Fix #1165 - before_action was called before protect_from_forgery

2017-04-08 02:30:50 +02:00 · 2017-04-08 02:30:50 +02:00 · 4b621188ad
parent a872f2f4c6
commit 4b621188ad
4 changed files with 21 additions and 11 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -1,14 +1,13 @@
 # frozen_string_literal: true

 class ApplicationController < ActionController::Base
-  include Localized
-
  # Prevent CSRF attacks by raising an exception.
  # For APIs, you may want to use :null_session instead.
  protect_from_forgery with: :exception

  force_ssl if: "Rails.env.production? && ENV['LOCAL_HTTPS'] == 'true'"

+  include Localized
  helper_method :current_account

  rescue_from ActionController::RoutingError, with: :not_found
@ -41,7 +40,6 @@ class ApplicationController < ActionController::Base

    # If the sign in is after a two week break, we need to regenerate their feed
    RegenerationWorker.perform_async(current_user.account_id) if current_user.last_sign_in_at < 14.days.ago
-    return
  end

  def check_suspension
--- a/app/controllers/concerns/localized.rb
+++ b/app/controllers/concerns/localized.rb
@ -4,13 +4,25 @@ module Localized
  extend ActiveSupport::Concern

  included do
-    before_action :set_locale
+    around_action :set_locale
  end

+  private
+
  def set_locale
-    I18n.locale = current_user.try(:locale) || default_locale
-  rescue I18n::InvalidLocale
-    I18n.locale = default_locale
+    locale = default_locale
+
+    if user_signed_in?
+      begin
+        locale = current_user.try(:locale) || default_locale
+      rescue I18n::InvalidLocale
+        locale = default_locale
+      end
+    end
+
+    I18n.with_locale(locale) do
+      yield
+    end
  end

  def default_locale
--- a/app/controllers/oauth/authorizations_controller.rb
+++ b/app/controllers/oauth/authorizations_controller.rb
@ -1,13 +1,13 @@
 # frozen_string_literal: true

 class Oauth::AuthorizationsController < Doorkeeper::AuthorizationsController
-  include Localized
-
  skip_before_action :authenticate_resource_owner!

  before_action :store_current_location
  before_action :authenticate_resource_owner!

+  include Localized
+
  private

  def store_current_location
--- a/app/controllers/oauth/authorized_applications_controller.rb
+++ b/app/controllers/oauth/authorized_applications_controller.rb
@ -1,13 +1,13 @@
 # frozen_string_literal: true

 class Oauth::AuthorizedApplicationsController < Doorkeeper::AuthorizedApplicationsController
-  include Localized
-
  skip_before_action :authenticate_resource_owner!

  before_action :store_current_location
  before_action :authenticate_resource_owner!

+  include Localized
+
  private

  def store_current_location