module UnifiedCsrfPrevention::RequestForgeryProtection

ApplicationController concern implementing request authenticity validation See github.com/xing/cross-application-csrf-prevention#application-action-filter

Public Instance Methods

protect_from_forgery(options = {}) click to toggle source
Calls superclass method
# File lib/unified_csrf_prevention/request_forgery_protection.rb, line 15
def protect_from_forgery(options = {})
  super
  prepend_before_action :setup_csrf_token
end

Private Instance Methods

checksum() click to toggle source
# File lib/unified_csrf_prevention/request_forgery_protection.rb, line 60
def checksum
  request.cookies[Core::CHECKSUM_COOKIE_NAME]
end
compare_with_real_token(token, _session) click to toggle source
# File lib/unified_csrf_prevention/request_forgery_protection.rb, line 27
def compare_with_real_token(token, _session)
  valid_token?(token)
end
csrf_token() click to toggle source
# File lib/unified_csrf_prevention/request_forgery_protection.rb, line 39
def csrf_token
  @csrf_token ||= if valid_token?(existing_token) && token_of_correct_length?(existing_token)
    existing_token
  else
    new_token
  end
end
existing_token() click to toggle source
# File lib/unified_csrf_prevention/request_forgery_protection.rb, line 56
def existing_token
  request.cookies[Core::TOKEN_COOKIE_NAME]
end
new_token() click to toggle source
# File lib/unified_csrf_prevention/request_forgery_protection.rb, line 47
def new_token
  raise UnifiedCsrfPrevention::ConfigurationError, 'UnifiedCsrfPrevention::Middleware middleware must be used' unless Rails.configuration.middleware.include?(UnifiedCsrfPrevention::Middleware)
  request.env[Core::TOKEN_RACK_ENV_VAR] = Core.generate_token
end
real_csrf_token(_session) click to toggle source
# File lib/unified_csrf_prevention/request_forgery_protection.rb, line 31
def real_csrf_token(_session)
  csrf_token
end
setup_csrf_token() click to toggle source
# File lib/unified_csrf_prevention/request_forgery_protection.rb, line 35
def setup_csrf_token
  csrf_token
end
token_of_correct_length?(token) click to toggle source
# File lib/unified_csrf_prevention/request_forgery_protection.rb, line 64
def token_of_correct_length?(token)
   token.length == ActionController::RequestForgeryProtection::AUTHENTICITY_TOKEN_LENGTH
end
valid_authenticity_token?(_session, token) click to toggle source
Calls superclass method
# File lib/unified_csrf_prevention/request_forgery_protection.rb, line 23
def valid_authenticity_token?(_session, token)
  valid_token?(token) || super
end
valid_token?(token) click to toggle source
# File lib/unified_csrf_prevention/request_forgery_protection.rb, line 52
def valid_token?(token)
  Core.valid_token?(token, checksum)
end