github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-30 15:28:37 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

UX: Improve error handling for common OmniAuth exceptions (#7991)

Browse Source 
This displays more useful messages for the most common issues we see:
- CSRF (when the user switches browser)
- Invalid IAT (when the server clock is wrong)
- OAuth::Unauthorized for OAuth1 providers, when the credentials are incorrect

This commit also stops earlier for disabled authenticators. Now we stop at the request phase, rather than the callback phase.
This commit is contained in:
David Taylor
2019-08-12 10:55:02 +01:00
committed by GitHub
parent 731f61a818
commit 750802bf56
6 changed files with 65 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/csrf_token_verifier.rb
View File

@ -2,6 +2,8 @@
# Provides a way to check a CSRF token outside of a controller
class CSRFTokenVerifier
class InvalidCSRFToken < StandardError; end
include ActiveSupport::Configurable
include ActionController::RequestForgeryProtection
@ -17,7 +19,7 @@ class CSRFTokenVerifier
@request = ActionDispatch::Request.new(env.dup)
unless verified_request?
raise ActionController::InvalidAuthenticityToken
raise InvalidCSRFToken
end
end