Module: Voom::Presenters::DSL::ProtectFromForgery

Includes:

Base64

Included in:

UserInterface

Defined in:

lib/voom/presenters/dsl/protect_from_forgery.rb

Constant Summary

AUTHENTICITY_TOKEN_LENGTH =

32

Instance Method Summary

• #authenticity_token_meta_tags(session) ⇒ Object
• #form_authenticity_token(session) ⇒ Object
• #xor_byte_strings(s1, s2) ⇒ Object

  :doc:.

Instance Method Details

#authenticity_token_meta_tags(session) ⇒ Object

# File 'lib/voom/presenters/dsl/protect_from_forgery.rb', line 11

def authenticity_token_meta_tags(session)
  return unless Presenters::Settings.config.presenters.web_client.protect_from_forgery && session
  [
      '<meta name="csrf-param" content="authenticity_token">',
      "<meta name=\"csrf-token\" content=\"#{form_authenticity_token(session)}\">"
  ].join("\n").html_safe
end

#form_authenticity_token(session) ⇒ Object

# File 'lib/voom/presenters/dsl/protect_from_forgery.rb', line 19

def form_authenticity_token(session)
  session[:_csrf_token] ||= SecureRandom.base64(AUTHENTICITY_TOKEN_LENGTH)
  raw_token = Base64.strict_decode64(session[:_csrf_token])
  one_time_pad = SecureRandom.random_bytes(AUTHENTICITY_TOKEN_LENGTH)
  encrypted_csrf_token = xor_byte_strings(one_time_pad, raw_token)
  masked_token = one_time_pad + encrypted_csrf_token
  Base64.strict_encode64(masked_token)
end

#xor_byte_strings(s1, s2) ⇒ Object

:doc:

# File 'lib/voom/presenters/dsl/protect_from_forgery.rb', line 29

def xor_byte_strings(s1, s2) # :doc:
  s2 = s2.dup
  size = s1.bytesize
  i = 0
  while i < size
    s2.setbyte(i, s1.getbyte(i) ^ s2.getbyte(i))
    i += 1
  end
  s2
end