kotovalexarian-likes-github/heartcombo--devise
1
0
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2022-11-09 12:18:31 -05:00
Code Releases Activity

Disable storage on CSRF

Browse source
This commit is contained in:
José Valim 2012-06-16 14:51:37 +02:00
parent 4bc2ff997a
commit 66716023e4
3 changed files with 7 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

1
lib/devise/controllers/helpers.rb
View file

@ -255,6 +255,7 @@ module Devise
def handle_unverified_request def handle_unverified_request
sign_out_all_scopes sign_out_all_scopes
warden.clear_strategies_cache! warden.clear_strategies_cache!
request.env["devise.skip_storage"] = true
expire_devise_cached_variables! expire_devise_cached_variables!
super # call the default behaviour which resets the session super # call the default behaviour which resets the session
end end

2
lib/devise/strategies/authenticatable.rb
View file

@ -9,7 +9,7 @@ module Devise
attr_accessor :authentication_hash, :authentication_type, :password attr_accessor :authentication_hash, :authentication_type, :password
def store? def store?
!mapping.to.skip_session_storage.include?(authentication_type) super && !mapping.to.skip_session_storage.include?(authentication_type)
end end
def valid? def valid?

5
lib/devise/strategies/base.rb
View file

@ -2,6 +2,11 @@ module Devise
module Strategies module Strategies
# Base strategy for Devise. Responsible for verifying correct scope and mapping. # Base strategy for Devise. Responsible for verifying correct scope and mapping.
class Base < ::Warden::Strategies::Base class Base < ::Warden::Strategies::Base
# Whenever CSRF cannot be verified, we turn off any kind of storage
def store?
!env["devise.skip_storage"]
end
# Checks if a valid scope was given for devise and find mapping based on this scope. # Checks if a valid scope was given for devise and find mapping based on this scope.
def mapping def mapping
@mapping ||= begin @mapping ||= begin