File: authenticity_token_protection.rb

package info (click to toggle)
ruby-omniauth 2.1.4-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 400 kB
  • sloc: ruby: 2,483; makefile: 7
file content (32 lines) | stat: -rw-r--r-- 640 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
 
require 'rack-protection'

module OmniAuth
  class AuthenticityError < StandardError; end
  class AuthenticityTokenProtection < Rack::Protection::AuthenticityToken
    def initialize(options = {})
      @options = default_options.merge(options)
    end

    def self.call(env)
      new.call!(env)
    end

    def call!(env)
      return if accepts?(env)

      instrument env
      react env
    end

    alias_method :call, :call!

  private

    def deny(_env)
      OmniAuth.logger.send(:warn, "Attack prevented by #{self.class}")
      raise AuthenticityError.new(options[:message])
    end

    alias default_reaction deny
  end
end