Module: ActionInterceptor::Controller::ClassMethods

Defined in:

lib/action_interceptor/controller.rb

Instance Method Summary

• #acts_as_interceptor(options = {}) ⇒ Object
• #interceptor(*interceptor_names, &block) ⇒ Object
• #skip_interceptor(*interceptor_names) ⇒ Object

Instance Method Details

#acts_as_interceptor(options = {}) ⇒ Object

# File 'lib/action_interceptor/controller.rb', line 87

def acts_as_interceptor(options = {})
  return if is_interceptor
  self.is_interceptor = true

  @override_url_options = options[:override_url_options].nil? ? \
                            ActionInterceptor.override_url_options : \
                            options[:override_url_options]

  class_eval do

    attr_writer :intercepted_url

    helper_method :intercepted_url

    def intercepted_url
      return @intercepted_url if @intercepted_url

      key = ActionInterceptor.intercepted_url_key
      begin
        # URL params are the most reliable, as they preserve
        # state even if the user presses the back button
        # We need to sign them to prevent the Open Redirect vulnerability
        @intercepted_url = Encryptor.decrypt_and_verify(params[key])
      rescue ActiveSupport::MessageVerifier::InvalidSignature
        # If the param is not available, use our best guess
        # Session and referer are safe for redirects (for that user)
        # Also, can't call root_url here, so use '/' instead
        @intercepted_url = session[key] || request.referer || '/'
      end
      # Session is a signed plaintext in Rails 3
      # In Rails 4, it is encrypted by default
      session[key] = @intercepted_url
      @intercepted_url
    end

    def intercepted_url_hash
      return @intercepted_url_hash if @intercepted_url_hash
      url = Encryptor.encrypt_and_sign(intercepted_url)
      key = ActionInterceptor.intercepted_url_key

      @intercepted_url_hash = {key => url}
    end

    alias_method :url_options_without_interceptor, :url_options

    def url_options_with_interceptor
      return @url_options_with_interceptor \
        if @url_options_with_interceptor

      @url_options_with_interceptor = intercepted_url_hash.merge(
                                        url_options_without_interceptor)
    end

    alias_method :url_options, :url_options_with_interceptor \
      if @override_url_options.nil? || @override_url_options

    def without_interceptor(&block)
      previous_url_options = url_options_with_interceptor

      begin
        @url_options_with_interceptor = url_options_without_interceptor
        yield block
      ensure
        @url_options_with_interceptor = previous_url_options
      end
    end

    def redirect_back(options = {})
      url = intercepted_url

      # Disable the return_to param
      without_interceptor do
        # Convert '/' back to root_url
        # Also, prevent self redirects
        url = root_url if url == '/' || current_page?(url)

        redirect_to url, options
      end
    end

  end
end

#interceptor(*interceptor_names, &block) ⇒ Object

# File 'lib/action_interceptor/controller.rb', line 57

def interceptor(*interceptor_names, &block)
  options = interceptor_names.extract_options!
  filter_name = options.delete(:filter_name)
  fnames = interceptor_names.collect do |iname|
    fname = filter_name || iname
    interceptor_filters[iname] = fname

    define_method fname do
      blk = block || ActionInterceptor.interceptors[iname]
      raise UndefinedInterceptor, iname unless blk

      with_interceptor &blk
    end

    fname
  end

  before_filter *fnames, options
end

#skip_interceptor(*interceptor_names) ⇒ Object

# File 'lib/action_interceptor/controller.rb', line 77

def skip_interceptor(*interceptor_names)
  options = interceptor_names.extract_options!
  filter_name = options.delete(:filter_name)
  fnames = interceptor_names.collect do |iname|
    filter_name || interceptor_filters[iname] || iname
  end

  skip_before_filter *fnames, options
end