From 4b621188adcd3e68272fc58db3cb5dfe51e71b38 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Sat, 8 Apr 2017 02:30:50 +0200 Subject: [PATCH] Fix #1165 - before_action was called before protect_from_forgery --- app/controllers/application_controller.rb | 4 +--- app/controllers/concerns/localized.rb | 20 +++++++++++++++---- .../oauth/authorizations_controller.rb | 4 ++-- .../authorized_applications_controller.rb | 4 ++-- 4 files changed, 21 insertions(+), 11 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index f00f9c1e..61ca7112 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,14 +1,13 @@ # frozen_string_literal: true class ApplicationController < ActionController::Base - include Localized - # Prevent CSRF attacks by raising an exception. # For APIs, you may want to use :null_session instead. protect_from_forgery with: :exception force_ssl if: "Rails.env.production? && ENV['LOCAL_HTTPS'] == 'true'" + include Localized helper_method :current_account rescue_from ActionController::RoutingError, with: :not_found @@ -41,7 +40,6 @@ class ApplicationController < ActionController::Base # If the sign in is after a two week break, we need to regenerate their feed RegenerationWorker.perform_async(current_user.account_id) if current_user.last_sign_in_at < 14.days.ago - return end def check_suspension diff --git a/app/controllers/concerns/localized.rb b/app/controllers/concerns/localized.rb index b6f86809..6528ce45 100644 --- a/app/controllers/concerns/localized.rb +++ b/app/controllers/concerns/localized.rb @@ -4,13 +4,25 @@ module Localized extend ActiveSupport::Concern included do - before_action :set_locale + around_action :set_locale end + private + def set_locale - I18n.locale = current_user.try(:locale) || default_locale - rescue I18n::InvalidLocale - I18n.locale = default_locale + locale = default_locale + + if user_signed_in? + begin + locale = current_user.try(:locale) || default_locale + rescue I18n::InvalidLocale + locale = default_locale + end + end + + I18n.with_locale(locale) do + yield + end end def default_locale diff --git a/app/controllers/oauth/authorizations_controller.rb b/app/controllers/oauth/authorizations_controller.rb index cdbfde0f..e9cdf9fa 100644 --- a/app/controllers/oauth/authorizations_controller.rb +++ b/app/controllers/oauth/authorizations_controller.rb @@ -1,13 +1,13 @@ # frozen_string_literal: true class Oauth::AuthorizationsController < Doorkeeper::AuthorizationsController - include Localized - skip_before_action :authenticate_resource_owner! before_action :store_current_location before_action :authenticate_resource_owner! + include Localized + private def store_current_location diff --git a/app/controllers/oauth/authorized_applications_controller.rb b/app/controllers/oauth/authorized_applications_controller.rb index 09dd5d3c..395fbc51 100644 --- a/app/controllers/oauth/authorized_applications_controller.rb +++ b/app/controllers/oauth/authorized_applications_controller.rb @@ -1,13 +1,13 @@ # frozen_string_literal: true class Oauth::AuthorizedApplicationsController < Doorkeeper::AuthorizedApplicationsController - include Localized - skip_before_action :authenticate_resource_owner! before_action :store_current_location before_action :authenticate_resource_owner! + include Localized + private def store_current_location