Class: OmniAuth::RailsCsrfProtection::TokenVerifier

Inherits:

Object

Object
OmniAuth::RailsCsrfProtection::TokenVerifier

Includes:: ActionController::RequestForgeryProtection, ActiveSupport::Configurable

Defined in:: lib/omniauth/rails_csrf_protection/token_verifier.rb

Overview

Provides a callable method that verifies Cross-Site Request Forgery protection token. This class includes ‘ActionController::RequestForgeryProtection` directly and utilizes `verified_request?` method to match the way Rails performs token verification in Rails controllers.

If you like to learn more about how Rails generate and verify authenticity token, you can find the source code at github.com/rails/rails/blob/v5.2.2/actionpack/lib/action_controller/metal/request_forgery_protection.rb#L217-L240.

Instance Method Summary collapse

#call(env) ⇒ Object

Instance Method Details

#call(env) ⇒ `Object`

# File 'lib/omniauth/rails_csrf_protection/token_verifier.rb', line 30

def call(env)
  @request = ActionDispatch::Request.new(env.dup)

  unless verified_request?
    raise ActionController::InvalidAuthenticityToken
  end
end

Class: OmniAuth::RailsCsrfProtection::TokenVerifier

Overview

Instance Method Summary collapse

Instance Method Details

#call(env) ⇒ Object

#call(env) ⇒ `Object`