import authenticity token implementation

2023-03-27 23:18:01 -04:00 · 2011-05-28 17:51:54 +02:00 · 2011-05-28 17:51:54 +02:00 · ab177702bb
commit ab177702bb
parent b75b5a596d
2 changed files with 17 additions and 0 deletions
--- a/rack-protection/lib/rack/protection/authenticity_token.rb
+++ b/rack-protection/lib/rack/protection/authenticity_token.rb
@ -14,6 +14,13 @@ module Rack
    #
    # Not Yet Implemented!
    class AuthenticityToken < Base
+      def accepts?(env)
+        return true if safe? env
+        request = Request.new env
+        token   = session[:csrf] ||= session['_csrf_token'] || random_string
+        env['HTTP_X_CSRF_TOKEN'] == token or
+          request.params['authenticity_token'] == token
+      end
    end
  end
 end
--- a/rack-protection/lib/rack/protection/base.rb
+++ b/rack-protection/lib/rack/protection/base.rb
@ -54,6 +54,16 @@ module Rack
        [options[:status], {'Content-Type' => 'text/plain'}, [options[:message]]]
      end

+      def session(env)
+        env['rack.session'] ||= {}
+      end
+
+      def random_string(secure = defined? SecureRandom)
+        secure ? SecureRandom.hex(32) : "%032x" % rand(2**128-1)
+      rescue NotImpelentedError
+        random_string false
+      end
+
      def drop_session(env)
        env['rack.session'] = {}
      end