Merge pull request #46 from Asquera/feature/report-reaction

Feature/report reaction
2023-03-27 23:18:01 -04:00 · 2013-03-11 00:28:49 -07:00 · 2013-03-11 00:28:49 -07:00 · 9fcde0f23e
commit 9fcde0f23e
parent b4dc4f360e 3835ec3ea8
2 changed files with 17 additions and 0 deletions
--- a/rack-protection/lib/rack/protection/base.rb
+++ b/rack-protection/lib/rack/protection/base.rb
@ -11,6 +11,7 @@ module Rack
        :message     => 'Forbidden',       :encryptor => Digest::SHA1,
        :session_key => 'rack.session',    :status    => 403,
        :allow_empty_referrer => true,
+        :report_key           => "protection.failed",
        :html_types           => %w[text/html application/xhtml]
      }

@ -63,6 +64,10 @@ module Rack
        [options[:status], {'Content-Type' => 'text/plain'}, [options[:message]]]
      end

+      def report(env)
+        env[options[:report_key]] = true
+      end
+
      def session?(env)
        env.include? options[:session_key]
      end
--- a/rack-protection/spec/protection_spec.rb
+++ b/rack-protection/spec/protection_spec.rb
@ -18,6 +18,18 @@ describe Rack::Protection do
    session.should be_empty
  end

+  it 'passes errors through if :reaction => :report is used' do
+    mock_app do
+      use Rack::Protection, :reaction => :report
+      run proc { |e| [200, {'Content-Type' => 'text/plain'}, [e["protection.failed"].to_s]] }
+    end
+
+    session = {:foo => :bar}
+    post('/', {}, 'rack.session' => session, 'HTTP_ORIGIN' => 'http://malicious.com')
+    last_response.should be_ok
+    body.should == "true"
+  end
+
  describe "#html?" do
    context "given an appropriate content-type header" do
      subject { Rack::Protection::Base.new(nil).html? 'content-type' => "text/html" }