auv

Activity Graph

Page 1 of 1

2018-09-01

[17:56:31] auv: *.net *.split

2018-08-04

[17:21:51] auv: Ping timeout: 240 seconds
[17:22:59] auv: has joined #ruby

2018-06-02

[01:31:20] auv: has joined #ruby

2018-05-30

[00:05:48] auv: Ping timeout: 265 seconds

2018-05-29

[02:47:08] auv: *.net *.split
[02:47:48] auv: has joined #RubyOnRails
[02:48:09] auv: has joined #ruby

2018-04-26

[02:12:53] auv: Ping timeout: 256 seconds

2018-04-25

[12:25:56] auv: *.net *.split
[12:27:15] auv: has joined #ruby
[12:27:32] auv: has joined #RubyOnRails
[15:01:27] auv: *.net *.split
[15:03:06] auv: has joined #RubyOnRails
[15:03:21] auv: has joined #ruby

2018-04-20

[14:11:45] auv: has joined #RubyOnRails
[14:11:53] auv: has joined #ruby

2018-04-10

[14:17:45] auv: Quit: ~
[14:18:07] auv: has joined #RubyOnRails
[14:18:23] auv: has joined #ruby

2018-03-16

[16:03:02] auv: *.net *.split
[16:11:01] auv: has joined #RubyOnRails
[16:11:17] auv: has joined #ruby
[22:07:19] auv: *.net *.split
[22:07:54] auv: has joined #ruby
[22:07:55] auv: has joined #RubyOnRails
[22:08:30] auv: Max SendQ exceeded
[22:10:35] auv: has joined #RubyOnRails
[22:10:51] auv: has joined #ruby

2018-03-02

[04:17:53] auv: has joined #RubyOnRails
[04:18:09] auv: has joined #ruby

2018-02-20

[02:50:05] auv: has joined #RubyOnRails
[02:50:21] auv: has joined #ruby

2018-02-07

[08:44:15] auv: Quit: Connection closed for inactivity

2018-02-06

[15:24:37] auv: has joined #RubyOnRails
[15:24:53] auv: has joined #ruby

2018-02-05

[01:01:19] auv: https://www.irccloud.com/pastebin/jY4YzANv/annoyingdevise
[01:01:37] auv: ^ That was the solution to the above if it was driving anyone else similarly insane
[03:12:09] auv: Quit: Connection closed for inactivity
[03:18:30] auv: has joined #RubyOnRails
[03:18:30] auv: has joined #ruby

2018-02-04

[21:50:37] auv: has joined #ruby
[21:50:38] auv: has joined #RubyOnRails
[21:51:02] auv: hey folks. Wondering if anyone here has familiarity with patching out routes added by gems.
[21:51:39] auv: Context: Need a temporary fix pending the merging and releasing of https://github.com/plataformatec/devise/pull/4775
[21:51:59] auv: Here's the route: https://github.com/plataformatec/devise/pull/4775#diff-90342e8c4b05553060e7a669b0725288R450
[21:52:46] auv: Specifically, Facebook oauth connection is vulnerable to CSRF because Facebook won't add CSRF tokens to their connection endpoint. So we need to patch it on our end by only allowing POST requests.
[21:53:17] auv: So specifically I want to stop requests to `/:resource/auth/facebook` that are using POST
[21:54:03] auv: So I'd like to be able to remove the route by it's name: `facebook_omniauth_authorize`, but only the `get` match.
[21:54:33] auv: My other solution is to monkeypatch the associated Devise controller to stop GET requests specifically for Facebook, but that seems uglier than destroying the specific route.
[21:55:43] auv: I hoped that would work, but I just get a Rails routing error.
[21:57:29] auv: From my discussions with one of the maintainers apparently that is not the case for this route :(
[21:57:36] auv: But if you can find a way I'd be super grateful
[21:59:56] auv: From the look of it this will still call `devise_omniauth_callback` no?
[22:00:05] auv: which sets the route unconditionally
[22:00:45] auv: A lot of the ones that it allows you to override have an if for if the route is already defined, but this one does not
[22:02:02] auv: hmm, so setting my own callback path?
[22:04:00] auv: that appears to be wanting to set the callback, which isn't what we're worried about. At that point the user's account has already been connected to FB, we want to edit the pre-redirect route, which they call "passthru" (so that an attacker cannot CSRF and connect their own malicious FB account to our user's existing account)
[22:05:57] auv: Devise source code is really hard to read lol X_X
[22:11:13] auv: From what I've heard, Facebook can't really add CSRF protection onto the endpoint because it'd break a bunch of existing apps.
[22:11:21] auv: I'd really like it if they let app authors opt into it
[22:14:00] auv: That's what me and the guy pinged in the PR came to the conclusion of
[22:15:04] auv: Yeah, that's a possible solution, but forking devise seems sucky. Trying to find a way to patch it (temporarily) in our code via something like `if request.method == 'GET' raise SomeException end
[22:19:03] auv: Fair enough! Thanks for looking into it with me :)

2018-01-20

[11:26:50] auv: Quit: Connection closed for inactivity

2018-01-07

[20:35:04] auv: *.net *.split
[21:07:16] auv: has joined #RubyOnRails
[21:07:16] auv: has joined #ruby
[21:07:43] auv: Max SendQ exceeded
[21:08:34] auv: has joined #RubyOnRails
[21:08:34] auv: has joined #ruby

2017-12-27

[19:13:39] auv: Read error: Connection reset by peer
[19:44:24] auv: has joined #RubyOnRails
[19:44:24] auv: has joined #ruby

2017-12-01

[02:28:43] auv: has joined #ruby

2017-11-27

[11:53:53] auv: Ping timeout: 250 seconds
[11:55:47] auv: has joined #RubyOnRails
[11:55:47] auv: has joined #ruby

2017-11-13

[21:51:48] auv: Ping timeout: 255 seconds

2017-09-02

[02:24:49] auv: hey folk!
[02:29:56] auv: How does it work when exceptions occur after another raise-rescue pair happens?
[02:36:40] auv: nvm, i made some sample code and that doesn't seem to be the problem I'm facing
[03:07:24] auv: Oh man waiting for CI sucks

2017-06-20

[00:17:16] auv: *.net *.split
[00:22:37] auv: has joined #RubyOnRails
[00:23:00] auv: has joined #ruby

2017-06-17

[18:48:52] auv: *.net *.split
[18:50:15] auv: has joined #ruby
[18:50:16] auv: has joined #RubyOnRails

2017-05-08

[01:02:24] auv: Anyone know of a pre-existing solution that takes dynamically generated inline JS (things with ERB variables in them) and puts it into a file
[01:02:33] auv: I'm doing it manually on a large app right now and it's killing me lol
[18:56:31] auv: has joined #RubyOnRails
[18:56:31] auv: has joined #ruby

2017-05-06

[21:27:51] auv: has joined #RubyOnRails
[21:27:51] auv: has joined #ruby
[21:29:11] auv: Client Quit
[21:29:37] auv: has joined #RubyOnRails
[21:29:37] auv: has joined #ruby

2017-05-03

[00:52:30] auv: no matter how fast tests get CI still takes forever

2017-05-01

[16:41:12] auv: *.net *.split
[16:47:35] auv: has joined #RubyOnRails
[16:47:35] auv: has joined #ruby

2017-04-26

[21:45:24] auv: K-Lined
[21:52:40] auv: has joined #ruby
[21:52:42] auv: has joined #RubyOnRails