Sutty/panel
5
0
Fork 0
mirror of https://0xacab.org/sutty/sutty synced 2024-11-21 23:06:22 +00:00
Code Issues Projects Releases Wiki Activity

fix: anonimizar encabezados

Browse source
This commit is contained in:
f 2024-11-01 16:23:13 -03:00
parent 1f4b1b5fce
commit 12d515e2ac
No known key found for this signature in database
1 changed files with 15 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
app/controllers/registrations_controller.rb
View file

@ -6,6 +6,8 @@
class RegistrationsController < Devise::RegistrationsController
class SpambotError < StandardError; end
PRIVATE_HEADERS = /(cookie|secret|token)/i
prepend_before_action :anti_spambot_traps, only: %i[create]
prepend_after_action :lock_spambots, only: %i[create]
@ -34,7 +36,7 @@ class RegistrationsController < Devise::RegistrationsController
def anti_spambot_traps
raise SpambotError if spambot?
rescue SpambotError => e
ExceptionNotifier.notify_exception(e, data: { params: anonymized_params, headers: request.headers.to_h })
ExceptionNotifier.notify_exception(e, data: { params: anonymized_params, headers: anonymized_headers })
nil
end
@ -49,6 +51,18 @@ class RegistrationsController < Devise::RegistrationsController
end
end
# Devuelve los encabezados de la petición sin información sensible de
# Rails
#
# @return [Hash]
def anonymized_headers
request.headers.to_h.select do |_, v|
v.is_a? String
end.reject do |k, _|
k =~ PRIVATE_HEADERS
end
end
# Si le usuarie es considerade spambot, no enviamos el correo de
# confirmación al crear la cuenta.
def sign_up_params