLਤͰ
Callback Phase͔
ΒͷokͷฦΓͰ
͢Ͷɻ
Slide 10
Slide 10 text
࣮ࡍʹݟͨ΄͏͕ૣ͍
Slide 11
Slide 11 text
• rack middlewareɾRailsͷઆ໌ʹͳΔͱ͘ͳΔͷͰল͖
·͢ɻ
• ࠓճRails্ͰOmniAuthΛར༻͍ͯ͠ΔࣄΛલఏͰ͢ɻ
Slide 12
Slide 12 text
lib/omniauth/strategy.rb
• ࣮ࡍʹOmniAuthͷιʔείʔυΛಡΜͰ͍͘ɻ
• lib/omniauth/strategy.rb
• Githubʹhosting͞Ε͍ͯ·͢ɻ
• 1. L176:ͷcall!͔ΒL367:callback_phase͕ݺΕ·͢ɻ
• env['omniauth.auth'] = auth_hash
• ͜ͷauth_hash͕ࠓճͷओͰ͢ɻ
Slide 13
Slide 13 text
ControllerͰऔಘ͢Δ߹
• RailsଆͰ͜Μͳײ
͡ͰऔಘͰ͖·͢ɻ
1 class SessionController < ApplicationController
2 def create
3 # do something
4 puts auth_hash
5 end
6
7 protected
8
9 def auth_hash
10 request.env['omniauth.auth']
11 end
12 end
Slide 14
Slide 14 text
͜ͷ͋ͱΑ͋͘Δॲཧ
• ActiveModelͱͯ͠ද
ݱΛߦ͏
• ActiveRecordͰRecord
ΛՃ͢Δ
• αϯϓϧͱͯ͠ӈͷ
Α͏ͳίʔυͰ͠ΐ͏
͔ɻ
1 class Github::Schema
2 include ActiveModel::Model
3 include ActiveModel::Attributes
4
5 validates :provider, :uid, presence: true
6
7 attribute :provider, :string
8 attribute :uid, :string
9
10 # do something
11 end
12
13 github = Github::Schema.new(auth_hash)
Slide 15
Slide 15 text
• ActiveModel::ForbiddenAttributesError
Slide 16
Slide 16 text
• ??????????????????
• Α͘Θ͔ΒΜ
Slide 17
Slide 17 text
Α͘Θ͔ΒΜɻ
Slide 18
Slide 18 text
ιʔείʔυΛ͏ɻ
Slide 19
Slide 19 text
OmniAuth::AuthHash
• OmniAuth::AuthHash OmniAuth::KeyStore Λར༻͠
͍ͯΔɻ
• Hashieͱ͍͏module͕ఏڙ͍ͯ͠Δ
Hashie::Mashͱ͍͏classΛܧঝ͍ͯ͠Δɻ
Slide 20
Slide 20 text
Hashie::Mash
• Object#respond_to_missing? Λܧঝ͍ͯ͠Δɻ
• Line:251ʹ࣮͕͋Γ·͕͢ɺsuffix͕ͭ͘ίʔυͳΒ
ແ༻ͰtrueΛฦ͍ͯ͠Δɻ
Slide 21
Slide 21 text
ActiveModel::ForbbidenAttri
butesErrorͱ
• Railsͷstrong parameterͱ͍͏Έ
Slide 22
Slide 22 text
ActiveModel::ForbbidenAttri
buteError
1 module ForbiddenAttributesProtection # :nodoc:
2 private
3 def sanitize_for_mass_assignment(attributes)
4 if attributes.respond_to?(:permitted?)
5 raise ActiveModel::ForbiddenAttributesError if !attributes.permitted?
6 attributes.to_h
7 else
8 attributes
9 end
10 end
11 alias :sanitize_forbidden_attributes :sanitize_for_mass_assignment
12 end
13 end
Slide 23
Slide 23 text
צͷྑ͍ํࠓͷͰؾ
͔ͮ͘͠Εͳ͍ɻ
Slide 24
Slide 24 text
#ຊʹ͋Δා͍ίʔυ
Slide 25
Slide 25 text
͜͜Ͱ͏Ұ
ActiveModel::ForbbidenAttributeError
1 module ForbiddenAttributesProtection # :nodoc:
2 private
3 def sanitize_for_mass_assignment(attributes)
4 if attributes.respond_to?(:permitted?)
5 raise ActiveModel::ForbiddenAttributesError if !attributes.permitted?
6 attributes.to_h
7 else
8 attributes
9 end
10 end
11 alias :sanitize_forbidden_attributes :sanitize_for_mass_assignment
12 end
13 end
Slide 26
Slide 26 text
• Hashie Object#respond_to_missing? Λܧঝ͓ͯ͠Γɺಛఆ
ͷsuffix͕͍ͭͨίʔυͳΒશͯtrue͕ม͑ΔΑ͏ʹͳ͍ͬͯ
Δɻ
• Omniauth::AuthHash(Hashie)Λར༻ͯ͠ActiveModelΛ࡞Δ
ͱɺsanitize_for_mass_assignmentʹͯpermit͞Εͨparameter
͔Λrespond_to?(:permitted?)Ͱݟ͍ͯΔ
• if attributes.respond_to?(:permitted?)ͷॲཧ͕௨ͬͯ͠·
͏ɻ(͜͜Ͱ͍͏attributesͱOmniauth::AuthHash)
• ݁Ռͱͯ͠ɻActiveModel::ForbbidenAttributeError͕ൃੜ͢Δɻ
Slide 27
Slide 27 text
ͳͥHashieΛར༻͍ͯ͠Δͷ
͔ɾɾɾʁ
• Θ͔ΒΜɻ
• ා͍
Slide 28
Slide 28 text
·ͱΊ
• OmniAuth::AuthHashͨͩͷHashClassͰͳ͍ɻ
• Object#respond_to_missing? Λܧঝͯ͠ಠࣗʹॲཧΛ࣮͠
͍ͯͨΓɺmethod໊͕suffixͳΒtrueΛฦ͢ͳͲɺRails͕ఏڙ
͍ͯ͠Δ Active* ܥͷModuleͱͷ૬ੑ͕ѱ͍ɻ
• ૬ੑͱ͍͏͔ߦّ͕ѱ͍ɾɾɾʁ
• ͦͷ··ར༻͢Δͷෆ۩߹ͷԹচʹͳΔͷͰɺ࠶ؼॲཧΛߦͬ
ͯϓϨʔϯͳHashClassԽ͢ΔͳͲͷରԠΛ͓͢͢Ί͠·͢ɻ
Slide 29
Slide 29 text
No content