Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Wrap exception with OmniAuth::AuthenticityError
Browse files Browse the repository at this point in the history
This allows the exception to be handled by the appropriate OmniAuth
error handler.  The original exception will still be available from
the wrapping exceptions's `#cause`, for error reporting and diagnostics.
nevans committed Oct 1, 2024
1 parent 238f4f0 commit c0e9b13
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion lib/omniauth/rails_csrf_protection/token_verifier.rb
Original file line number Diff line number Diff line change
@@ -41,8 +41,13 @@ def call(env)

def _call(env)
@request = ActionDispatch::Request.new(env.dup)

verify_authenticity_token
rescue ActionController::ActionControllerError => ex
logger.warn "Attack prevented by #{self.class}"
# wrapped exception:
# * rescued and handled by OmniAuth::Strategy#request_call
# * contains #cause with original exception
raise OmniAuth::AuthenticityError, "[#{ex.class}] #{ex}"
end

private

0 comments on commit c0e9b13

Please sign in to comment.