diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2013-11-11 21:41:10 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2013-11-11 21:41:10 +0000 |
| commit | 6628610ed6969cb2f7b60a57b9e924bd24976271 (patch) | |
| tree | 112fc59411df36c94c17cc40c1921e4cfcff7526 | |
| parent | ddef51599bdabf814a78a2f787e4e2a53171366d (diff) | |
| download | redmine-6628610ed6969cb2f7b60a57b9e924bd24976271.tar.gz redmine-6628610ed6969cb2f7b60a57b9e924bd24976271.zip | |
Merged r12267.
git-svn-id: http://svn.redmine.org/redmine/branches/2.4-stable@12271 e93f8b46-1217-0410-a6f0-8f06a7374b81
| -rw-r--r-- | app/controllers/application_controller.rb | 12 | ||||
| -rw-r--r-- | test/integration/application_test.rb | 9 |
2 files changed, 13 insertions, 8 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 6e53ffe01..fa97b179c 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -36,11 +36,14 @@ class ApplicationController < ActionController::Base def handle_unverified_request super cookies.delete(autologin_cookie_name) + if api_request? + logger.error "API calls must include a proper Content-type header (application/xml or application/json)." + end + render_error :status => 422, :message => "Invalid form authenticity token." end before_filter :session_expiration, :user_setup, :check_if_login_required, :check_password_change, :set_localization - rescue_from ActionController::InvalidAuthenticityToken, :with => :invalid_authenticity_token rescue_from ::Unauthorized, :with => :deny_access rescue_from ::ActionView::MissingTemplate, :with => :missing_template @@ -450,13 +453,6 @@ class ApplicationController < ActionController::Base request.xhr? ? false : 'base' end - def invalid_authenticity_token - if api_request? - logger.error "Form authenticity token is missing or is invalid. API calls must include a proper Content-type header (text/xml or text/json)." - end - render_error "Invalid form authenticity token." - end - def render_feed(items, options={}) @items = items || [] @items.sort! {|x,y| y.event_datetime <=> x.event_datetime } diff --git a/test/integration/application_test.rb b/test/integration/application_test.rb index 7f4e3b595..3ad12a3d1 100644 --- a/test/integration/application_test.rb +++ b/test/integration/application_test.rb @@ -67,4 +67,13 @@ class ApplicationTest < ActionController::IntegrationTest get '/login.png' assert_response 404 end + + def test_invalid_token_should_call_custom_handler + ActionController::Base.allow_forgery_protection = true + post '/issues' + assert_response 422 + assert_include "Invalid form authenticity token.", response.body + ensure + ActionController::Base.allow_forgery_protection = false + end end |