2019-08-08 18:57:28 +08:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
# Provides a way to check a CSRF token outside of a controller
|
|
|
|
class CSRFTokenVerifier
|
2019-08-12 17:55:02 +08:00
|
|
|
class InvalidCSRFToken < StandardError
|
|
|
|
end
|
|
|
|
|
2019-08-08 18:57:28 +08:00
|
|
|
include ActiveSupport::Configurable
|
|
|
|
include ActionController::RequestForgeryProtection
|
|
|
|
|
|
|
|
# Use config from ActionController::Base
|
|
|
|
config.each_key do |configuration_name|
|
|
|
|
undef_method configuration_name
|
|
|
|
define_method configuration_name do
|
|
|
|
ActionController::Base.config[configuration_name]
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def call(env)
|
|
|
|
@request = ActionDispatch::Request.new(env.dup)
|
|
|
|
|
|
|
|
raise InvalidCSRFToken unless verified_request?
|
|
|
|
end
|
|
|
|
|
2019-08-13 08:13:08 +08:00
|
|
|
public :form_authenticity_token
|
|
|
|
|
2019-08-08 18:57:28 +08:00
|
|
|
private
|
|
|
|
|
|
|
|
attr_reader :request
|
|
|
|
delegate :params, :session, to: :request
|
|
|
|
end
|