Handle invalid signed blob IDs gracefully

author: George Claghorn <george@basecamp.com> 2017-12-15 19:26:53 -0500
committer: George Claghorn <george@basecamp.com> 2017-12-15 19:26:53 -0500
commit: af0caadb8d9781770399c1804976af4a71d1313b (patch)
tree: 19fe95a35822990cba61915b3efd38b4ed5f1513 /activestorage/app/controllers/concerns/active_storage
parent: ca2c4cb7c4ee2f126e65ade6192a0c6b5ec58ffc (diff)
download: rails-af0caadb8d9781770399c1804976af4a71d1313b.tar.gz
rails-af0caadb8d9781770399c1804976af4a71d1313b.tar.bz2
rails-af0caadb8d9781770399c1804976af4a71d1313b.zip
1 files changed, 16 insertions, 0 deletions
diff --git a/activestorage/app/controllers/concerns/active_storage/set_blob.rb b/activestorage/app/controllers/concerns/active_storage/set_blob.rb
new file mode 100644
index 0000000000..b0f3d97a66
--- /dev/null
+++ b/activestorage/app/controllers/concerns/active_storage/set_blob.rb
@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module ActiveStorage::SetBlob
+  extend ActiveSupport::Concern
+
+  included do
+    before_action :set_blob
+  end
+
+  private
+    def set_blob
+      @blob = ActiveStorage::Blob.find_signed(params[:signed_blob_id] || params[:signed_id])
+    rescue ActiveSupport::MessageVerifier::InvalidSignature
+      head :not_found
+    end
+end
author	George Claghorn <george@basecamp.com>	2017-12-15 19:26:53 -0500
committer	George Claghorn <george@basecamp.com>	2017-12-15 19:26:53 -0500
commit	af0caadb8d9781770399c1804976af4a71d1313b (patch)
tree	19fe95a35822990cba61915b3efd38b4ed5f1513 /activestorage/app/controllers/concerns/active_storage
parent	ca2c4cb7c4ee2f126e65ade6192a0c6b5ec58ffc (diff)
download	rails-af0caadb8d9781770399c1804976af4a71d1313b.tar.gz rails-af0caadb8d9781770399c1804976af4a71d1313b.tar.bz2 rails-af0caadb8d9781770399c1804976af4a71d1313b.zip