-
Notifications
You must be signed in to change notification settings - Fork 39
/
token_verifier.rb
48 lines (41 loc) · 1.64 KB
/
token_verifier.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
require "active_support/configurable"
require "action_controller"
module OmniAuth
module RailsCsrfProtection
# Provides a callable method that verifies Cross-Site Request Forgery
# protection token. This class includes
# `ActionController::RequestForgeryProtection` directly and utilizes
# `verified_request?` method to match the way Rails performs token
# verification in Rails controllers.
#
# If you like to learn more about how Rails generate and verify
# authenticity token, you can find the source code at
# https://github.com/rails/rails/blob/v5.2.2/actionpack/lib/action_controller/metal/request_forgery_protection.rb#L217-L240.
class TokenVerifier
include ActiveSupport::Configurable
include ActionController::RequestForgeryProtection
# `ActionController::RequestForgeryProtection` contains a few
# configurable options. As we want to make sure that our configuration is
# the same as what being set in `ActionController::Base`, we should make
# all out configuration methods to delegate to `ActionController::Base`.
config.each_key do |configuration_name|
undef_method configuration_name
define_method configuration_name do
ActionController::Base.config[configuration_name]
end
end
def call(env)
dup._call(env)
end
def _call(env)
@request = ActionDispatch::Request.new(env.dup)
unless verified_request?
raise ActionController::InvalidAuthenticityToken
end
end
private
attr_reader :request
delegate :params, :session, to: :request
end
end
end