Contents

module SignedForm
  module PermitSignedParams
    def permit_signed_form_data
      return if request.method == 'GET' || params['form_signature'].blank?

      data, signature = params['form_signature'].split('--', 2)

      data      ||= ''
      signature ||= ''

      raise Errors::InvalidSignature, "Form signature is not valid" unless SignedForm::HMAC.verify_hmac signature, data
      allowed_attributes = Marshal.load Base64.strict_decode64(data)

      allowed_attributes.each do |k, v|
        params[k] = params.require(k).permit(*v)
      end
    end
  end
end

ActionController::Base.send :include, SignedForm::PermitSignedParams
ActionController::Base.prepend_before_filter :permit_signed_form_data

Version data entries

1 entries across 1 versions & 1 rubygems

Version	Path
signed_form-0.0.1.pre1	lib/signed_form/action_controller/permit_signed_params.rb