Sha256: 4cb699315d3662118fb651adb6f7a9013f4431507d84778361aa8df3131e1ab5
Contents?: true
Size: 1.13 KB
Versions: 2
Compression:
Stored size: 1.13 KB
Contents
module SignedForm module ActionController # This module is required for parameter verification on the controller. # Include it in controllers that will be receiving signed forms. module PermitSignedParams def self.included(base) base.prepend_before_filter :permit_signed_form_data gem 'strong_parameters' unless defined?(::ActionController::Parameters) end protected def permit_signed_form_data return if request.method == 'GET' || params['form_signature'].blank? data, signature = params['form_signature'].split('--', 2) signature ||= '' raise Errors::InvalidSignature, "Form signature is not valid" unless SignedForm::HMAC.verify_hmac signature, data allowed_attributes = Marshal.load Base64.strict_decode64(data) options = allowed_attributes.delete(:__options__) raise Errors::InvalidURL if options && (!options[:method].to_s.casecmp(request.method) || options[:url] != request.fullpath) allowed_attributes.each do |k, v| params[k] = params.require(k).permit(*v) end end end end end
Version data entries
2 entries across 2 versions & 1 rubygems
Version | Path |
---|---|
signed_form-0.1.1 | lib/signed_form/action_controller/permit_signed_params.rb |
signed_form-0.1.0 | lib/signed_form/action_controller/permit_signed_params.rb |