Class: Intra::RequestForgeryProtection

Inherits:

Object

• Object
• Intra::RequestForgeryProtection

Defined in:

lib/intra/request_forgery_protection.rb

Overview

Based on ActionController::RequestForgeryProtection.

Instance Method Summary

• #call ⇒ Object
• #initialize(env) ⇒ RequestForgeryProtection constructor

  A new instance of RequestForgeryProtection.

• #params ⇒ Object
• #request ⇒ Object
• #reset_session ⇒ Object
• #session ⇒ Object
• #verify_authenticity_token ⇒ Object

Constructor Details

#initialize(env) ⇒ RequestForgeryProtection

Returns a new instance of RequestForgeryProtection.

# File 'lib/intra/request_forgery_protection.rb', line 7

def initialize(env)
  @env = env
end

Instance Method Details

#call ⇒ Object

# File 'lib/intra/request_forgery_protection.rb', line 27

def call
  verify_authenticity_token
end

#params ⇒ Object

# File 'lib/intra/request_forgery_protection.rb', line 23

def params
  @_params ||= request.parameters
end

#request ⇒ Object

# File 'lib/intra/request_forgery_protection.rb', line 11

def request
  @_request ||= ActionDispatch::Request.new(@env)
end

#reset_session ⇒ Object

# File 'lib/intra/request_forgery_protection.rb', line 19

def reset_session
  request.reset_session
end

#session ⇒ Object

# File 'lib/intra/request_forgery_protection.rb', line 15

def session
  request.session
end

#verify_authenticity_token ⇒ Object

# File 'lib/intra/request_forgery_protection.rb', line 31

def verify_authenticity_token
  return if verified_request?

  Intra.logger.warn "Can't verify CSRF token authenticity"
  handle_unverified_request
end