From 135ba1e1241c41f486ef516eb054837109b5535b Mon Sep 17 00:00:00 2001
From: Benjamin Schaaf <ben.schaaf@gmail.com>
Date: Thu, 31 Oct 2024 14:36:49 +1100
Subject: [PATCH] steam

---
 lib/monkey/patches.rb | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/lib/monkey/patches.rb b/lib/monkey/patches.rb
index deb60a63..dbb80355 100644
--- a/lib/monkey/patches.rb
+++ b/lib/monkey/patches.rb
@@ -1 +1,30 @@
 require 'monkey/bootstrap_form/markdown_editor'
+
+module OmniAuth
+  module Strategies
+    class Steam < OmniAuth::Strategies::OpenID
+      def callback_phase
+        return fail!(:fuck_off) unless validate_params(openid_response.signed_fields)
+        super
+      end
+
+    private
+      def validate_params(fields)
+        allowed_params = [
+          'openid.ns',
+          'openid.mode',
+          'openid.op_endpoint',
+          'openid.claimed_id',
+          'openid.identity',
+          'openid.return_to',
+          'openid.response_nonce',
+          'openid.assoc_handle',
+          'openid.signed',
+          'openid.sig',
+        ]
+
+        fields.all? { |key| allowed_params.include?(key) }
+      end
+    end
+  end
+end