kotovalexarian-likes-github/sinatra
1
0
Fork 0
mirror of https://github.com/sinatra/sinatra synced 2023-03-27 23:18:01 -04:00
Code Releases Activity

import authenticity token implementation

Browse source
This commit is contained in:
Konstantin Haase 2011-05-28 17:51:54 +02:00
parent b75b5a596d
commit ab177702bb
2 changed files with 17 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
rack-protection/lib/rack/protection/authenticity_token.rb
View file

@ -14,6 +14,13 @@ module Rack
# #
# Not Yet Implemented! # Not Yet Implemented!
class AuthenticityToken < Base class AuthenticityToken < Base
def accepts?(env)
return true if safe? env
request = Request.new env
token = session[:csrf] ||= session['_csrf_token'] || random_string
env['HTTP_X_CSRF_TOKEN'] == token or
request.params['authenticity_token'] == token
end
end end
end end
end end

10
rack-protection/lib/rack/protection/base.rb
View file

@ -54,6 +54,16 @@ module Rack
[options[:status], {'Content-Type' => 'text/plain'}, [options[:message]]] [options[:status], {'Content-Type' => 'text/plain'}, [options[:message]]]
end end
def session(env)
env['rack.session'] ||= {}
end
def random_string(secure = defined? SecureRandom)
secure ? SecureRandom.hex(32) : "%032x" % rand(2**128-1)
rescue NotImpelentedError
random_string false
end
def drop_session(env) def drop_session(env)
env['rack.session'] = {} env['rack.session'] = {}
end end