diff options
| author | Eugen Rochko <eugen@zeonfederated.com> | 2017-04-08 02:30:50 +0200 |
|---|---|---|
| committer | Eugen Rochko <eugen@zeonfederated.com> | 2017-04-08 02:30:50 +0200 |
| commit | 4b621188adcd3e68272fc58db3cb5dfe51e71b38 (patch) | |
| tree | 45df5941a51262e9ad1f316208ff4cde9c7732c5 | |
| parent | a872f2f4c64f4a370fa1a92a28f9c07c1dd3b06d (diff) | |
Fix #1165 - before_action was called before protect_from_forgery
| -rw-r--r-- | app/controllers/application_controller.rb | 4 | ||||
| -rw-r--r-- | app/controllers/concerns/localized.rb | 20 | ||||
| -rw-r--r-- | app/controllers/oauth/authorizations_controller.rb | 4 | ||||
| -rw-r--r-- | app/controllers/oauth/authorized_applications_controller.rb | 4 |
4 files changed, 21 insertions, 11 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index f00f9c1e3..61ca71123 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,14 +1,13 @@ # frozen_string_literal: true class ApplicationController < ActionController::Base - include Localized - # Prevent CSRF attacks by raising an exception. # For APIs, you may want to use :null_session instead. protect_from_forgery with: :exception force_ssl if: "Rails.env.production? && ENV['LOCAL_HTTPS'] == 'true'" + include Localized helper_method :current_account rescue_from ActionController::RoutingError, with: :not_found @@ -41,7 +40,6 @@ class ApplicationController < ActionController::Base # If the sign in is after a two week break, we need to regenerate their feed RegenerationWorker.perform_async(current_user.account_id) if current_user.last_sign_in_at < 14.days.ago - return end def check_suspension diff --git a/app/controllers/concerns/localized.rb b/app/controllers/concerns/localized.rb index b6f868090..6528ce45e 100644 --- a/app/controllers/concerns/localized.rb +++ b/app/controllers/concerns/localized.rb @@ -4,13 +4,25 @@ module Localized extend ActiveSupport::Concern included do - before_action :set_locale + around_action :set_locale end + private + def set_locale - I18n.locale = current_user.try(:locale) || default_locale - rescue I18n::InvalidLocale - I18n.locale = default_locale + locale = default_locale + + if user_signed_in? + begin + locale = current_user.try(:locale) || default_locale + rescue I18n::InvalidLocale + locale = default_locale + end + end + + I18n.with_locale(locale) do + yield + end end def default_locale diff --git a/app/controllers/oauth/authorizations_controller.rb b/app/controllers/oauth/authorizations_controller.rb index cdbfde0fb..e9cdf9fa8 100644 --- a/app/controllers/oauth/authorizations_controller.rb +++ b/app/controllers/oauth/authorizations_controller.rb @@ -1,13 +1,13 @@ # frozen_string_literal: true class Oauth::AuthorizationsController < Doorkeeper::AuthorizationsController - include Localized - skip_before_action :authenticate_resource_owner! before_action :store_current_location before_action :authenticate_resource_owner! + include Localized + private def store_current_location diff --git a/app/controllers/oauth/authorized_applications_controller.rb b/app/controllers/oauth/authorized_applications_controller.rb index 09dd5d3c4..395fbc51b 100644 --- a/app/controllers/oauth/authorized_applications_controller.rb +++ b/app/controllers/oauth/authorized_applications_controller.rb @@ -1,13 +1,13 @@ # frozen_string_literal: true class Oauth::AuthorizedApplicationsController < Doorkeeper::AuthorizedApplicationsController - include Localized - skip_before_action :authenticate_resource_owner! before_action :store_current_location before_action :authenticate_resource_owner! + include Localized + private def store_current_location |