class Omniauth::Protect::Middleware
Public Class Methods
new(app)
click to toggle source
# File lib/omniauth/protect/middleware.rb, line 8 def initialize(app) @app = app end
Public Instance Methods
call(env)
click to toggle source
# File lib/omniauth/protect/middleware.rb, line 12 def call(env) if !Omniauth::Protect.config[:paths].include?(env['PATH_INFO']) @app.call(env) else access_denied = [403, { 'Content-Type' => 'text/plain'}, [ Omniauth::Protect.config[:message] ] ] return access_denied if env['REQUEST_METHOD'] != 'POST' req = Rack::Request.new(env) encoded_masked_token = req.params['authenticity_token'].to_s return access_denied if !encoded_masked_token Validator.new(env, encoded_masked_token).valid_csrf_token? ? @app.call(env) : access_denied end end