class Omniauth::Protect::Middleware

Public Class Methods

new(app) click to toggle source
# File lib/omniauth/protect/middleware.rb, line 8
def initialize(app)
  @app = app
end

Public Instance Methods

call(env) click to toggle source
# File lib/omniauth/protect/middleware.rb, line 12
def call(env)
  if !Omniauth::Protect.config[:paths].include?(env['PATH_INFO'])
    @app.call(env)
  else
    access_denied = [403, { 'Content-Type' => 'text/plain'}, [ Omniauth::Protect.config[:message] ] ]
    return access_denied if env['REQUEST_METHOD'] != 'POST'

    req = Rack::Request.new(env)
    encoded_masked_token = req.params['authenticity_token'].to_s

    return access_denied if !encoded_masked_token

    Validator.new(env, encoded_masked_token).valid_csrf_token? ? @app.call(env) : access_denied
  end
end