Skip to content

Instantly share code, notes, and snippets.

View forced-request's full-sized avatar

John Poulin forced-request

66 followers · 29 following
View GitHub Profile
@forced-request
forced-request / timebased-user-enum.rb
Last active August 29, 2015 14:09
def create
user = Users.where(:username => params[:sessions][:username]).first
unless user.nil?
if user.password == compute
render :text => "Login Successfully"
else
render :text => NOT_EXISTS
end
else
render :text => NOT_EXISTS
@forced-request
forced-request / keybase.md
Created October 6, 2014 13:44
keybase.md

Keybase proof

I hereby claim:

  • I am forced-request on github.
  • I am forcedrequest (https://keybase.io/forcedrequest) on keybase.
  • I have a public key whose fingerprint is 5717 2014 FCD3 25E9 0676 55D9 7995 BE99 3DC8 6C86

To claim this, I am signing this object:

@forced-request
forced-request / gist:e491eea8860e889dc843
Created September 17, 2014 16:13
Relative Path JS
<html>
<head>
<title>Test</title>
<script src="jquery-1.11.1.min.js"></script>
<script>
$(document).ready(function () {
alert('hiii');
});
</script>
</head>
@forced-request
forced-request / gist:74266013b36ee0de6f09
Last active August 29, 2015 14:06
class ApplicationController < ActionController::Base
protect_from_forgery with: :exception
end
@forced-request
forced-request / gist:a29212b17d12bf57a88f
Created September 9, 2014 16:22
CSRF Example
class ApplicationController < ActionController::Base
protect_from_forgery
# Overload handle_unverified_request to ensure that
# exception is raised each time a request does not
# pass validation.
def handle_unverified_request
raise(ActionController::InvalidAuthenticityToken)
end
end
@forced-request
forced-request / application_controller.rb
Created September 9, 2014 15:43
Overloading handle_unverified_request to protect from forgery
class ApplicationController < ActionController::Base
protect_from_forgery
# Overload handle_unverified_request to ensure that
# exception is raised each time a request does not
# pass validation.
def handle_unverified_request
raise(ActionController::InvalidAuthenticityToken)
end
end
@forced-request
forced-request / gist:7656816db64f46689ce8
Created September 9, 2014 01:11
reset_session
def reset_session
session.destroy if session && session.respond_to?(:destroy)
self.session = {}
@env['action_dispatch.request.flash_hash'] = nil
end
@forced-request
forced-request / request_forgery_protection.rb
Last active March 27, 2017 17:55
handle_unverified_request
def handle_unverified_request
reset_session
end
def verified_request?
!protect_against_forgery? || request.get? ||
form_authenticity_token == params[request_forgery_protection_token] ||
form_authenticity_token == request.headers['X-CSRF-Token']
end
@forced-request
forced-request / gist:653acca0adb0e61554f6
Created September 9, 2014 00:23
verify_authenticity_token
def verify_authenticity_token
unless verified_request?
logger.warn "WARNING: Can't verify CSRF token authenticity" if logger
handle_unverified_request
end
end
@forced-request
forced-request / request_forgery_protection.rb
Last active April 18, 2017 23:46
protect_from_forgery
def protect_from_forgery(options = {})
self.request_forgery_protection_token ||= :authenticity_token
prepend_before_filter :verify_authenticity_token, options
end
def verify_authenticity_token
unless verified_request?
logger.warn "WARNING: Can't verify CSRF token authenticity" if logger
handle_unverified_request
end