Class: OmniAuth::RailsCsrfProtection::TokenVerifier

Inherits:

Object

• Object
• OmniAuth::RailsCsrfProtection::TokenVerifier

Includes:

ActionController::RequestForgeryProtection, ActiveSupport::Configurable

Defined in:

lib/omniauth/rails_csrf_protection/token_verifier.rb

Overview

Provides a callable method that verifies Cross-Site Request Forgery protection token. This class includes ‘ActionController::RequestForgeryProtection` directly and utilizes `verified_request?` method to match the way Rails performs token verification in Rails controllers.

If you like to learn more about how Rails generate and verify authenticity token, you can find the source code at github.com/rails/rails/blob/v5.2.2/actionpack/lib/action_controller/metal/request_forgery_protection.rb#L217-L240.

Class Method Summary

• .config ⇒ Object

  ‘ActiveSupport::Configurable` is deprecated in Rails 8.1 and will be removed in Rails 8.2.

Instance Method Summary

• #_call(env) ⇒ Object
• #call(env) ⇒ Object
• #config ⇒ Object

Class Method Details

.config ⇒ Object

‘ActiveSupport::Configurable` is deprecated in Rails 8.1 and will be removed in Rails 8.2. As `ActionController::RequestForgeryProtection` directly accesing configurations via `config`, we only need to define these methods and delegate them to `ActionController::Base.config`.

# File 'lib/omniauth/rails_csrf_protection/token_verifier.rb', line 25

def self.config
  ActionController::Base.config
end

Instance Method Details

#_call(env) ⇒ Object

# File 'lib/omniauth/rails_csrf_protection/token_verifier.rb', line 54

def _call(env)
  @request = ActionDispatch::Request.new(env.dup)

  unless verified_request?
    raise ActionController::InvalidAuthenticityToken
  end
end

#call(env) ⇒ Object

# File 'lib/omniauth/rails_csrf_protection/token_verifier.rb', line 50

def call(env)
  dup._call(env)
end

#config ⇒ Object

# File 'lib/omniauth/rails_csrf_protection/token_verifier.rb', line 29

def config
  self.class.config
end