gorhill / uMatrix

uMatrix: Point and click matrix to filter net requests according to source, destination and type

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

uMatrix can interfere with Google OAuth for some sites, even when disabled for the site

pr0t0 opened this issue · comments

commented

Chrome for PC: Version 64.0.3282.140 (Official Build) (64-bit)
uMatrix: 1.3.2
To reproduce: visit https://laboratoryh.com/login using Google Chrome for PC and click "Sign in with Google"

I recently built this site using Angular 5, AngularFire2 v.5, and Firebase Firestore; and it uses Google OAuth for authentication to Firebase. The authentication performed as expected on both local and web test environments. However, when using the production site connected to the domain Google authentication failed with the nebulous error:

{code: "auth/network-request-failed", message: "A network error (such as timeout, interrupted connection or unreachable host) has occurred."}

I wasn't too concerned with uMatrix because I had it disabled for that site. Still, after much troubleshooting, I disabled my Chrome extensions one by one until I found that uMatrix was involved, if not responsible.

I'm fairly certain I've successfully used Google authentication for some web sites while running uMatrix, so it's likely the problem is the specific combination of technologies at use here. If I had to guess, I would say it's the AngularFireAuth library and uMatrix.

The fact that I had uMatrix disabled for the site, but still had the problem is what really surprised/concerns me. Anyway, just thought you might like to know. My work around is to disable the extension at login, then re-enable afterward.

Here's some code from my auth.service.ts, although I don't know if that will be any help.

`export class AuthService {

public user: Observable;

constructor(private afAuth: AngularFireAuth,
private afs: AngularFirestore,
private router: Router) {

  // Get auth data, then get firestore user document || null
  this.user = this.afAuth.authState
    .switchMap(user => {
      if (user) {
        return this.afs.doc<User>(`users/${user.uid}`).valueChanges()
      } else {
        return Observable.of(null)
      }
    })

}

//Google Login/Signup
googleLogin() {
const provider = new firebase.auth.GoogleAuthProvider()
return this.oAuthLogin(provider);
}

private oAuthLogin(provider) {
return this.afAuth.auth.signInWithPopup(provider)
.then((credential) => {
this.updateUserData(credential.user)
})
}

updateUserData(user) {
// Sets user data to firestore on login
const userRef: AngularFirestoreDocument = this.afs.doc(users/${user.uid});
const data: User = {
email: user.email,
uid: user.uid,
roles: {
subscriber: true
}
}
return userRef.set(data, { merge: true })
}`

I can't sign in even without uMatrix installed.

In any case, never file an issue here without first using the logger to assert that uMatrix is blocking/modifying something as per your current ruleset.

commented

I'll dig deeper into the authorization, it's working in the test environment (same code), but here's the log if you are interested.

Red on the XHR and the REFERER for https://laboratoryh.com/login

10:05:37 X   css https://labh-public.firebaseapp.com/__/auth/handler?apiKey=AIzaSyAzxugibid37bXa-xpmknoQFzSASrSf7rM&appName=%5BDEFAULT%5D&authType=signInViaPopup&providerId=google.com&scopes=profile&eventId=199398269&v=4.6.1{inline_style}
10:05:37 X   script https://labh-public.firebaseapp.com/__/auth/handler?apiKey=AIzaSyAzxugibid37bXa-xpmknoQFzSASrSf7rM&appName=%5BDEFAULT%5D&authType=signInViaPopup&providerId=google.com&scopes=profile&eventId=199398269&v=4.6.1{inline_script}
10:05:37 X   cookie https://labh-public.firebaseapp.com/{localStorage}
10:05:37 X -- xhr https://www.googleapis.com/identitytoolkit/v3/relyingparty/createAuthUri?key=AIzaSyAzxugibid37bXa-xpmknoQFzSASrSf7rM
10:05:37 X   script https://labh-public.firebaseapp.com/__/auth/handler.js
10:05:37 X   REFERER https://labh-public.firebaseapp.com/
10:05:37 X -- REFERER https://laboratoryh.com/login
10:05:37 X   doc https://labh-public.firebaseapp.com/__/auth/handler?apiKey=AIzaSyAzxugibid37bXa-xpmknoQFzSASrSf7rM&appName=%5BDEFAULT%5D&authType=signInViaPopup&providerId=google.com&scopes=profile&eventId=199398269&v=4.6.1

As stated on the front page of the project, any issue arising as a result of uMatrix enforcing whatever ruleset is in effect -- and as reported in the logger -- must not be reported here.