Class: OmniAuth::RailsCsrfProtection::TokenVerifier

Inherits:

Object

• Object
• OmniAuth::RailsCsrfProtection::TokenVerifier

Includes:

ActionController::RequestForgeryProtection, ActiveSupport::Configurable

Defined in:

lib/omniauth/rails_csrf_protection/token_verifier.rb

Overview

Provides a callable method that verifies Cross-Site Request Forgery protection token. This class includes ‘ActionController::RequestForgeryProtection` directly and utilizes `verified_request?` method to match the way Rails performs token verification in Rails controllers.

If you like to learn more about how Rails generate and verify authenticity token, you can find the source code at github.com/rails/rails/blob/v5.2.2/actionpack/lib/action_controller/metal/request_forgery_protection.rb#L217-L240.

Instance Method Summary

• #_call(env) ⇒ Object
• #call(env) ⇒ Object

Instance Method Details

#_call(env) ⇒ Object

# File 'lib/omniauth/rails_csrf_protection/token_verifier.rb', line 34

def _call(env)
  @request = ActionDispatch::Request.new(env.dup)

  unless verified_request?
    raise ActionController::InvalidAuthenticityToken
  end
end

#call(env) ⇒ Object

# File 'lib/omniauth/rails_csrf_protection/token_verifier.rb', line 30

def call(env)
  dup._call(env)
end