kotovalexarian-likes-github
/
sinatra
mirror of https://github.com/sinatra/sinatra
1
0
Fork 0
Code Releases Activity

Add option to configure token session key

This commit is contained in:
Jordan Owens 2020-10-06 17:57:33 -04:00
parent 9f397eb8b1
commit e511500696
2 changed files with 21 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
rack-protection/lib/rack/protection/authenticity_token.rb
View File

@ -24,6 +24,13 @@ module Rack
# the token on a request. Default value:
# <tt>"authenticity_token"</tt>
#
# [<tt>:key</tt>] the name of the param that should contain
# the token in the session. Default value:
# <tt>:csrf</tt>
#
# [<tt>:allow_if</tt>] a proc for custom allow/deny logic. Default value:
# <tt>nil</tt>
#
# == Example: Forms application
#
# To show what the AuthenticityToken does, this section includes a sample
@ -85,6 +92,7 @@ module Rack
TOKEN_LENGTH = 32
default_options :authenticity_param => 'authenticity_token',
:key => :csrf,
:allow_if => nil
def self.token(session)
@ -113,7 +121,7 @@ module Rack
private
def set_token(session)
session[:csrf] ||= self.class.random_token
session[options[:key]] ||= self.class.random_token
end
# Checks the client's masked token to see if it matches the
@ -177,7 +185,7 @@ module Rack
end
def real_token(session)
decode_token(session[:csrf])
decode_token(session[options[:key]])
end
def encode_token(token)

11
rack-protection/spec/lib/rack/protection/authenticity_token_spec.rb
View File

@ -59,6 +59,17 @@ describe Rack::Protection::AuthenticityToken do
expect(env['rack.session'][:csrf]).not_to be_nil
end
it "allows for a custom token session key" do
mock_app do
use Rack::Session::Cookie, :key => 'rack.session'
use Rack::Protection::AuthenticityToken, :key => :_csrf
run DummyApp
end
get '/'
expect(env['rack.session'][:_csrf]).not_to be_nil
end
describe ".token" do
it "returns a unique masked version of the authenticity token" do
expect(Rack::Protection::AuthenticityToken.token(session)).not_to eq(masked_token)