mirror of
https://github.com/omniauth/omniauth.git
synced 2022-11-09 12:31:49 -05:00
52fea4e15b
This will be useful for disabling csrf protection in test suites or configuring the csrf key when the next version of rack-protection is released.
32 lines
640 B
Ruby
32 lines
640 B
Ruby
require 'rack-protection'
|
|
|
|
module OmniAuth
|
|
class AuthenticityError < StandardError; end
|
|
class AuthenticityTokenProtection < Rack::Protection::AuthenticityToken
|
|
def initialize(options = {})
|
|
@options = default_options.merge(options)
|
|
end
|
|
|
|
def self.call(env)
|
|
new.call!(env)
|
|
end
|
|
|
|
def call!(env)
|
|
return if accepts?(env)
|
|
|
|
instrument env
|
|
react env
|
|
end
|
|
|
|
alias_method :call, :call!
|
|
|
|
private
|
|
|
|
def deny(_env)
|
|
OmniAuth.logger.send(:warn, "Attack prevented by #{self.class}")
|
|
raise AuthenticityError.new(options[:message])
|
|
end
|
|
|
|
alias default_reaction deny
|
|
end
|
|
end
|