about summary refs log tree commit diff
diff options
context:
space:
mode:
authorEugen Rochko <eugen@zeonfederated.com>2017-04-08 02:30:50 +0200
committerEugen Rochko <eugen@zeonfederated.com>2017-04-08 02:30:50 +0200
commit4b621188adcd3e68272fc58db3cb5dfe51e71b38 (patch)
tree45df5941a51262e9ad1f316208ff4cde9c7732c5
parenta872f2f4c64f4a370fa1a92a28f9c07c1dd3b06d (diff)
Fix #1165 - before_action was called before protect_from_forgery
-rw-r--r--app/controllers/application_controller.rb4
-rw-r--r--app/controllers/concerns/localized.rb20
-rw-r--r--app/controllers/oauth/authorizations_controller.rb4
-rw-r--r--app/controllers/oauth/authorized_applications_controller.rb4
4 files changed, 21 insertions, 11 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index f00f9c1e3..61ca71123 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,14 +1,13 @@
 # frozen_string_literal: true
 
 class ApplicationController < ActionController::Base
-  include Localized
-
   # Prevent CSRF attacks by raising an exception.
   # For APIs, you may want to use :null_session instead.
   protect_from_forgery with: :exception
 
   force_ssl if: "Rails.env.production? && ENV['LOCAL_HTTPS'] == 'true'"
 
+  include Localized
   helper_method :current_account
 
   rescue_from ActionController::RoutingError, with: :not_found
@@ -41,7 +40,6 @@ class ApplicationController < ActionController::Base
 
     # If the sign in is after a two week break, we need to regenerate their feed
     RegenerationWorker.perform_async(current_user.account_id) if current_user.last_sign_in_at < 14.days.ago
-    return
   end
 
   def check_suspension
diff --git a/app/controllers/concerns/localized.rb b/app/controllers/concerns/localized.rb
index b6f868090..6528ce45e 100644
--- a/app/controllers/concerns/localized.rb
+++ b/app/controllers/concerns/localized.rb
@@ -4,13 +4,25 @@ module Localized
   extend ActiveSupport::Concern
 
   included do
-    before_action :set_locale
+    around_action :set_locale
   end
 
+  private
+
   def set_locale
-    I18n.locale = current_user.try(:locale) || default_locale
-  rescue I18n::InvalidLocale
-    I18n.locale = default_locale
+    locale = default_locale
+
+    if user_signed_in?
+      begin
+        locale = current_user.try(:locale) || default_locale
+      rescue I18n::InvalidLocale
+        locale = default_locale
+      end
+    end
+
+    I18n.with_locale(locale) do
+      yield
+    end
   end
 
   def default_locale
diff --git a/app/controllers/oauth/authorizations_controller.rb b/app/controllers/oauth/authorizations_controller.rb
index cdbfde0fb..e9cdf9fa8 100644
--- a/app/controllers/oauth/authorizations_controller.rb
+++ b/app/controllers/oauth/authorizations_controller.rb
@@ -1,13 +1,13 @@
 # frozen_string_literal: true
 
 class Oauth::AuthorizationsController < Doorkeeper::AuthorizationsController
-  include Localized
-
   skip_before_action :authenticate_resource_owner!
 
   before_action :store_current_location
   before_action :authenticate_resource_owner!
 
+  include Localized
+
   private
 
   def store_current_location
diff --git a/app/controllers/oauth/authorized_applications_controller.rb b/app/controllers/oauth/authorized_applications_controller.rb
index 09dd5d3c4..395fbc51b 100644
--- a/app/controllers/oauth/authorized_applications_controller.rb
+++ b/app/controllers/oauth/authorized_applications_controller.rb
@@ -1,13 +1,13 @@
 # frozen_string_literal: true
 
 class Oauth::AuthorizedApplicationsController < Doorkeeper::AuthorizedApplicationsController
-  include Localized
-
   skip_before_action :authenticate_resource_owner!
 
   before_action :store_current_location
   before_action :authenticate_resource_owner!
 
+  include Localized
+
   private
 
   def store_current_location