class SignedForm::GateKeeper
Attributes
allowed_attributes[R]
Public Class Methods
new(controller)
click to toggle source
# File lib/signed_form/gate_keeper.rb, line 5 def initialize(controller) @controller = controller @params = controller.params @request = controller.request extract_and_verify_form_signature verify_destination verify_digest end
Public Instance Methods
extract_and_verify_form_signature()
click to toggle source
# File lib/signed_form/gate_keeper.rb, line 19 def extract_and_verify_form_signature data, signature = @params['form_signature'].split('--', 2) hmac = SignedForm::HMAC.new secret_key: SignedForm.secret_key signature ||= '' raise Errors::InvalidSignature, "Form signature is not valid" unless hmac.verify signature, data @allowed_attributes = Marshal.load Base64.strict_decode64(data) @options = allowed_attributes.delete(:_options_) end
options()
click to toggle source
# File lib/signed_form/gate_keeper.rb, line 15 def options @options ||= {} end
verify_destination()
click to toggle source
# File lib/signed_form/gate_keeper.rb, line 31 def verify_destination return unless options[:method] && options[:url] raise Errors::InvalidURL if options[:method].to_s.casecmp(@request.request_method) != 0 url = @controller.url_for(options[:url]) raise Errors::InvalidURL if url != @request.fullpath && url != @request.url end
verify_digest()
click to toggle source
# File lib/signed_form/gate_keeper.rb, line 38 def verify_digest return unless options[:digest] return if options[:digest_expiration] && Time.now < options[:digest_expiration] digestor = options[:digest] given_digest = digestor.to_s digestor.view_paths = @controller.view_paths.map(&:to_s) digestor.refresh raise Errors::ExpiredForm unless given_digest == digestor.to_s end