X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/dd905b5aa893918168c644045aa1b6069e95d48e..e3c43e4a1a2e9ebec5bc163b689671d05311051f:/app/controllers/application_controller.rb?ds=inline diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index c830d4bcd..d80b286d6 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -10,6 +10,8 @@ class ApplicationController < ActionController::Base rescue_from CanCan::AccessDenied, :with => :deny_access check_authorization + rescue_from RailsParam::InvalidParameterError, :with => :invalid_parameter + before_action :fetch_body around_action :better_errors_allow_inline, :if => proc { Rails.env.development? } @@ -44,8 +46,6 @@ class ApplicationController < ActionController::Base redirect_to :controller => "users", :action => "terms", :referer => request.fullpath end end - elsif session[:token] - session[:user] = current_user.id if self.current_user = User.authenticate(:token => session[:token]) end session[:fingerprint] = current_user.fingerprint if current_user && session[:fingerprint].nil? @@ -199,7 +199,7 @@ class ApplicationController < ActionController::Base ## # wrap a web page in a timeout def web_timeout(&block) - Timeout.timeout(Settings.web_timeout, Timeout::Error, &block) + Timeout.timeout(Settings.web_timeout, &block) rescue ActionView::Template::Error => e e = e.cause @@ -308,6 +308,17 @@ class ApplicationController < ActionController::Base end end + def invalid_parameter(_exception) + if request.get? + respond_to do |format| + format.html { redirect_to :controller => "/errors", :action => "bad_request" } + format.any { head :bad_request } + end + else + head :bad_request + end + end + # extract authorisation credentials from headers, returns user = nil if none def auth_data if request.env.key? "X-HTTP_AUTHORIZATION" # where mod_rewrite might have put it