techhub/mastodon
2
0
Fork 0
Code Activity

Fix #1165 - before_action was called before protect_from_forgery

Browse Source
This commit is contained in:
Eugen Rochko
2017-04-08 02:30:50 +02:00
parent a872f2f4c6
commit 4b621188ad
4 changed files with 21 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/controllers/application_controller.rb
View File

@@ -1,14 +1,13 @@
# frozen_string_literal: true # frozen_string_literal: true
class ApplicationController < ActionController::Base class ApplicationController < ActionController::Base
include Localized
# Prevent CSRF attacks by raising an exception. # Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead. # For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception protect_from_forgery with: :exception
force_ssl if: "Rails.env.production? && ENV['LOCAL_HTTPS'] == 'true'" force_ssl if: "Rails.env.production? && ENV['LOCAL_HTTPS'] == 'true'"
include Localized
helper_method :current_account helper_method :current_account
rescue_from ActionController::RoutingError, with: :not_found rescue_from ActionController::RoutingError, with: :not_found
@@ -41,7 +40,6 @@ class ApplicationController < ActionController::Base
# If the sign in is after a two week break, we need to regenerate their feed # If the sign in is after a two week break, we need to regenerate their feed
RegenerationWorker.perform_async(current_user.account_id) if current_user.last_sign_in_at < 14.days.ago RegenerationWorker.perform_async(current_user.account_id) if current_user.last_sign_in_at < 14.days.ago
return
end end
def check_suspension def check_suspension

20
app/controllers/concerns/localized.rb
View File

@@ -4,13 +4,25 @@ module Localized
extend ActiveSupport::Concern extend ActiveSupport::Concern
included do included do
before_action :set_locale around_action :set_locale
end end
private
def set_locale def set_locale
I18n.locale = current_user.try(:locale) || default_locale locale = default_locale
rescue I18n::InvalidLocale
I18n.locale = default_locale if user_signed_in?
begin
locale = current_user.try(:locale) || default_locale
rescue I18n::InvalidLocale
locale = default_locale
end
end
I18n.with_locale(locale) do
yield
end
end end
def default_locale def default_locale

4
app/controllers/oauth/authorizations_controller.rb
View File

@@ -1,13 +1,13 @@
# frozen_string_literal: true # frozen_string_literal: true
class Oauth::AuthorizationsController < Doorkeeper::AuthorizationsController class Oauth::AuthorizationsController < Doorkeeper::AuthorizationsController
include Localized
skip_before_action :authenticate_resource_owner! skip_before_action :authenticate_resource_owner!
before_action :store_current_location before_action :store_current_location
before_action :authenticate_resource_owner! before_action :authenticate_resource_owner!
include Localized
private private
def store_current_location def store_current_location

4
app/controllers/oauth/authorized_applications_controller.rb
View File

@@ -1,13 +1,13 @@
# frozen_string_literal: true # frozen_string_literal: true
class Oauth::AuthorizedApplicationsController < Doorkeeper::AuthorizedApplicationsController class Oauth::AuthorizedApplicationsController < Doorkeeper::AuthorizedApplicationsController
include Localized
skip_before_action :authenticate_resource_owner! skip_before_action :authenticate_resource_owner!
before_action :store_current_location before_action :store_current_location
before_action :authenticate_resource_owner! before_action :authenticate_resource_owner!
include Localized
private private
def store_current_location def store_current_location