X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/519c13d4cd3823ab422e94ffb4fb9fbe05712392..12ac6f8f27dfe63d9674fba54862db13a9e6d89a:/app/controllers/application_controller.rb diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index ddc6d8ab2..f5accc3c4 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -10,6 +10,8 @@ class ApplicationController < ActionController::Base rescue_from CanCan::AccessDenied, :with => :deny_access check_authorization + rescue_from RailsParam::InvalidParameterError, :with => :invalid_parameter + before_action :fetch_body around_action :better_errors_allow_inline, :if => proc { Rails.env.development? } @@ -44,8 +46,6 @@ class ApplicationController < ActionController::Base redirect_to :controller => "users", :action => "terms", :referer => request.fullpath end end - elsif session[:token] - session[:user] = current_user.id if self.current_user = User.authenticate(:token => session[:token]) end session[:fingerprint] = current_user.fingerprint if current_user && session[:fingerprint].nil? @@ -312,6 +312,17 @@ class ApplicationController < ActionController::Base end end + def invalid_parameter(_exception) + if request.get? + respond_to do |format| + format.html { redirect_to :controller => "/errors", :action => "bad_request" } + format.any { head :bad_request } + end + else + head :bad_request + end + end + # extract authorisation credentials from headers, returns user = nil if none def auth_data if request.env.key? "X-HTTP_AUTHORIZATION" # where mod_rewrite might have put it