class DceLti::Middleware::CookielessSessions

Public Instance Methods

change_nokogiri_doc(doc) click to toggle source
# File lib/dce_lti/middleware/cookieless_sessions.rb, line 6
def change_nokogiri_doc(doc)
  if no_cookies? || shimmed_cookie?
    doc.css('a').each do |a|
      href = a[:href]

      next unless local_url?(href)
      next if url_has_key_already?(href)

      if href.match(/\?/)
        a[:href] += "&#{session_key_name}=#{session_id}"
      else
        a[:href] += "?#{session_key_name}=#{session_id}"
      end
    end

    doc.css('form').each do |form|
      action = form[:action]
      next unless local_url?(action)
      next if url_has_key_already?(action)

      # For PATCH, PUT, DELETE and POST, which allow
      # params mixed in the action and the form.
      if action.match(/\?/)
        form[:action] += "&#{session_key_name}=#{session_id}"
      else
        form[:action] += "?#{session_key_name}=#{session_id}"
      end

      # For GET, oddly. GET method forms stomp all params encoded
      # in the action
      input_node = Nokogiri::XML::Node.new('input', doc)
      input_node[:type] = 'hidden'
      input_node[:name] = session_key_name
      input_node[:value] = session_id
      form.children.first.add_previous_sibling(
        input_node
      )
    end
  end
  doc
end

Private Instance Methods

local_url?(url) click to toggle source
# File lib/dce_lti/middleware/cookieless_sessions.rb, line 58
def local_url?(url)
  ! url.match(/\Ahttps?:\/\/|\/\//i)
end
no_cookies?() click to toggle source
# File lib/dce_lti/middleware/cookieless_sessions.rb, line 54
def no_cookies?
  @p.request.env['HTTP_COOKIE'].to_s.strip.empty?
end
session() click to toggle source
# File lib/dce_lti/middleware/cookieless_sessions.rb, line 70
def session
  @p.request.env['rack.session']
end
session_id() click to toggle source
# File lib/dce_lti/middleware/cookieless_sessions.rb, line 74
def session_id
  session.id
end
session_key_name() click to toggle source
# File lib/dce_lti/middleware/cookieless_sessions.rb, line 66
def session_key_name
  @session_key_name ||= Rails.application.config.session_options[:key]
end
url_has_key_already?(url) click to toggle source
# File lib/dce_lti/middleware/cookieless_sessions.rb, line 62
def url_has_key_already?(url)
  url.match(/#{session_key_name}/i)
end