Rework authenticity_token to use simpler helper, sidekiq#2422

yamagu · Jul 6, 2015 · 5adbc24 · 5adbc24
1 parent 6a14ea6
commit 5adbc24
Show file tree

Hide file tree

Showing 10 changed files with 16 additions and 16 deletions.
diff --git a/lib/sidekiq/web_helpers.rb b/lib/sidekiq/web_helpers.rb
@@ -173,8 +173,8 @@ def display_args(args, truncate_after_chars = 2000)
       end.join(", ")
     end
 
-    def tkn
-      session[:csrf]
+    def csrf_tag
+      "<input type='hidden' name='authenticity_token' value='#{session[:csrf]}'/>"
     end
 
     def to_display(arg)

diff --git a/web/views/busy.erb b/web/views/busy.erb
@@ -4,7 +4,7 @@
   </div>
   <div class="col-sm-4 pull-right">
     <form method="POST" style="margin-top: 20px; margin-bottom: 10px;">
-      <input type="hidden" name="authenticity_token" value="<%= tkn %>"/>
+      <%= csrf_tag %>
       <div class="btn-group pull-right">
         <button class="btn btn-warn" type="submit" name="quiet" value="1"><%= t('QuietAll') %></button>
         <button class="btn btn-danger" type="submit" name="stop" value="1"><%= t('StopAll') %></button>
@@ -41,7 +41,7 @@
         <td>
           <div class="btn-group pull-right">
             <form method="POST">
-              <input type="hidden" name="authenticity_token" value="<%= tkn %>"/>
+              <%= csrf_tag %>
               <input type="hidden" name="identity" value="<%= process['identity'] %>"/>
               <button class="btn btn-warn" type="submit" name="quiet" value="1"><%= t('Quiet') %></button>
               <button class="btn btn-danger" type="submit" name="stop" value="1"><%= t('Stop') %></button>

diff --git a/web/views/dead.erb b/web/views/dead.erb
@@ -27,7 +27,7 @@
 </div>
 
 <form class="form-horizontal" action="<%= root_path %>morgue/<%= job_params(@dead, @dead.score) %>" method="post">
-  <input type="hidden" name="authenticity_token" value="<%= tkn %>"/>
+  <%= csrf_tag %>
   <a class="btn btn-default" href="<%= root_path %>morgue"><%= t('GoBack') %></a>
   <input class="btn btn-primary" type="submit" name="retry" value="<%= t('RetryNow') %>" />
   <input class="btn btn-danger" type="submit" name="delete" value="<%= t('Delete') %>" />

diff --git a/web/views/morgue.erb b/web/views/morgue.erb
@@ -12,7 +12,7 @@
 
 <% if @dead.size > 0 %>
   <form action="<%= root_path %>morgue" method="post">
-    <input type="hidden" name="authenticity_token" value="<%= tkn %>"/>
+    <%= csrf_tag %>
     <div class="table_container">
       <table class="table table-striped table-bordered table-white">
         <thead>
@@ -58,11 +58,11 @@
   </form>
 
   <form action="<%= root_path %>morgue/all/delete" method="post">
-    <input type="hidden" name="authenticity_token" value="<%= tkn %>"/>
+    <%= csrf_tag %>
     <input class="btn btn-danger btn-xs pull-right" type="submit" name="delete" value="<%= t('DeleteAll') %>" data-confirm="<%= t('AreYouSure') %>" />
   </form>
   <form action="<%= root_path %>morgue/all/retry" method="post">
-    <input type="hidden" name="authenticity_token" value="<%= tkn %>"/>
+    <%= csrf_tag %>
     <input class="btn btn-danger btn-xs pull-right" type="submit" name="retry" value="<%= t('RetryAll') %>" data-confirm="<%= t('AreYouSure') %>" />
   </form>
 

diff --git a/web/views/queue.erb b/web/views/queue.erb
@@ -33,7 +33,7 @@
         </td>
         <td>
           <form action="<%= root_path %>queues/<%= @name %>/delete" method="post">
-            <input type="hidden" name="authenticity_token" value="<%= tkn %>"/>
+            <%= csrf_tag %>
             <input name="key_val" value="<%= h Sidekiq.dump_json(msg.item) %>" type="hidden" />
             <input class="btn btn-danger btn-xs" type="submit" name="delete" value="<%= t('Delete') %>" data-confirm="<%= t('AreYouSure') %>" />
           </form>

diff --git a/web/views/queues.erb b/web/views/queues.erb
@@ -18,7 +18,7 @@
         <td><%= number_with_delimiter(queue.size) %> </td>
         <td width="20%">
           <form action="<%=root_path %>queues/<%= queue.name %>" method="post">
-            <input type="hidden" name="authenticity_token" value="<%= tkn %>"/>
+            <%= csrf_tag %>
             <input class="btn btn-danger btn-xs" type="submit" name="delete" value="<%= t('Delete') %>" data-confirm="<%= t('AreYouSureDeleteQueue', :queue => h(queue.name)) %>" />
           </form>
         </td>

diff --git a/web/views/retries.erb b/web/views/retries.erb
@@ -12,7 +12,7 @@
 
 <% if @retries.size > 0 %>
   <form action="<%= root_path %>retries" method="post">
-    <input type="hidden" name="authenticity_token" value="<%= tkn %>"/>
+    <%= csrf_tag %>
     <div class="table_container">
       <table class="table table-striped table-bordered table-white">
         <thead>
@@ -61,11 +61,11 @@
   </form>
 
   <form action="<%= root_path %>retries/all/delete" method="post">
-    <input type="hidden" name="authenticity_token" value="<%= tkn %>"/>
+    <%= csrf_tag %>
     <input class="btn btn-danger btn-xs pull-right" type="submit" name="delete" value="<%= t('DeleteAll') %>" data-confirm="<%= t('AreYouSure') %>" />
   </form>
   <form action="<%= root_path %>retries/all/retry" method="post">
-    <input type="hidden" name="authenticity_token" value="<%= tkn %>"/>
+    <%= csrf_tag %>
     <input class="btn btn-danger btn-xs pull-right" type="submit" name="retry" value="<%= t('RetryAll') %>" data-confirm="<%= t('AreYouSure') %>" />
   </form>
 

diff --git a/web/views/retry.erb b/web/views/retry.erb
@@ -27,7 +27,7 @@
 </div>
 
 <form class="form-horizontal" action="<%= root_path %>retries/<%= job_params(@retry, @retry.score) %>" method="post">
-  <input type="hidden" name="authenticity_token" value="<%= tkn %>"/>
+  <%= csrf_tag %>
   <a class="btn btn-default" href="<%= root_path %>retries"><%= t('GoBack') %></a>
   <input class="btn btn-primary" type="submit" name="retry" value="<%= t('RetryNow') %>" />
   <input class="btn btn-danger" type="submit" name="delete" value="<%= t('Delete') %>" />

diff --git a/web/views/scheduled.erb b/web/views/scheduled.erb
@@ -13,7 +13,7 @@
 <% if @scheduled.size > 0 %>
 
   <form action="<%= root_path %>scheduled" method="post">
-    <input type="hidden" name="authenticity_token" value="<%= tkn %>"/>
+    <%= csrf_tag %>
     <div class="table_container">
       <table class="table table-striped table-bordered table-white">
         <thead>

diff --git a/web/views/scheduled_job_info.erb b/web/views/scheduled_job_info.erb
@@ -1,7 +1,7 @@
 <%= erb :_job_info, :locals => {:job => @job, :type => :scheduled} %>
 
 <form class="form-horizontal" action="<%= root_path %>scheduled/<%= job_params(@job, @job.score) %>" method="post">
-  <input type="hidden" name="authenticity_token" value="<%= tkn %>"/>
+  <%= csrf_tag %>
   <a class="btn btn-default" href="<%= root_path %>scheduled"><%= t('GoBack') %></a>
   <input class="btn btn-primary" type="submit" name="add_to_queue" value="<%= t('AddToQueue') %>" />
   <input class="btn btn-danger" type="submit" name="delete" value="<%= t('Delete') %>" />