invalid_authenticity_token_rescue 0.1.1 → 0.1.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +12 -2
  3. data/lib/invalid_authenticity_token_rescue.rb +2 -1
  4. data/lib/invalid_authenticity_token_rescue/configuration.rb +17 -0
  5. data/lib/invalid_authenticity_token_rescue/version.rb +1 -1
  6. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 1f08ba25a0b309cffec24e7782ad900b7d5666b5
4
- data.tar.gz: 82b3e3e7e55ae535102e75205b8e0a56e8e70032
3
+ metadata.gz: 221f3a568b558f96fb75f9a4b771836e7819c398
4
+ data.tar.gz: 166685c38259fc233e1e94c345524f992ae345d4
5
5
  SHA512:
6
- metadata.gz: 46e4d699d28400d851f81b1549ca3d7ed1246b6cad636bbbf28493c6bfe4479b410966ca7b04fb5a1c8a6443e87869d1ce854a5ee65f261ccae29a1ede1cb077
7
- data.tar.gz: b64498f04c411dca28177b295b15941aaea54d09637ce267eb5d4f832bb9784499f3b5dccc8096dc970239a6313b12ab54eef2b6040d8c82bb32b6759343b659
6
+ metadata.gz: e67417d3d9e433c48f9e9770f98f05126265d723563d24b91361334ebd32c31aa05b77fe0810e91628f1405af328f88347eee47455a1698b770b48ab93085b8b
7
+ data.tar.gz: 172d335b09fafb91b12257761c22edd3f28e21ad00e8536e9534f35c30f8334faab28269a0341b02732f8d7045d69d4e53c73be16a2065b5fa84e5c1bd223b58
data/README.md CHANGED
@@ -29,15 +29,25 @@ Add **skip_before_action** to public forms (optional):
29
29
 
30
30
  ```ruby
31
31
  class SessionsController < ApplicationController
32
- skip_before_action :verify_authenticity_token, on: :create
32
+ skip_before_action :verify_authenticity_token, only: :create
33
33
  ...
34
34
  end
35
35
  ```
36
36
 
37
- Adding **skip_before_action** is optional but will improve user experience. Rails **protect_from_forgery** is intended to prevent a logged in user's credentials from being maliciously used to submit a form as that user. Publicly accessible forms, like a login page, that do not rely on a currently logged in user are not susceptible to forgery attacks.
37
+ Adding **skip_before_action** to public forms is optional but will improve user experience. Rails **protect_from_forgery** is intended to prevent a logged in user's credentials from being maliciously used to submit a form as that user. Publicly accessible forms, like a login page, that do not rely on a currently logged in user are not susceptible to forgery attacks.
38
38
 
39
39
  Adding **skip_before_action** will allow the request to complete and the users session to be setup with the correct token. Subsequent forms submitted by the user will complete successfully. If **skip_before_action** is not added the user will be redirected to the login page and notifed that their session has expired and they need to login again.
40
40
 
41
+ ## Configuration
42
+ The default **redirect_path** is *new_session_path*. This can be set to a different value with an initializer.
43
+
44
+ ```ruby
45
+ # config/initializers/invalid_authenticity_token_rescue.rb
46
+ InvalidAuthenticityTokenRescue.configure do |config|
47
+ config.redirect_path = 'sign_in_path'
48
+ end
49
+ ```
50
+
41
51
  ## Contributing
42
52
  Bug reports and pull requests are welcome on GitHub at https://github.com/wwidea/invalid_authenticity_token_rescue.
43
53
 
data/lib/invalid_authenticity_token_rescue.rb CHANGED
@@ -1,3 +1,4 @@
1
+ require 'invalid_authenticity_token_rescue/configuration'
1
2
  require 'invalid_authenticity_token_rescue/railtie'
2
3
 
3
4
  module InvalidAuthenticityTokenRescue
@@ -15,7 +16,7 @@ module InvalidAuthenticityTokenRescue
15
16
  def invalid_authenticity_token(exception)
16
17
  ExceptionNotifier.notify_exception(exception, env: request.env)
17
18
  flash[:warning] = 'Your session has expired, please log in again'
18
- redirect_to new_session_path
19
+ redirect_to send(InvalidAuthenticityTokenRescue.configuration.redirect_path)
19
20
  end
20
21
  end
21
22
  end
data/lib/invalid_authenticity_token_rescue/configuration.rb ADDED
@@ -0,0 +1,17 @@
1
+ module InvalidAuthenticityTokenRescue
2
+ def self.configure
3
+ yield configuration
4
+ end
5
+
6
+ def self.configuration
7
+ @configuration ||= Configuration.new
8
+ end
9
+
10
+ class Configuration
11
+ attr_accessor :redirect_path
12
+
13
+ def initialize
14
+ @redirect_path = 'new_session_path'
15
+ end
16
+ end
17
+ end
data/lib/invalid_authenticity_token_rescue/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module InvalidAuthenticityTokenRescue
2
- VERSION = '0.1.1'
2
+ VERSION = '0.1.2'
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: invalid_authenticity_token_rescue
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.1
4
+ version: 0.1.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Aaron Baldwin
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-04-10 00:00:00.000000000 Z
11
+ date: 2017-04-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails
@@ -71,6 +71,7 @@ files:
71
71
  - README.md
72
72
  - Rakefile
73
73
  - lib/invalid_authenticity_token_rescue.rb
74
+ - lib/invalid_authenticity_token_rescue/configuration.rb
74
75
  - lib/invalid_authenticity_token_rescue/railtie.rb
75
76
  - lib/invalid_authenticity_token_rescue/version.rb
76
77
  - lib/tasks/invalid_authenticity_token_rescue_tasks.rake