app: improve InvalidAuthenticityToken logging

- Log on all controllers - Improve description of the controller action involved - Ignore Safari bogus requests
2021-07-06 10:34:23 +00:00 · 2021-07-06 10:34:23 +00:00 · 09933454ff
commit 09933454ff
parent 50ebd6d17a
4 changed files with 78 additions and 12 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -2,6 +2,7 @@ class ApplicationController < ActionController::Base
  include TrustedDeviceConcern
  include Pundit
  include Devise::StoreLocationExtension
+  include ApplicationController::ErrorHandling

  MAINTENANCE_MESSAGE = 'Le site est actuellement en maintenance. Il sera à nouveau disponible dans un court instant.'

--- a/app/controllers/application_controller/error_handling.rb
+++ b/app/controllers/application_controller/error_handling.rb
@ -0,0 +1,29 @@
+module ApplicationController::ErrorHandling
+  extend ActiveSupport::Concern
+
+  included do
+    rescue_from ActionController::InvalidAuthenticityToken do
+      if cookies.count == 0
+        # When some browsers (like Safari) re-open a previously closed tab, they attempts
+        # to reload the page – even if it is a POST request. But in that case, they don’t
+        # sends any of the cookies.
+        #
+        # Ignore this error.
+        render plain: "Les cookies doivent être activés pour utiliser #{APPLICATION_NAME}.", status: 403
+      else
+        log_invalid_authenticity_token_error
+        raise # propagate the exception up, to render the default exception page
+      end
+    end
+  end
+
+  def log_invalid_authenticity_token_error
+    Sentry.with_scope do |temp_scope|
+      tags = {
+        action: "#{self.class.name}#{action_name}"
+      }
+      temp_scope.set_tags(tags)
+      Sentry.capture_message("ActionController::InvalidAuthenticityToken")
+    end
+  end
+end
--- a/app/controllers/users/sessions_controller.rb
+++ b/app/controllers/users/sessions_controller.rb
@ -81,18 +81,6 @@ class Users::SessionsController < Devise::SessionsController
  private

  def handle_unverified_request
-    log_invalid_authenticity_token_error
    super
  end
-
-  def log_invalid_authenticity_token_error
-    Sentry.with_scope do |temp_scope|
-      tags = {
-        request_tokens: request_authenticity_tokens.compact.map { |t| t.gsub(/.....$/, '*****') }.join(', '),
-        session_token: session[:_csrf_token]&.gsub(/.....$/, '*****')
-      }
-      temp_scope.set_tags(tags)
-      Sentry.capture_message("ActionController::InvalidAuthenticityToken in Users::SessionsController")
-    end
-  end
 end