Class: Cuba::Safe::CSRF::Helper

Inherits:
Object
  • Object
show all
Defined in:
lib/cuba/safe/csrf.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(req) ⇒ Helper

Returns a new instance of Helper.



11
12
13
 
# File 'lib/cuba/safe/csrf.rb', line 11

def initialize(req)
  @req = req
end

Instance Attribute Details

#reqObject (readonly)

Returns the value of attribute req.



9
10
11
 
# File 'lib/cuba/safe/csrf.rb', line 9

def req
  @req
end

Instance Method Details

#form_tagObject 



33
34
35
 
# File 'lib/cuba/safe/csrf.rb', line 33

def form_tag
  return %Q(<input type="hidden" name="csrf_token" value="#{ token }">)
end

#meta_tagObject 



37
38
39
 
# File 'lib/cuba/safe/csrf.rb', line 37

def meta_tag
  return %Q(<meta name="csrf_token" content="#{ token }">)
end

#reset!Object 



19
20
21
 
# File 'lib/cuba/safe/csrf.rb', line 19

def reset!
  session.delete(:csrf_token)
end

#safe?Boolean

Returns:

  • (Boolean) 


23
24
25
26
27
 
# File 'lib/cuba/safe/csrf.rb', line 23

def safe?
  return req.get? || req.head? ||
    req.params["csrf_token"] == token ||
    req.env["HTTP_X_CSRF_TOKEN"] == token
end

#sessionObject 



41
42
43
 
# File 'lib/cuba/safe/csrf.rb', line 41

def session
  return req.env["rack.session"]
end

#tokenObject 



15
16
17
 
# File 'lib/cuba/safe/csrf.rb', line 15

def token
  session[:csrf_token] ||= SecureRandom.base64(32)
end

#unsafe?Boolean

Returns:

  • (Boolean) 


29
30
31
 
# File 'lib/cuba/safe/csrf.rb', line 29

def unsafe?
  return !safe?
end