Class: Intra::RequestForgeryProtection

Inherits:
Object
  • Object
show all
Defined in:
lib/intra/request_forgery_protection.rb

Overview

Based on ActionController::RequestForgeryProtection.

Instance Method Summary collapse

Constructor Details

#initialize(env) ⇒ RequestForgeryProtection

Returns a new instance of RequestForgeryProtection.



7
8
9
# File 'lib/intra/request_forgery_protection.rb', line 7

def initialize(env)
  @env = env
end

Instance Method Details

#callObject



27
28
29
# File 'lib/intra/request_forgery_protection.rb', line 27

def call
  verify_authenticity_token
end

#paramsObject



23
24
25
# File 'lib/intra/request_forgery_protection.rb', line 23

def params
  @_params ||= request.parameters
end

#requestObject



11
12
13
# File 'lib/intra/request_forgery_protection.rb', line 11

def request
  @_request ||= ActionDispatch::Request.new(@env)
end

#reset_sessionObject



19
20
21
# File 'lib/intra/request_forgery_protection.rb', line 19

def reset_session
  request.reset_session
end

#sessionObject



15
16
17
# File 'lib/intra/request_forgery_protection.rb', line 15

def session
  request.session
end

#verify_authenticity_tokenObject



31
32
33
34
35
36
# File 'lib/intra/request_forgery_protection.rb', line 31

def verify_authenticity_token
  return if verified_request?

  Intra.logger.warn "Can't verify CSRF token authenticity"
  handle_unverified_request
end