Sending the CSRF to the POST request.

This commit is contained in:
gaba
2016-12-23 13:52:45 -08:00
parent ac66a7bb0e
commit 6892ef85f8
7 changed files with 37 additions and 32 deletions
+5 -4
View File
@@ -33,10 +33,11 @@ export const fetchModerationQueueComments = () => {
};
// Create a new comment
export const createComment = (name, body, _csrf) => {
return dispatch => {
const comment = {body, name, _csrf};
return coralApi('/comments', {method: 'POST', comment})
export const createComment = (name, body) => {
return (dispatch, getState) => {
const comment = {body, name};
const _csrf = getState().auth.get('_csrf');
return coralApi('/comments', {method: 'POST', comment, _csrf: _csrf})
.then(res => dispatch({type: commentTypes.COMMENT_CREATE_SUCCESS, comment: res}))
.catch(error => dispatch({type: commentTypes.COMMENT_CREATE_FAILED, error}));
};
+7 -4
View File
@@ -41,15 +41,18 @@ export const newPage = () => ({
type: COMMENTERS_NEW_PAGE
});
export const setRole = (id, role) => dispatch => {
return coralApi(`/users/${id}/role`, {method: 'POST', body: {role}})
export const setRole = (id, role) => (dispatch, getState) => {
const _csrf = getState().auth.get('_csrf');
return coralApi(`/users/${id}/role`, {method: 'POST', body: {role}, _csrf: _csrf})
.then(() => {
return dispatch({type: SET_ROLE, id, role});
});
};
export const setCommenterStatus = (id, status) => dispatch => {
return coralApi(`/users/${id}/status`, {method: 'POST', body: {status}})
export const setCommenterStatus = (id, status) => (dispatch, getState) => {
const _csrf = getState().auth.get('_csrf');
return coralApi(`/users/${id}/status`, {method: 'POST', body: {status}, _csrf: _csrf})
.then(() => {
return dispatch({type: SET_COMMENTER_STATUS, id, status});
});
+3 -2
View File
@@ -6,9 +6,10 @@ import * as actions from '../constants/user';
*/
// change status of a user
export const userStatusUpdate = (status, userId, commentId) => {
return dispatch => {
return (dispatch, getState) => {
dispatch({type: actions.UPDATE_STATUS_REQUEST});
return coralApi(`/users/${userId}/status`, {method: 'POST', body: {status: status, comment_id: commentId}})
const _csrf = getState().auth.get('_csrf');
return coralApi(`/users/${userId}/status`, {method: 'POST', body: {status: status, comment_id: commentId}, _csrf: _csrf})
.then(res => dispatch({type: actions.UPDATE_STATUS_SUCCESS, res}))
.catch(error => dispatch({type: actions.UPDATE_STATUS_FAILURE, error}));
};
@@ -14,8 +14,7 @@ import CommentBox from 'components/CommentBox';
class CommentStream extends React.Component {
constructor (props) {
super(props);
console.log('PROPS IN COMMENTSTREAM ', props);
this.state = {snackbar: false, snackbarMsg: '', _csrf: props._csrf};
this.state = {snackbar: false, snackbarMsg: ''};
this.onSubmit = this.onSubmit.bind(this);
this.onClickAction = this.onClickAction.bind(this);
}
@@ -26,8 +25,8 @@ class CommentStream extends React.Component {
}
// Submit the new comment
onSubmit (comment, _csrf) {
this.props.dispatch(createComment(comment.name, comment.body, _csrf));
onSubmit (comment) {
this.props.dispatch(createComment(comment.name, comment.body));
}
// The only action for now is flagging
@@ -44,7 +43,7 @@ class CommentStream extends React.Component {
render ({comments, users}, {snackbar, snackbarMsg}) {
return (
<div className={styles.container}>
<CommentBox onSubmit={this.onSubmit} _csrf={this.state._csrf}/>
<CommentBox onSubmit={this.onSubmit}/>
<CommentList isActive hideActive
singleView={false}
commentIds={comments.ids}
@@ -96,7 +96,7 @@ class CommentStream extends Component {
const rootItem = this.props.items.assets && this.props.items.assets[rootItemId];
const {actions, users, comments} = this.props.items;
const {status, moderation, closedMessage, charCount, charCountEnable} = this.props.config;
const {loggedIn, isAdmin, user, showSignInDialog, signInOffset, _csrf} = this.props.auth;
const {loggedIn, isAdmin, user, showSignInDialog, signInOffset} = this.props.auth;
const {activeTab} = this.state;
const banned = (this.props.userData.status === 'banned');
@@ -133,13 +133,12 @@ class CommentStream extends Component {
currentUser={this.props.auth.user}
banned={banned}
author={user}
charCount={charCountEnable && charCount}
_csrf={_csrf}/>
charCount={charCountEnable && charCount}/>
</RestrictedContent>
</div>
: <p>{closedMessage}</p>
}
{!loggedIn && <SignInContainer offset={signInOffset} _csrf={_csrf}/>}
{!loggedIn && <SignInContainer offset={signInOffset}/>}
{
rootItem.comments && rootItem.comments.map((commentId) => {
const comment = comments[commentId];
@@ -205,7 +204,6 @@ class CommentStream extends Component {
premod={moderation}
currentUser={user}
charCount={charCountEnable && charCount}
_csrf={_csrf}
showReply={comment.showReply}/>
{
comment.children &&
@@ -266,7 +264,6 @@ class CommentStream extends Component {
banned={banned}
currentUser={user}
charCount={charCountEnable && charCount}
_csrf={_csrf}
showReply={reply.showReply}/>
</div>;
})
@@ -319,7 +316,7 @@ const mapStateToProps = state => ({
const mapDispatchToProps = (dispatch) => ({
addItem: (item, item_id) => dispatch(addItem(item, item_id)),
updateItem: (id, property, value, itemType) => dispatch(updateItem(id, property, value, itemType)),
postItem: (data, type, id, _csrf) => dispatch(postItem(data, type, id, _csrf)),
postItem: (data, type, id) => dispatch(postItem(data, type, id)),
getStream: (rootId) => dispatch(getStream(rootId)),
addNotification: (type, text) => dispatch(addNotification(type, text)),
clearNotification: () => dispatch(clearNotification()),
+10 -6
View File
@@ -23,9 +23,10 @@ const signInRequest = () => ({type: actions.FETCH_SIGNIN_REQUEST});
const signInSuccess = (user, isAdmin) => ({type: actions.FETCH_SIGNIN_SUCCESS, user, isAdmin});
const signInFailure = error => ({type: actions.FETCH_SIGNIN_FAILURE, error});
export const fetchSignIn = (formData) => dispatch => {
export const fetchSignIn = (formData) => (dispatch, getState) => {
dispatch(signInRequest());
coralApi('/auth/local', {method: 'POST', body: formData})
const _csrf = getState().auth.get('_csrf');
coralApi('/auth/local', {method: 'POST', body: formData, _csrf: _csrf})
.then(({user}) => {
const isAdmin = !!user.roles.filter(i => i === 'admin').length;
dispatch(signInSuccess(user, isAdmin));
@@ -72,10 +73,11 @@ const signUpRequest = () => ({type: actions.FETCH_SIGNUP_REQUEST});
const signUpSuccess = user => ({type: actions.FETCH_SIGNUP_SUCCESS, user});
const signUpFailure = error => ({type: actions.FETCH_SIGNUP_FAILURE, error});
export const fetchSignUp = formData => dispatch => {
export const fetchSignUp = formData => (dispatch, getState) => {
dispatch(signUpRequest());
coralApi('/users', {method: 'POST', body: formData})
const _csrf = getState().auth.get('_csrf');
coralApi('/users', {method: 'POST', body: formData, _csrf: _csrf})
.then(({user}) => {
dispatch(signUpSuccess(user));
setTimeout(() =>{
@@ -91,9 +93,11 @@ const forgotPassowordRequest = () => ({type: actions.FETCH_FORGOT_PASSWORD_REQUE
const forgotPassowordSuccess = () => ({type: actions.FETCH_FORGOT_PASSWORD_SUCCESS});
const forgotPassowordFailure = () => ({type: actions.FETCH_FORGOT_PASSWORD_FAILURE});
export const fetchForgotPassword = email => dispatch => {
export const fetchForgotPassword = email => (dispatch, getState) => {
dispatch(forgotPassowordRequest(email));
coralApi('/users/request-password-reset', {method: 'POST', body: {email}})
const _csrf = getState().auth.get('_csrf');
coralApi('/users/request-password-reset', {method: 'POST', body: {email}, _csrf: _csrf})
.then(() => dispatch(forgotPassowordSuccess()))
.catch(error => dispatch(forgotPassowordFailure(error)));
};
+4 -4
View File
@@ -12,10 +12,10 @@ const buildOptions = (inputOptions = {}) => {
};
const options = Object.assign({}, defaultOptions, inputOptions);
// // Add CSRF field to each POST.
// if (options.method.toLowerCase() === 'post') {
// options.body._csrf = 'futurecsrf';
// }
// Add CSRF field to each POST.
if (options.method.toLowerCase() === 'post' && options._csrf) {
options.body._csrf = options._csrf;
}
if (options.method.toLowerCase() !== 'get') {
options.body = JSON.stringify(options.body);