invalid_authenticity_token_rescue 0.1.1 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 221f3a568b558f96fb75f9a4b771836e7819c398
|
|
4
|
+
data.tar.gz: 166685c38259fc233e1e94c345524f992ae345d4
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e67417d3d9e433c48f9e9770f98f05126265d723563d24b91361334ebd32c31aa05b77fe0810e91628f1405af328f88347eee47455a1698b770b48ab93085b8b
|
|
7
|
+
data.tar.gz: 172d335b09fafb91b12257761c22edd3f28e21ad00e8536e9534f35c30f8334faab28269a0341b02732f8d7045d69d4e53c73be16a2065b5fa84e5c1bd223b58
|
data/README.md
CHANGED
|
@@ -29,15 +29,25 @@ Add **skip_before_action** to public forms (optional):
|
|
|
29
29
|
|
|
30
30
|
```ruby
|
|
31
31
|
class SessionsController < ApplicationController
|
|
32
|
-
skip_before_action :verify_authenticity_token,
|
|
32
|
+
skip_before_action :verify_authenticity_token, only: :create
|
|
33
33
|
...
|
|
34
34
|
end
|
|
35
35
|
```
|
|
36
36
|
|
|
37
|
-
Adding **skip_before_action** is optional but will improve user experience. Rails **protect_from_forgery** is intended to prevent a logged in user's credentials from being maliciously used to submit a form as that user. Publicly accessible forms, like a login page, that do not rely on a currently logged in user are not susceptible to forgery attacks.
|
|
37
|
+
Adding **skip_before_action** to public forms is optional but will improve user experience. Rails **protect_from_forgery** is intended to prevent a logged in user's credentials from being maliciously used to submit a form as that user. Publicly accessible forms, like a login page, that do not rely on a currently logged in user are not susceptible to forgery attacks.
|
|
38
38
|
|
|
39
39
|
Adding **skip_before_action** will allow the request to complete and the users session to be setup with the correct token. Subsequent forms submitted by the user will complete successfully. If **skip_before_action** is not added the user will be redirected to the login page and notifed that their session has expired and they need to login again.
|
|
40
40
|
|
|
41
|
+
## Configuration
|
|
42
|
+
The default **redirect_path** is *new_session_path*. This can be set to a different value with an initializer.
|
|
43
|
+
|
|
44
|
+
```ruby
|
|
45
|
+
# config/initializers/invalid_authenticity_token_rescue.rb
|
|
46
|
+
InvalidAuthenticityTokenRescue.configure do |config|
|
|
47
|
+
config.redirect_path = 'sign_in_path'
|
|
48
|
+
end
|
|
49
|
+
```
|
|
50
|
+
|
|
41
51
|
## Contributing
|
|
42
52
|
Bug reports and pull requests are welcome on GitHub at https://github.com/wwidea/invalid_authenticity_token_rescue.
|
|
43
53
|
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
require 'invalid_authenticity_token_rescue/configuration'
|
|
1
2
|
require 'invalid_authenticity_token_rescue/railtie'
|
|
2
3
|
|
|
3
4
|
module InvalidAuthenticityTokenRescue
|
|
@@ -15,7 +16,7 @@ module InvalidAuthenticityTokenRescue
|
|
|
15
16
|
def invalid_authenticity_token(exception)
|
|
16
17
|
ExceptionNotifier.notify_exception(exception, env: request.env)
|
|
17
18
|
flash[:warning] = 'Your session has expired, please log in again'
|
|
18
|
-
redirect_to
|
|
19
|
+
redirect_to send(InvalidAuthenticityTokenRescue.configuration.redirect_path)
|
|
19
20
|
end
|
|
20
21
|
end
|
|
21
22
|
end
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
module InvalidAuthenticityTokenRescue
|
|
2
|
+
def self.configure
|
|
3
|
+
yield configuration
|
|
4
|
+
end
|
|
5
|
+
|
|
6
|
+
def self.configuration
|
|
7
|
+
@configuration ||= Configuration.new
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
class Configuration
|
|
11
|
+
attr_accessor :redirect_path
|
|
12
|
+
|
|
13
|
+
def initialize
|
|
14
|
+
@redirect_path = 'new_session_path'
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: invalid_authenticity_token_rescue
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Aaron Baldwin
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-04-
|
|
11
|
+
date: 2017-04-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
@@ -71,6 +71,7 @@ files:
|
|
|
71
71
|
- README.md
|
|
72
72
|
- Rakefile
|
|
73
73
|
- lib/invalid_authenticity_token_rescue.rb
|
|
74
|
+
- lib/invalid_authenticity_token_rescue/configuration.rb
|
|
74
75
|
- lib/invalid_authenticity_token_rescue/railtie.rb
|
|
75
76
|
- lib/invalid_authenticity_token_rescue/version.rb
|
|
76
77
|
- lib/tasks/invalid_authenticity_token_rescue_tasks.rake
|