15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
# File 'lib/double_trouble/protection.rb', line 15
def protect_from_double_trouble(resource_name, options = {})
self.double_trouble_nonce_param ||= :form_nonce
self.double_trouble_nonce_store ||= CachedNonce
around_filter(options.slice(:only, :except)) do |controller, action_block|
if controller.send(:protect_against_double_trouble?)
nonce = controller.params[double_trouble_nonce_param]
double_trouble_nonce_store.valid?(nonce) || raise(InvalidNonce)
action_block.call
controller.instance_variable_get("@#{resource_name}").tap do |resource|
resource.present? && !resource.new_record? && double_trouble_nonce_store.store!(nonce)
end
else
action_block.call
end
end
end
|