controllers: log invalid tokens in Users::SessionsController

This is an attempt to understand why we have so many of these errors in production.
2021-04-22 19:23:47 +02:00 · 2021-04-22 19:23:47 +02:00 · 51d6faabee
commit 51d6faabee
parent 684fb388d3
1 changed files with 18 additions and 0 deletions
--- a/app/controllers/users/sessions_controller.rb
+++ b/app/controllers/users/sessions_controller.rb
@ -77,4 +77,22 @@ class Users::SessionsController < Devise::SessionsController
      redirect_to link_sent_path(email: instructeur.email)
    end
  end
+
+  private
+
+  def handle_unverified_request
+    log_invalid_authenticity_token_error
+    super
+  end
+
+  def log_invalid_authenticity_token_error
+    Sentry.with_scope do |temp_scope|
+      tags = {
+        request_tokens: request_authenticity_tokens.compact.map { |t| t.gsub(/.....$/, '*****') }.join(', '),
+        session_token: session[:_csrf_token]&.gsub(/.....$/, '*****')
+      }
+      temp_scope.set_tags(tags)
+      Sentry.capture_message("ActionController::InvalidAuthenticityToken in Users::SessionsController")
+    end
+  end
 end