From 6892ef85f8569f97dd1a33cdb4b8d84ed3fd89b9 Mon Sep 17 00:00:00 2001 From: gaba Date: Fri, 23 Dec 2016 13:52:45 -0800 Subject: [PATCH] Sending the CSRF to the POST request. --- client/coral-admin/src/actions/comments.js | 9 +++++---- client/coral-admin/src/actions/community.js | 11 +++++++---- client/coral-admin/src/actions/users.js | 5 +++-- .../containers/CommentStream/CommentStream.js | 9 ++++----- client/coral-embed-stream/src/CommentStream.js | 11 ++++------- client/coral-framework/actions/auth.js | 16 ++++++++++------ client/coral-framework/helpers/response.js | 8 ++++---- 7 files changed, 37 insertions(+), 32 deletions(-) diff --git a/client/coral-admin/src/actions/comments.js b/client/coral-admin/src/actions/comments.js index 141156d4f..5dd8262aa 100644 --- a/client/coral-admin/src/actions/comments.js +++ b/client/coral-admin/src/actions/comments.js @@ -33,10 +33,11 @@ export const fetchModerationQueueComments = () => { }; // Create a new comment -export const createComment = (name, body, _csrf) => { - return dispatch => { - const comment = {body, name, _csrf}; - return coralApi('/comments', {method: 'POST', comment}) +export const createComment = (name, body) => { + return (dispatch, getState) => { + const comment = {body, name}; + const _csrf = getState().auth.get('_csrf'); + return coralApi('/comments', {method: 'POST', comment, _csrf: _csrf}) .then(res => dispatch({type: commentTypes.COMMENT_CREATE_SUCCESS, comment: res})) .catch(error => dispatch({type: commentTypes.COMMENT_CREATE_FAILED, error})); }; diff --git a/client/coral-admin/src/actions/community.js b/client/coral-admin/src/actions/community.js index c4712835a..35ba11fac 100644 --- a/client/coral-admin/src/actions/community.js +++ b/client/coral-admin/src/actions/community.js @@ -41,15 +41,18 @@ export const newPage = () => ({ type: COMMENTERS_NEW_PAGE }); -export const setRole = (id, role) => dispatch => { - return coralApi(`/users/${id}/role`, {method: 'POST', body: {role}}) +export const setRole = (id, role) => (dispatch, getState) => { + + const _csrf = getState().auth.get('_csrf'); + return coralApi(`/users/${id}/role`, {method: 'POST', body: {role}, _csrf: _csrf}) .then(() => { return dispatch({type: SET_ROLE, id, role}); }); }; -export const setCommenterStatus = (id, status) => dispatch => { - return coralApi(`/users/${id}/status`, {method: 'POST', body: {status}}) +export const setCommenterStatus = (id, status) => (dispatch, getState) => { + const _csrf = getState().auth.get('_csrf'); + return coralApi(`/users/${id}/status`, {method: 'POST', body: {status}, _csrf: _csrf}) .then(() => { return dispatch({type: SET_COMMENTER_STATUS, id, status}); }); diff --git a/client/coral-admin/src/actions/users.js b/client/coral-admin/src/actions/users.js index bc42a7a4c..e570be292 100644 --- a/client/coral-admin/src/actions/users.js +++ b/client/coral-admin/src/actions/users.js @@ -6,9 +6,10 @@ import * as actions from '../constants/user'; */ // change status of a user export const userStatusUpdate = (status, userId, commentId) => { - return dispatch => { + return (dispatch, getState) => { dispatch({type: actions.UPDATE_STATUS_REQUEST}); - return coralApi(`/users/${userId}/status`, {method: 'POST', body: {status: status, comment_id: commentId}}) + const _csrf = getState().auth.get('_csrf'); + return coralApi(`/users/${userId}/status`, {method: 'POST', body: {status: status, comment_id: commentId}, _csrf: _csrf}) .then(res => dispatch({type: actions.UPDATE_STATUS_SUCCESS, res})) .catch(error => dispatch({type: actions.UPDATE_STATUS_FAILURE, error})); }; diff --git a/client/coral-admin/src/containers/CommentStream/CommentStream.js b/client/coral-admin/src/containers/CommentStream/CommentStream.js index 3b16f6434..ca5f6b398 100644 --- a/client/coral-admin/src/containers/CommentStream/CommentStream.js +++ b/client/coral-admin/src/containers/CommentStream/CommentStream.js @@ -14,8 +14,7 @@ import CommentBox from 'components/CommentBox'; class CommentStream extends React.Component { constructor (props) { super(props); - console.log('PROPS IN COMMENTSTREAM ', props); - this.state = {snackbar: false, snackbarMsg: '', _csrf: props._csrf}; + this.state = {snackbar: false, snackbarMsg: ''}; this.onSubmit = this.onSubmit.bind(this); this.onClickAction = this.onClickAction.bind(this); } @@ -26,8 +25,8 @@ class CommentStream extends React.Component { } // Submit the new comment - onSubmit (comment, _csrf) { - this.props.dispatch(createComment(comment.name, comment.body, _csrf)); + onSubmit (comment) { + this.props.dispatch(createComment(comment.name, comment.body)); } // The only action for now is flagging @@ -44,7 +43,7 @@ class CommentStream extends React.Component { render ({comments, users}, {snackbar, snackbarMsg}) { return (
- + + charCount={charCountEnable && charCount}/>
:

{closedMessage}

} - {!loggedIn && } + {!loggedIn && } { rootItem.comments && rootItem.comments.map((commentId) => { const comment = comments[commentId]; @@ -205,7 +204,6 @@ class CommentStream extends Component { premod={moderation} currentUser={user} charCount={charCountEnable && charCount} - _csrf={_csrf} showReply={comment.showReply}/> { comment.children && @@ -266,7 +264,6 @@ class CommentStream extends Component { banned={banned} currentUser={user} charCount={charCountEnable && charCount} - _csrf={_csrf} showReply={reply.showReply}/> ; }) @@ -319,7 +316,7 @@ const mapStateToProps = state => ({ const mapDispatchToProps = (dispatch) => ({ addItem: (item, item_id) => dispatch(addItem(item, item_id)), updateItem: (id, property, value, itemType) => dispatch(updateItem(id, property, value, itemType)), - postItem: (data, type, id, _csrf) => dispatch(postItem(data, type, id, _csrf)), + postItem: (data, type, id) => dispatch(postItem(data, type, id)), getStream: (rootId) => dispatch(getStream(rootId)), addNotification: (type, text) => dispatch(addNotification(type, text)), clearNotification: () => dispatch(clearNotification()), diff --git a/client/coral-framework/actions/auth.js b/client/coral-framework/actions/auth.js index 3a00de53f..28e4a6a3c 100644 --- a/client/coral-framework/actions/auth.js +++ b/client/coral-framework/actions/auth.js @@ -23,9 +23,10 @@ const signInRequest = () => ({type: actions.FETCH_SIGNIN_REQUEST}); const signInSuccess = (user, isAdmin) => ({type: actions.FETCH_SIGNIN_SUCCESS, user, isAdmin}); const signInFailure = error => ({type: actions.FETCH_SIGNIN_FAILURE, error}); -export const fetchSignIn = (formData) => dispatch => { +export const fetchSignIn = (formData) => (dispatch, getState) => { dispatch(signInRequest()); - coralApi('/auth/local', {method: 'POST', body: formData}) + const _csrf = getState().auth.get('_csrf'); + coralApi('/auth/local', {method: 'POST', body: formData, _csrf: _csrf}) .then(({user}) => { const isAdmin = !!user.roles.filter(i => i === 'admin').length; dispatch(signInSuccess(user, isAdmin)); @@ -72,10 +73,11 @@ const signUpRequest = () => ({type: actions.FETCH_SIGNUP_REQUEST}); const signUpSuccess = user => ({type: actions.FETCH_SIGNUP_SUCCESS, user}); const signUpFailure = error => ({type: actions.FETCH_SIGNUP_FAILURE, error}); -export const fetchSignUp = formData => dispatch => { +export const fetchSignUp = formData => (dispatch, getState) => { dispatch(signUpRequest()); - coralApi('/users', {method: 'POST', body: formData}) + const _csrf = getState().auth.get('_csrf'); + coralApi('/users', {method: 'POST', body: formData, _csrf: _csrf}) .then(({user}) => { dispatch(signUpSuccess(user)); setTimeout(() =>{ @@ -91,9 +93,11 @@ const forgotPassowordRequest = () => ({type: actions.FETCH_FORGOT_PASSWORD_REQUE const forgotPassowordSuccess = () => ({type: actions.FETCH_FORGOT_PASSWORD_SUCCESS}); const forgotPassowordFailure = () => ({type: actions.FETCH_FORGOT_PASSWORD_FAILURE}); -export const fetchForgotPassword = email => dispatch => { +export const fetchForgotPassword = email => (dispatch, getState) => { dispatch(forgotPassowordRequest(email)); - coralApi('/users/request-password-reset', {method: 'POST', body: {email}}) + + const _csrf = getState().auth.get('_csrf'); + coralApi('/users/request-password-reset', {method: 'POST', body: {email}, _csrf: _csrf}) .then(() => dispatch(forgotPassowordSuccess())) .catch(error => dispatch(forgotPassowordFailure(error))); }; diff --git a/client/coral-framework/helpers/response.js b/client/coral-framework/helpers/response.js index 4706a2821..d8bfd28c4 100644 --- a/client/coral-framework/helpers/response.js +++ b/client/coral-framework/helpers/response.js @@ -12,10 +12,10 @@ const buildOptions = (inputOptions = {}) => { }; const options = Object.assign({}, defaultOptions, inputOptions); - // // Add CSRF field to each POST. - // if (options.method.toLowerCase() === 'post') { - // options.body._csrf = 'futurecsrf'; - // } + // Add CSRF field to each POST. + if (options.method.toLowerCase() === 'post' && options._csrf) { + options.body._csrf = options._csrf; + } if (options.method.toLowerCase() !== 'get') { options.body = JSON.stringify(options.body);