Class: Omniauth::Protect::Middleware

Inherits:

Object

Object
Omniauth::Protect::Middleware

show all

Defined in:: lib/omniauth/protect/middleware.rb

Instance Method Summary collapse

#call(env) ⇒ Object
#initialize(app) ⇒ Middleware constructor

A new instance of Middleware.

Constructor Details

#initialize(app) ⇒ `Middleware`

Returns a new instance of Middleware.



8
9
10

# File 'lib/omniauth/protect/middleware.rb', line 8

def initialize(app)
  @app = app
end

Instance Method Details

#call(env) ⇒ `Object`

# File 'lib/omniauth/protect/middleware.rb', line 12

def call(env)
  if !Omniauth::Protect.config[:paths].include?(env['PATH_INFO'])
    @app.call(env)
  else
    access_denied = [403, { 'Content-Type' => 'text/plain'}, [ Omniauth::Protect.config[:message] ] ]
    return access_denied if env['REQUEST_METHOD'] != 'POST'

    req = Rack::Request.new(env)
    encoded_masked_token = req.params['authenticity_token'].to_s

    return access_denied if !encoded_masked_token

    Validator.new(env, encoded_masked_token).valid_csrf_token? ? @app.call(env) : access_denied
  end
end

Class: Omniauth::Protect::Middleware

Instance Method Summary collapse

Constructor Details

#initialize(app) ⇒ Middleware

Instance Method Details

#call(env) ⇒ Object

#initialize(app) ⇒ `Middleware`

#call(env) ⇒ `Object`