Merge pull request #6129 from betagouv/log-token-errors

Ajout d'un message de déboguage en cas de token invalide dans Users::SessionsController (#6129)
This commit is contained in:
Pierre de La Morinerie 2021-04-27 10:15:33 +02:00 committed by GitHub
commit ba466f8430
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -77,4 +77,22 @@ class Users::SessionsController < Devise::SessionsController
redirect_to link_sent_path(email: instructeur.email) redirect_to link_sent_path(email: instructeur.email)
end end
end end
private
def handle_unverified_request
log_invalid_authenticity_token_error
super
end
def log_invalid_authenticity_token_error
Sentry.with_scope do |temp_scope|
tags = {
request_tokens: request_authenticity_tokens.compact.map { |t| t.gsub(/.....$/, '*****') }.join(', '),
session_token: session[:_csrf_token]&.gsub(/.....$/, '*****')
}
temp_scope.set_tags(tags)
Sentry.capture_message("ActionController::InvalidAuthenticityToken in Users::SessionsController")
end
end
end end