steam

ozfortress · Oct 31, 2024 · 135ba1e · 135ba1e
1 parent 7e11e1a
commit 135ba1e
Showing 1 changed file with 29 additions and 0 deletions.
diff --git a/lib/monkey/patches.rb b/lib/monkey/patches.rb
@@ -1 +1,30 @@
 require 'monkey/bootstrap_form/markdown_editor'
+
+module OmniAuth
+  module Strategies
+    class Steam < OmniAuth::Strategies::OpenID
+      def callback_phase
+        return fail!(:fuck_off) unless validate_params(openid_response.signed_fields)
+        super
+      end
+
+    private
+      def validate_params(fields)
+        allowed_params = [
+          'openid.ns',
+          'openid.mode',
+          'openid.op_endpoint',
+          'openid.claimed_id',
+          'openid.identity',
+          'openid.return_to',
+          'openid.response_nonce',
+          'openid.assoc_handle',
+          'openid.signed',
+          'openid.sig',
+        ]
+
+        fields.all? { |key| allowed_params.include?(key) }
+      end
+    end
+  end
+end