| @@ -36,11 +36,14 class ApplicationController < ActionController::Base | |||||
| 36 | def handle_unverified_request |
|
36 | def handle_unverified_request | |
| 37 | super |
|
37 | super | |
| 38 | cookies.delete(autologin_cookie_name) |
|
38 | cookies.delete(autologin_cookie_name) | |
|
|
39 | if api_request? | |||
|
|
40 | logger.error "API calls must include a proper Content-type header (application/xml or application/json)." | |||
|
|
41 | end | |||
|
|
42 | render_error :status => 422, :message => "Invalid form authenticity token." | |||
| 39 | end |
|
43 | end | |
| 40 |
|
44 | |||
| 41 | before_filter :session_expiration, :user_setup, :check_if_login_required, :check_password_change, :set_localization |
|
45 | before_filter :session_expiration, :user_setup, :check_if_login_required, :check_password_change, :set_localization | |
| 42 |
|
46 | |||
| 43 | rescue_from ActionController::InvalidAuthenticityToken, :with => :invalid_authenticity_token |
|
|||
| 44 | rescue_from ::Unauthorized, :with => :deny_access |
|
47 | rescue_from ::Unauthorized, :with => :deny_access | |
| 45 | rescue_from ::ActionView::MissingTemplate, :with => :missing_template |
|
48 | rescue_from ::ActionView::MissingTemplate, :with => :missing_template | |
| 46 |
|
49 | |||
| @@ -450,13 +453,6 class ApplicationController < ActionController::Base | |||||
| 450 | request.xhr? ? false : 'base' |
|
453 | request.xhr? ? false : 'base' | |
| 451 | end |
|
454 | end | |
| 452 |
|
455 | |||
| 453 | def invalid_authenticity_token |
|
|||
| 454 | if api_request? |
|
|||
| 455 | logger.error "Form authenticity token is missing or is invalid. API calls must include a proper Content-type header (text/xml or text/json)." |
|
|||
| 456 | end |
|
|||
| 457 | render_error "Invalid form authenticity token." |
|
|||
| 458 | end |
|
|||
| 459 |
|
||||
| 460 | def render_feed(items, options={}) |
|
456 | def render_feed(items, options={}) | |
| 461 | @items = items || [] |
|
457 | @items = items || [] | |
| 462 | @items.sort! {|x,y| y.event_datetime <=> x.event_datetime } |
|
458 | @items.sort! {|x,y| y.event_datetime <=> x.event_datetime } | |
| @@ -67,4 +67,13 class ApplicationTest < ActionController::IntegrationTest | |||||
| 67 | get '/login.png' |
|
67 | get '/login.png' | |
| 68 | assert_response 404 |
|
68 | assert_response 404 | |
| 69 | end |
|
69 | end | |
|
|
70 | ||||
|
|
71 | def test_invalid_token_should_call_custom_handler | |||
|
|
72 | ActionController::Base.allow_forgery_protection = true | |||
|
|
73 | post '/issues' | |||
|
|
74 | assert_response 422 | |||
|
|
75 | assert_include "Invalid form authenticity token.", response.body | |||
|
|
76 | ensure | |||
|
|
77 | ActionController::Base.allow_forgery_protection = false | |||
|
|
78 | end | |||
| 70 | end |
|
79 | end | |
General Comments 0
You need to be logged in to leave comments.
Login now