Send notification mails on CSRF fails

closes #7050
author: Steffen van Bergerem <svbergerem@online.de> 2016-09-03 01:11:28 +0300
committer: Dennis Schubert <mail@dennis-schubert.de> 2016-09-04 04:26:42 +0300
commit: c3de77e0fc2e53b01458de390218d7dcddf8835f (patch)
tree: 90930c7f42d31cbbc5e26c3835db06ffc3fcf8fe /app/controllers
parent: 6ad9000f8c16f6758c39b59412a4b6978910d690 (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 12e30346b..bc79acdb2 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -8,7 +8,11 @@ class ApplicationController < ActionController::Base
   protect_from_forgery except: :receive, with: :exception
 
   rescue_from ActionController::InvalidAuthenticityToken do
-    sign_out current_user
+    if user_signed_in?
+      logger.warn "#{current_user.diaspora_handle} CSRF token fail. referer: #{request.referer || 'empty'}"
+      Workers::Mail::CsrfTokenFail.perform_async(current_user.id)
+      sign_out current_user
+    end
     flash[:error] = I18n.t("error_messages.csrf_token_fail")
     redirect_to new_user_session_path format: request[:format]
   end
author	Steffen van Bergerem <svbergerem@online.de>	2016-09-03 01:11:28 +0300
committer	Dennis Schubert <mail@dennis-schubert.de>	2016-09-04 04:26:42 +0300
commit	c3de77e0fc2e53b01458de390218d7dcddf8835f (patch)
tree	90930c7f42d31cbbc5e26c3835db06ffc3fcf8fe /app/controllers
parent	6ad9000f8c16f6758c39b59412a4b6978910d690 (diff)