Module: Mack::Utils::ForgeryDetector::ClassMethods

Defined in:
lib/mack/utils/forgery_detector.rb

Instance Method Summary collapse

Instance Method Details

#disable_forgery_detector(options = {}) ⇒ Object

By default the framework will try to validate incoming HTTP request (other than GET) by validating a secret token stored as hidden field in the posted form.

There are 2 ways of disabling this feature:

  1. Globally disabling this feature by setting mack::disable_forgery_detector to true in app_config

  2. In a controller, call this method (disable_forgery_detector) to disable the detection for a specified set of methods.

Supported options: :only => list_of_methods.

This directive will tell the framework only disable the detection for the specified list of methods.

:except => list_of_methods

This directive will tell the framework to disable the detection for all methods except the ones specified.

Example: class MyController

include Mack::Controller
disable_forgery_detector :only => [:test1, :test2]

def test1
end

def test2

end

Notes:

  • This method will not work properly if both :only and :except options are passed in

  • In inherited case, the following behavior is to be expected:

    • If the super class declare that it wants to disable detection for all methods, and the subclass declare that it wants to disable detection for only a set of methods, then when the subclass is run, the “disable all detection” from the parent class will be overwritten

    • On the other hand, if the super class declare that it wants to disable a set of methods, and the subclass also declare it wants to disable a set of methods from its own set. Then the “only” list will be the combination of both

    • The first rule apply in inheritance; this method will not work properly if superclass declear “except” list, and subclass declare “only” list



47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
 
# File 'lib/mack/utils/forgery_detector.rb', line 47

def disable_forgery_detector(options = {})
  hash = self.ignored_actions
  hash[:all] = true and return if options.empty?

  # TODO: should raise error if type is invalid
  type = options[:only] ? :only : (options[:except] ? :except : :unknown)
  list = options[:only] ? [options[:only]].flatten : (options[:except] ? [options[:except]].flatten : [])
  if !list.empty?
    hash[type] ||= []
    hash[type] << list
    hash[type].flatten!
    hash[type].uniq!
    hash[:all] = false
  end
end

#ignored_actionsObject

:nodoc:



63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
 
# File 'lib/mack/utils/forgery_detector.rb', line 63

def ignored_actions # :nodoc:
  unless @ignored_actions
    @ignored_actions = {}
    sc = self.superclass
    if sc.class_is_a?(Mack::Controller)
      sc_hash = sc.ignored_actions
      if sc_hash[:only]
        @ignored_actions[:only] ||= []
        @ignored_actions[:only] << sc_hash[:only]
        @ignored_actions[:only].flatten!
      elsif sc_hash[:except]
        @ignored_actions[:except] ||= []
        @ignored_actions[:except] << sc_hash[:except]
        @ignored_actions[:except].flatten!
      elsif sc_hash[:all]
        @ignored_actions[:all] = sc_hash[:all]
      end
    end
  end
  return @ignored_actions
end