Fix #1165 - before_action was called before protect_from_forgery
This commit is contained in:
parent
a872f2f4c6
commit
4b621188ad
4 changed files with 21 additions and 11 deletions
|
@ -1,14 +1,13 @@
|
||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
class ApplicationController < ActionController::Base
|
class ApplicationController < ActionController::Base
|
||||||
include Localized
|
|
||||||
|
|
||||||
# Prevent CSRF attacks by raising an exception.
|
# Prevent CSRF attacks by raising an exception.
|
||||||
# For APIs, you may want to use :null_session instead.
|
# For APIs, you may want to use :null_session instead.
|
||||||
protect_from_forgery with: :exception
|
protect_from_forgery with: :exception
|
||||||
|
|
||||||
force_ssl if: "Rails.env.production? && ENV['LOCAL_HTTPS'] == 'true'"
|
force_ssl if: "Rails.env.production? && ENV['LOCAL_HTTPS'] == 'true'"
|
||||||
|
|
||||||
|
include Localized
|
||||||
helper_method :current_account
|
helper_method :current_account
|
||||||
|
|
||||||
rescue_from ActionController::RoutingError, with: :not_found
|
rescue_from ActionController::RoutingError, with: :not_found
|
||||||
|
@ -41,7 +40,6 @@ class ApplicationController < ActionController::Base
|
||||||
|
|
||||||
# If the sign in is after a two week break, we need to regenerate their feed
|
# If the sign in is after a two week break, we need to regenerate their feed
|
||||||
RegenerationWorker.perform_async(current_user.account_id) if current_user.last_sign_in_at < 14.days.ago
|
RegenerationWorker.perform_async(current_user.account_id) if current_user.last_sign_in_at < 14.days.ago
|
||||||
return
|
|
||||||
end
|
end
|
||||||
|
|
||||||
def check_suspension
|
def check_suspension
|
||||||
|
|
|
@ -4,13 +4,25 @@ module Localized
|
||||||
extend ActiveSupport::Concern
|
extend ActiveSupport::Concern
|
||||||
|
|
||||||
included do
|
included do
|
||||||
before_action :set_locale
|
around_action :set_locale
|
||||||
end
|
end
|
||||||
|
|
||||||
|
private
|
||||||
|
|
||||||
def set_locale
|
def set_locale
|
||||||
I18n.locale = current_user.try(:locale) || default_locale
|
locale = default_locale
|
||||||
|
|
||||||
|
if user_signed_in?
|
||||||
|
begin
|
||||||
|
locale = current_user.try(:locale) || default_locale
|
||||||
rescue I18n::InvalidLocale
|
rescue I18n::InvalidLocale
|
||||||
I18n.locale = default_locale
|
locale = default_locale
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
I18n.with_locale(locale) do
|
||||||
|
yield
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def default_locale
|
def default_locale
|
||||||
|
|
|
@ -1,13 +1,13 @@
|
||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
class Oauth::AuthorizationsController < Doorkeeper::AuthorizationsController
|
class Oauth::AuthorizationsController < Doorkeeper::AuthorizationsController
|
||||||
include Localized
|
|
||||||
|
|
||||||
skip_before_action :authenticate_resource_owner!
|
skip_before_action :authenticate_resource_owner!
|
||||||
|
|
||||||
before_action :store_current_location
|
before_action :store_current_location
|
||||||
before_action :authenticate_resource_owner!
|
before_action :authenticate_resource_owner!
|
||||||
|
|
||||||
|
include Localized
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
||||||
def store_current_location
|
def store_current_location
|
||||||
|
|
|
@ -1,13 +1,13 @@
|
||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
class Oauth::AuthorizedApplicationsController < Doorkeeper::AuthorizedApplicationsController
|
class Oauth::AuthorizedApplicationsController < Doorkeeper::AuthorizedApplicationsController
|
||||||
include Localized
|
|
||||||
|
|
||||||
skip_before_action :authenticate_resource_owner!
|
skip_before_action :authenticate_resource_owner!
|
||||||
|
|
||||||
before_action :store_current_location
|
before_action :store_current_location
|
||||||
before_action :authenticate_resource_owner!
|
before_action :authenticate_resource_owner!
|
||||||
|
|
||||||
|
include Localized
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
||||||
def store_current_location
|
def store_current_location
|
||||||
|
|
Loading…
Reference in a new issue