Class: OmniAuth::JetsCsrfProtection::TokenVerifier

Inherits:

Object

Object
OmniAuth::JetsCsrfProtection::TokenVerifier

show all

Includes:: ActionController::RequestForgeryProtection, ActiveSupport::Configurable

Defined in:: lib/omniauth/jets_csrf_protection/token_verifier.rb

Overview

Provides a callable method that verifies Cross-Site Request Forgery protection token. This class includes ‘ActionController::RequestForgeryProtection` directly and utilizes `verified_request?` method to match the way Jets performs token verification in Jets controllers.

If you like to learn more about how Jets generate and verify authenticity token, you can find the source code at github.com/rails/rails/blob/v5.2.2/actionpack/lib/action_controller/metal/request_forgery_protection.rb#L217-L240.

Instance Method Summary collapse

#call(env) ⇒ Object

Instance Method Details

#call(env) ⇒ `Object`

# File 'lib/omniauth/jets_csrf_protection/token_verifier.rb', line 30

def call(env)
  @request = env['jets.controller'].request

  unless verified_request?
    raise ActionController::InvalidAuthenticityToken
  end
end

Class: OmniAuth::JetsCsrfProtection::TokenVerifier

Overview

Instance Method Summary collapse

Instance Method Details

#call(env) ⇒ Object

#call(env) ⇒ `Object`