Add verify

thape-cn · Dec 29, 2021 · 13182c0 · 13182c0
1 parent 2a48e52
commit 13182c0
Showing 1 changed file with 19 additions and 1 deletion.
diff --git a/config/application.rb b/config/application.rb
@@ -19,6 +19,24 @@
 # you've limited to :test, :development, or :production.
 Bundler.require(*Rails.groups)
 
+# Derived from https://github.com/cookpad/omniauth-rails_csrf_protection/blob/master/lib/omniauth/rails_csrf_protection/token_verifier.rb
+# This specific implementation has been pared down and should not be taken as the most correct way to do this.
+class TokenVerifier
+  include ActiveSupport::Configurable
+  include ActionController::RequestForgeryProtection
+
+  def call(env)
+    @request = ActionDispatch::Request.new(env.dup)
+    raise OmniAuth::AuthenticityError unless verified_request?
+  end
+
+  private
+
+  attr_reader :request
+
+  delegate :params, :session, to: :request
+end
+
 module OmniauthOpenidConnectDemo
   class Application < Rails::Application
     # Initialize configuration defaults for originally generated Rails version.
@@ -31,6 +49,6 @@ class Application < Rails::Application
     #
     # config.time_zone = "Central Time (US & Canada)"
     # config.eager_load_paths << Rails.root.join("extras")
-    OmniAuth.config.request_validation_phase = false
+    OmniAuth.config.request_validation_phase = ::TokenVerifier.new
   end
 end