module UnifiedCsrfPrevention::RequestForgeryProtection
ApplicationController concern implementing request authenticity validation See github.com/xing/cross-application-csrf-prevention#application-action-filter
Public Instance Methods
protect_from_forgery(options = {})
click to toggle source
Calls superclass method
# File lib/unified_csrf_prevention/request_forgery_protection.rb, line 15 def protect_from_forgery(options = {}) super prepend_before_action :setup_csrf_token end
Private Instance Methods
checksum()
click to toggle source
# File lib/unified_csrf_prevention/request_forgery_protection.rb, line 60 def checksum request.cookies[Core::CHECKSUM_COOKIE_NAME] end
compare_with_real_token(token, _session)
click to toggle source
# File lib/unified_csrf_prevention/request_forgery_protection.rb, line 27 def compare_with_real_token(token, _session) valid_token?(token) end
csrf_token()
click to toggle source
# File lib/unified_csrf_prevention/request_forgery_protection.rb, line 39 def csrf_token @csrf_token ||= if valid_token?(existing_token) && token_of_correct_length?(existing_token) existing_token else new_token end end
existing_token()
click to toggle source
# File lib/unified_csrf_prevention/request_forgery_protection.rb, line 56 def existing_token request.cookies[Core::TOKEN_COOKIE_NAME] end
new_token()
click to toggle source
# File lib/unified_csrf_prevention/request_forgery_protection.rb, line 47 def new_token raise UnifiedCsrfPrevention::ConfigurationError, 'UnifiedCsrfPrevention::Middleware middleware must be used' unless Rails.configuration.middleware.include?(UnifiedCsrfPrevention::Middleware) request.env[Core::TOKEN_RACK_ENV_VAR] = Core.generate_token end
real_csrf_token(_session)
click to toggle source
# File lib/unified_csrf_prevention/request_forgery_protection.rb, line 31 def real_csrf_token(_session) csrf_token end
setup_csrf_token()
click to toggle source
# File lib/unified_csrf_prevention/request_forgery_protection.rb, line 35 def setup_csrf_token csrf_token end
token_of_correct_length?(token)
click to toggle source
# File lib/unified_csrf_prevention/request_forgery_protection.rb, line 64 def token_of_correct_length?(token) token.length == ActionController::RequestForgeryProtection::AUTHENTICITY_TOKEN_LENGTH end
valid_authenticity_token?(_session, token)
click to toggle source
Calls superclass method
# File lib/unified_csrf_prevention/request_forgery_protection.rb, line 23 def valid_authenticity_token?(_session, token) valid_token?(token) || super end
valid_token?(token)
click to toggle source
# File lib/unified_csrf_prevention/request_forgery_protection.rb, line 52 def valid_token?(token) Core.valid_token?(token, checksum) end