From 6548f38da20c22e32a5be408e82c15b5ad664b37 Mon Sep 17 00:00:00 2001
From: cjcolvar <chris.colvard@gmail.com>
Date: Fri, 23 Aug 2024 16:58:57 -0400
Subject: [PATCH] Use auto-submitting form to workaround omniauth2 requirement
 for only POST requests to auth endpoints

---
 app/controllers/users/sessions_controller.rb   |  5 +----
 app/views/users/sessions/omniauth_new.html.erb | 11 +++++++++++
 2 files changed, 12 insertions(+), 4 deletions(-)
 create mode 100644 app/views/users/sessions/omniauth_new.html.erb

diff --git a/app/controllers/users/sessions_controller.rb b/app/controllers/users/sessions_controller.rb
index 1205dd554f..d016d51199 100644
--- a/app/controllers/users/sessions_controller.rb
+++ b/app/controllers/users/sessions_controller.rb
@@ -15,10 +15,7 @@
 class Users::SessionsController < Devise::SessionsController
   def new
     if Avalon::Authentication::VisibleProviders.length == 1 && params[:admin].blank?
-      omniauth_params = params.reject { |k,v| ['controller','action'].include?(k) }
-      omniauth_params.permit!
-      login_path = user_omniauth_authorize_path(Avalon::Authentication::VisibleProviders.first[:provider], omniauth_params)
-      redirect_to login_path
+      render :omniauth_new, layout: false
     else
       super
     end
diff --git a/app/views/users/sessions/omniauth_new.html.erb b/app/views/users/sessions/omniauth_new.html.erb
new file mode 100644
index 0000000000..b5a42bc611
--- /dev/null
+++ b/app/views/users/sessions/omniauth_new.html.erb
@@ -0,0 +1,11 @@
+<html>
+<head>
+  <%= csrf_meta_tags %>
+</head>
+<body onLoad="doSave()">
+<%= button_to 'Login', user_omniauth_authorize_path(Avalon::Authentication::VisibleProviders.first[:provider], params.slice(:provider).permit!), form: { name: 'form1' } %>
+</body>
+<script>
+  function doSave() { document.form1.submit() }
+</script>
+</html>