Warn users when OP cookie is missing

When a user has disabled cookies, trying to log in to the application
will result in a 422 error due to CSRF validation trying to use the
session in Rails 4+.

This commit introduces a separate warning when the OpenProject cookie
was not found, which should always be present after the first request to
the application.
pull/4152/head
Oliver Günther 9 years ago
parent 07adb9be4d
commit c7e410ef11
  1. 11
      app/controllers/application_controller.rb
  2. 2
      config/locales/en.yml

@ -89,7 +89,16 @@ class ApplicationController < ActionController::Base
# is raised here, but is denied by disable_api.
#
# See http://stackoverflow.com/a/15350123 for more information on login CSRF.
render_error status: 422, message: 'Invalid form authenticity token.' unless api_request?
unless api_request?
# Check whether user have cookies enabled, otherwise they'll only be
# greeted with the CSRF error upon login.
cookie_missing = request.cookies['_open_project_session'].nil?
message = I18n.t(:error_token_authenticity)
message << ' ' + I18n.t(:error_cookie_missing) if cookie_missing
render_error status: 422, message: message
end
end
rescue_from ActionController::ParameterMissing do |exception|

@ -753,6 +753,8 @@ en:
error_can_not_remove_role: "This role is in use and cannot be deleted."
error_can_not_reopen_work_package_on_closed_version: "A work package assigned to a closed version cannot be reopened"
error_check_user_and_role: "Please choose a user and a role."
error_cookie_missing: 'The OpenProject cookie is missing. Please ensure that cookies are enabled, as this application will not properly function without.'
error_token_authenticity: 'Unable to verify Cross-Site Request Forgery token.'
error_work_package_done_ratios_not_updated: "Work package done ratios not updated."
error_work_package_not_found_in_project: "The work package was not found or does not belong to this project"
error_must_be_project_member: "must be project member"

Loading…
Cancel
Save