1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00

Handle non-string authenticity tokens

Non-string authenticity tokens raised NoMethodError when decoding the
masked token.
This commit is contained in:
Ville Lautanala 2015-02-12 22:24:45 +02:00
parent fa63448420
commit bf067b41e5
3 changed files with 13 additions and 1 deletions

View file

@ -1,3 +1,8 @@
* Non-string authenticity tokens do not raise NoMethodError when decoding
the masked token.
*Ville Lautanala*
* ActionController#translate supports symbols as shortcuts.
When shortcut is given it also lookups without action name.

View file

@ -279,7 +279,7 @@ module ActionController #:nodoc:
begin
masked_token = Base64.strict_decode64(encoded_masked_token)
rescue ArgumentError # encoded_masked_token is invalid Base64
rescue ArgumentError, NoMethodError # encoded_masked_token is invalid Base64
return false
end

View file

@ -374,6 +374,13 @@ module RequestForgeryProtectionTests
end
end
def test_should_not_raise_error_if_token_is_not_a_string
@controller.unstub(:valid_authenticity_token?)
assert_blocked do
patch :index, params: { custom_authenticity_token: { foo: 'bar' } }
end
end
def assert_blocked
session[:something_like_user_id] = 1
yield