Omniauth failed to detect the url -> Authentication passthru

[seballot]

Configuration

• Provider Gem: omniauth
• Framework: Rails 7

Problem and easy fix

I don't know why, but inside omniauth strategy, the current_path is always with double /
i.e. //users/auth/xxx instead of /users/auth/xxx

So it makes the method

omniauth/lib/omniauth/strategy.rb

Lines 293 to 295 in 66110da

	def on_path?(path)
	current_path.casecmp(path).zero?
	end

always returning false. Then the middleware do not catch the route and it always ends up with Authentication passthru (note that is only hapenning on my production env, not on my local dev)

An easy fix is to change the method to following
to

def on_path?(path)
  current_path.squeeze("/").casecmp(path.squeeze("/")).zero?
end

I know this is probably a problem linked to my app, but I have struggling 4hours on this. It's a easy change that could save time for others

Thank you !
Sebastian
Ps: sorry I have been lazy for not submitting a PR for such small change

[tomatkapitalise]

Just to +1 this, such a messy bug to catch. My setup was a NGINX proxy_pass in a Dockerfile routing /api to http://rails:3000/.

The bug is that in NGINX if your location /api/ { line doesn't END(!!!) with a tailing-slash, then the trailing slash isn't removed when it's passed to Rails, meaning that Omniauth see's //users/auth/microsoft_graph_auth which it declares as invalid. Jury's out on whether that's right or wrong given technically they are two different URLs, but yeah.

Either way, half my weekend spent on a missing /.