mirror of
https://github.com/wassname/talk.git
synced 2026-07-11 11:43:31 +08:00
Sending the CSRF to the POST request.
This commit is contained in:
@@ -33,10 +33,11 @@ export const fetchModerationQueueComments = () => {
|
||||
};
|
||||
|
||||
// Create a new comment
|
||||
export const createComment = (name, body, _csrf) => {
|
||||
return dispatch => {
|
||||
const comment = {body, name, _csrf};
|
||||
return coralApi('/comments', {method: 'POST', comment})
|
||||
export const createComment = (name, body) => {
|
||||
return (dispatch, getState) => {
|
||||
const comment = {body, name};
|
||||
const _csrf = getState().auth.get('_csrf');
|
||||
return coralApi('/comments', {method: 'POST', comment, _csrf: _csrf})
|
||||
.then(res => dispatch({type: commentTypes.COMMENT_CREATE_SUCCESS, comment: res}))
|
||||
.catch(error => dispatch({type: commentTypes.COMMENT_CREATE_FAILED, error}));
|
||||
};
|
||||
|
||||
@@ -41,15 +41,18 @@ export const newPage = () => ({
|
||||
type: COMMENTERS_NEW_PAGE
|
||||
});
|
||||
|
||||
export const setRole = (id, role) => dispatch => {
|
||||
return coralApi(`/users/${id}/role`, {method: 'POST', body: {role}})
|
||||
export const setRole = (id, role) => (dispatch, getState) => {
|
||||
|
||||
const _csrf = getState().auth.get('_csrf');
|
||||
return coralApi(`/users/${id}/role`, {method: 'POST', body: {role}, _csrf: _csrf})
|
||||
.then(() => {
|
||||
return dispatch({type: SET_ROLE, id, role});
|
||||
});
|
||||
};
|
||||
|
||||
export const setCommenterStatus = (id, status) => dispatch => {
|
||||
return coralApi(`/users/${id}/status`, {method: 'POST', body: {status}})
|
||||
export const setCommenterStatus = (id, status) => (dispatch, getState) => {
|
||||
const _csrf = getState().auth.get('_csrf');
|
||||
return coralApi(`/users/${id}/status`, {method: 'POST', body: {status}, _csrf: _csrf})
|
||||
.then(() => {
|
||||
return dispatch({type: SET_COMMENTER_STATUS, id, status});
|
||||
});
|
||||
|
||||
@@ -6,9 +6,10 @@ import * as actions from '../constants/user';
|
||||
*/
|
||||
// change status of a user
|
||||
export const userStatusUpdate = (status, userId, commentId) => {
|
||||
return dispatch => {
|
||||
return (dispatch, getState) => {
|
||||
dispatch({type: actions.UPDATE_STATUS_REQUEST});
|
||||
return coralApi(`/users/${userId}/status`, {method: 'POST', body: {status: status, comment_id: commentId}})
|
||||
const _csrf = getState().auth.get('_csrf');
|
||||
return coralApi(`/users/${userId}/status`, {method: 'POST', body: {status: status, comment_id: commentId}, _csrf: _csrf})
|
||||
.then(res => dispatch({type: actions.UPDATE_STATUS_SUCCESS, res}))
|
||||
.catch(error => dispatch({type: actions.UPDATE_STATUS_FAILURE, error}));
|
||||
};
|
||||
|
||||
@@ -14,8 +14,7 @@ import CommentBox from 'components/CommentBox';
|
||||
class CommentStream extends React.Component {
|
||||
constructor (props) {
|
||||
super(props);
|
||||
console.log('PROPS IN COMMENTSTREAM ', props);
|
||||
this.state = {snackbar: false, snackbarMsg: '', _csrf: props._csrf};
|
||||
this.state = {snackbar: false, snackbarMsg: ''};
|
||||
this.onSubmit = this.onSubmit.bind(this);
|
||||
this.onClickAction = this.onClickAction.bind(this);
|
||||
}
|
||||
@@ -26,8 +25,8 @@ class CommentStream extends React.Component {
|
||||
}
|
||||
|
||||
// Submit the new comment
|
||||
onSubmit (comment, _csrf) {
|
||||
this.props.dispatch(createComment(comment.name, comment.body, _csrf));
|
||||
onSubmit (comment) {
|
||||
this.props.dispatch(createComment(comment.name, comment.body));
|
||||
}
|
||||
|
||||
// The only action for now is flagging
|
||||
@@ -44,7 +43,7 @@ class CommentStream extends React.Component {
|
||||
render ({comments, users}, {snackbar, snackbarMsg}) {
|
||||
return (
|
||||
<div className={styles.container}>
|
||||
<CommentBox onSubmit={this.onSubmit} _csrf={this.state._csrf}/>
|
||||
<CommentBox onSubmit={this.onSubmit}/>
|
||||
<CommentList isActive hideActive
|
||||
singleView={false}
|
||||
commentIds={comments.ids}
|
||||
|
||||
@@ -96,7 +96,7 @@ class CommentStream extends Component {
|
||||
const rootItem = this.props.items.assets && this.props.items.assets[rootItemId];
|
||||
const {actions, users, comments} = this.props.items;
|
||||
const {status, moderation, closedMessage, charCount, charCountEnable} = this.props.config;
|
||||
const {loggedIn, isAdmin, user, showSignInDialog, signInOffset, _csrf} = this.props.auth;
|
||||
const {loggedIn, isAdmin, user, showSignInDialog, signInOffset} = this.props.auth;
|
||||
const {activeTab} = this.state;
|
||||
const banned = (this.props.userData.status === 'banned');
|
||||
|
||||
@@ -133,13 +133,12 @@ class CommentStream extends Component {
|
||||
currentUser={this.props.auth.user}
|
||||
banned={banned}
|
||||
author={user}
|
||||
charCount={charCountEnable && charCount}
|
||||
_csrf={_csrf}/>
|
||||
charCount={charCountEnable && charCount}/>
|
||||
</RestrictedContent>
|
||||
</div>
|
||||
: <p>{closedMessage}</p>
|
||||
}
|
||||
{!loggedIn && <SignInContainer offset={signInOffset} _csrf={_csrf}/>}
|
||||
{!loggedIn && <SignInContainer offset={signInOffset}/>}
|
||||
{
|
||||
rootItem.comments && rootItem.comments.map((commentId) => {
|
||||
const comment = comments[commentId];
|
||||
@@ -205,7 +204,6 @@ class CommentStream extends Component {
|
||||
premod={moderation}
|
||||
currentUser={user}
|
||||
charCount={charCountEnable && charCount}
|
||||
_csrf={_csrf}
|
||||
showReply={comment.showReply}/>
|
||||
{
|
||||
comment.children &&
|
||||
@@ -266,7 +264,6 @@ class CommentStream extends Component {
|
||||
banned={banned}
|
||||
currentUser={user}
|
||||
charCount={charCountEnable && charCount}
|
||||
_csrf={_csrf}
|
||||
showReply={reply.showReply}/>
|
||||
</div>;
|
||||
})
|
||||
@@ -319,7 +316,7 @@ const mapStateToProps = state => ({
|
||||
const mapDispatchToProps = (dispatch) => ({
|
||||
addItem: (item, item_id) => dispatch(addItem(item, item_id)),
|
||||
updateItem: (id, property, value, itemType) => dispatch(updateItem(id, property, value, itemType)),
|
||||
postItem: (data, type, id, _csrf) => dispatch(postItem(data, type, id, _csrf)),
|
||||
postItem: (data, type, id) => dispatch(postItem(data, type, id)),
|
||||
getStream: (rootId) => dispatch(getStream(rootId)),
|
||||
addNotification: (type, text) => dispatch(addNotification(type, text)),
|
||||
clearNotification: () => dispatch(clearNotification()),
|
||||
|
||||
@@ -23,9 +23,10 @@ const signInRequest = () => ({type: actions.FETCH_SIGNIN_REQUEST});
|
||||
const signInSuccess = (user, isAdmin) => ({type: actions.FETCH_SIGNIN_SUCCESS, user, isAdmin});
|
||||
const signInFailure = error => ({type: actions.FETCH_SIGNIN_FAILURE, error});
|
||||
|
||||
export const fetchSignIn = (formData) => dispatch => {
|
||||
export const fetchSignIn = (formData) => (dispatch, getState) => {
|
||||
dispatch(signInRequest());
|
||||
coralApi('/auth/local', {method: 'POST', body: formData})
|
||||
const _csrf = getState().auth.get('_csrf');
|
||||
coralApi('/auth/local', {method: 'POST', body: formData, _csrf: _csrf})
|
||||
.then(({user}) => {
|
||||
const isAdmin = !!user.roles.filter(i => i === 'admin').length;
|
||||
dispatch(signInSuccess(user, isAdmin));
|
||||
@@ -72,10 +73,11 @@ const signUpRequest = () => ({type: actions.FETCH_SIGNUP_REQUEST});
|
||||
const signUpSuccess = user => ({type: actions.FETCH_SIGNUP_SUCCESS, user});
|
||||
const signUpFailure = error => ({type: actions.FETCH_SIGNUP_FAILURE, error});
|
||||
|
||||
export const fetchSignUp = formData => dispatch => {
|
||||
export const fetchSignUp = formData => (dispatch, getState) => {
|
||||
dispatch(signUpRequest());
|
||||
|
||||
coralApi('/users', {method: 'POST', body: formData})
|
||||
const _csrf = getState().auth.get('_csrf');
|
||||
coralApi('/users', {method: 'POST', body: formData, _csrf: _csrf})
|
||||
.then(({user}) => {
|
||||
dispatch(signUpSuccess(user));
|
||||
setTimeout(() =>{
|
||||
@@ -91,9 +93,11 @@ const forgotPassowordRequest = () => ({type: actions.FETCH_FORGOT_PASSWORD_REQUE
|
||||
const forgotPassowordSuccess = () => ({type: actions.FETCH_FORGOT_PASSWORD_SUCCESS});
|
||||
const forgotPassowordFailure = () => ({type: actions.FETCH_FORGOT_PASSWORD_FAILURE});
|
||||
|
||||
export const fetchForgotPassword = email => dispatch => {
|
||||
export const fetchForgotPassword = email => (dispatch, getState) => {
|
||||
dispatch(forgotPassowordRequest(email));
|
||||
coralApi('/users/request-password-reset', {method: 'POST', body: {email}})
|
||||
|
||||
const _csrf = getState().auth.get('_csrf');
|
||||
coralApi('/users/request-password-reset', {method: 'POST', body: {email}, _csrf: _csrf})
|
||||
.then(() => dispatch(forgotPassowordSuccess()))
|
||||
.catch(error => dispatch(forgotPassowordFailure(error)));
|
||||
};
|
||||
|
||||
@@ -12,10 +12,10 @@ const buildOptions = (inputOptions = {}) => {
|
||||
};
|
||||
const options = Object.assign({}, defaultOptions, inputOptions);
|
||||
|
||||
// // Add CSRF field to each POST.
|
||||
// if (options.method.toLowerCase() === 'post') {
|
||||
// options.body._csrf = 'futurecsrf';
|
||||
// }
|
||||
// Add CSRF field to each POST.
|
||||
if (options.method.toLowerCase() === 'post' && options._csrf) {
|
||||
options.body._csrf = options._csrf;
|
||||
}
|
||||
|
||||
if (options.method.toLowerCase() !== 'get') {
|
||||
options.body = JSON.stringify(options.body);
|
||||
|
||||
Reference in New Issue
Block a user