From c0e9b13e1a0194190bbcf621188fd831b952bafa Mon Sep 17 00:00:00 2001
From: nick evans <nick@rubinick.dev>
Date: Tue, 1 Oct 2024 10:00:18 -0400
Subject: [PATCH] Wrap exception with OmniAuth::AuthenticityError

This allows the exception to be handled by the appropriate OmniAuth
error handler.  The original exception will still be available from
the wrapping exceptions's `#cause`, for error reporting and diagnostics.
---
 lib/omniauth/rails_csrf_protection/token_verifier.rb | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/omniauth/rails_csrf_protection/token_verifier.rb b/lib/omniauth/rails_csrf_protection/token_verifier.rb
index 0732e10..f76b699 100644
--- a/lib/omniauth/rails_csrf_protection/token_verifier.rb
+++ b/lib/omniauth/rails_csrf_protection/token_verifier.rb
@@ -41,8 +41,13 @@ def call(env)
 
       def _call(env)
         @request = ActionDispatch::Request.new(env.dup)
-
         verify_authenticity_token
+      rescue ActionController::ActionControllerError => ex
+        logger.warn "Attack prevented by #{self.class}"
+        # wrapped exception:
+        # * rescued and handled by OmniAuth::Strategy#request_call
+        # * contains #cause with original exception
+        raise OmniAuth::AuthenticityError, "[#{ex.class}] #{ex}"
       end
 
       private