diff --git a/client/coral-admin/src/actions/auth.js b/client/coral-admin/src/actions/auth.js
index 281f87409..8cc094d5f 100644
--- a/client/coral-admin/src/actions/auth.js
+++ b/client/coral-admin/src/actions/auth.js
@@ -12,7 +12,7 @@ export const checkLogin = () => dispatch => {
coralApi('/auth')
.then(result => {
if (result.csrfToken !== null) {
- dispatch(checkCSRFToken(result.csrfToken));
+ dispatch(check_csrf(result.csrfToken));
}
const isAdmin = !!result.user.roles.filter(i => i === 'admin').length;
@@ -22,7 +22,7 @@ export const checkLogin = () => dispatch => {
};
// Set CSRF Token
-export const checkCSRFToken = (csrfToken) => ({type: actions.CHECK_CSRF_TOKEN, csrfToken});
+export const check_csrf = (_csrf) => ({type: actions.CHECK_CSRF_TOKEN, _csrf});
// LogOut Actions
diff --git a/client/coral-admin/src/components/CommentBox.js b/client/coral-admin/src/components/CommentBox.js
index ff53d61b4..fc9e6c9ea 100644
--- a/client/coral-admin/src/components/CommentBox.js
+++ b/client/coral-admin/src/components/CommentBox.js
@@ -7,13 +7,13 @@ import {Button} from 'react-mdl';
export default class CommentBox extends React.Component {
constructor (props) {
super(props);
- this.state = {name: '', body: '', csrfToken: props.csrfToken};
+ this.state = {name: '', body: '', _csrf: props._csrf};
this.onSubmit = this.onSubmit.bind(this);
}
onSubmit () {
- const {name, body, csrfToken} = this.state;
- this.props.onSubmit({name, body, csrfToken});
+ const {name, body, _csrf} = this.state;
+ this.props.onSubmit({name, body, _csrf});
this.setState({body: '', name: ''});
}
diff --git a/client/coral-admin/src/containers/CommentStream/CommentStream.js b/client/coral-admin/src/containers/CommentStream/CommentStream.js
index ee8d0e512..3b16f6434 100644
--- a/client/coral-admin/src/containers/CommentStream/CommentStream.js
+++ b/client/coral-admin/src/containers/CommentStream/CommentStream.js
@@ -15,7 +15,7 @@ class CommentStream extends React.Component {
constructor (props) {
super(props);
console.log('PROPS IN COMMENTSTREAM ', props);
- this.state = {snackbar: false, snackbarMsg: '', csrfToken: props.csrfToken};
+ this.state = {snackbar: false, snackbarMsg: '', _csrf: props._csrf};
this.onSubmit = this.onSubmit.bind(this);
this.onClickAction = this.onClickAction.bind(this);
}
@@ -26,8 +26,8 @@ class CommentStream extends React.Component {
}
// Submit the new comment
- onSubmit (comment, csrfToken) {
- this.props.dispatch(createComment(comment.name, comment.body, csrfToken));
+ onSubmit (comment, _csrf) {
+ this.props.dispatch(createComment(comment.name, comment.body, _csrf));
}
// The only action for now is flagging
@@ -44,7 +44,7 @@ class CommentStream extends React.Component {
render ({comments, users}, {snackbar, snackbarMsg}) {
return (
-
+
+ _csrf={_csrf}/>
: {closedMessage}
}
- {!loggedIn && }
+ {!loggedIn && }
{
rootItem.comments && rootItem.comments.map((commentId) => {
const comment = comments[commentId];
@@ -205,7 +205,7 @@ class CommentStream extends Component {
premod={moderation}
currentUser={user}
charCount={charCountEnable && charCount}
- csrfToken={csrfToken}
+ _csrf={_csrf}
showReply={comment.showReply}/>
{
comment.children &&
@@ -266,7 +266,7 @@ class CommentStream extends Component {
banned={banned}
currentUser={user}
charCount={charCountEnable && charCount}
- csrfToken={csrfToken}
+ _csrf={_csrf}
showReply={reply.showReply}/>
;
})
@@ -319,7 +319,7 @@ const mapStateToProps = state => ({
const mapDispatchToProps = (dispatch) => ({
addItem: (item, item_id) => dispatch(addItem(item, item_id)),
updateItem: (id, property, value, itemType) => dispatch(updateItem(id, property, value, itemType)),
- postItem: (data, type, id, csrfToken) => dispatch(postItem(data, type, id, csrfToken)),
+ postItem: (data, type, id, _csrf) => dispatch(postItem(data, type, id, _csrf)),
getStream: (rootId) => dispatch(getStream(rootId)),
addNotification: (type, text) => dispatch(addNotification(type, text)),
clearNotification: () => dispatch(clearNotification()),
diff --git a/client/coral-framework/actions/auth.js b/client/coral-framework/actions/auth.js
index 1c58be02f..3a00de53f 100644
--- a/client/coral-framework/actions/auth.js
+++ b/client/coral-framework/actions/auth.js
@@ -27,7 +27,6 @@ export const fetchSignIn = (formData) => dispatch => {
dispatch(signInRequest());
coralApi('/auth/local', {method: 'POST', body: formData})
.then(({user}) => {
- console.log('DEBUG FORMDATA ', formData);
const isAdmin = !!user.roles.filter(i => i === 'admin').length;
dispatch(signInSuccess(user, isAdmin));
dispatch(hideSignInDialog());
@@ -75,6 +74,7 @@ const signUpFailure = error => ({type: actions.FETCH_SIGNUP_FAILURE, error});
export const fetchSignUp = formData => dispatch => {
dispatch(signUpRequest());
+
coralApi('/users', {method: 'POST', body: formData})
.then(({user}) => {
dispatch(signUpSuccess(user));
@@ -121,18 +121,15 @@ export const invalidForm = error => ({type: actions.INVALID_FORM, error});
const checkLoginRequest = () => ({type: actions.CHECK_LOGIN_REQUEST});
const checkLoginSuccess = (user, isAdmin) => ({type: actions.CHECK_LOGIN_SUCCESS, user, isAdmin});
const checkLoginFailure = error => ({type: actions.CHECK_LOGIN_FAILURE, error});
-const checkCSRFToken = (csrfToken) => ({type: actions.CHECK_CSRF_TOKEN, csrfToken});
+const checkCSRF = (_csrf) => ({type: actions.CHECK_CSRF_TOKEN, _csrf});
export const checkLogin = () => dispatch => {
dispatch(checkLoginRequest());
coralApi('/auth')
.then((result) => {
- console.log('debug 1 result ', result);
if (result.csrfToken !== null) {
- console.log('DEBUG 2 TOKEN', result.csrfToken);
- dispatch(checkCSRFToken(result.csrfToken));
+ dispatch(checkCSRF(result.csrfToken));
}
-
if (!result.user) {
throw new Error('Not logged in');
}
diff --git a/client/coral-framework/helpers/response.js b/client/coral-framework/helpers/response.js
index 1b4340dc4..4706a2821 100644
--- a/client/coral-framework/helpers/response.js
+++ b/client/coral-framework/helpers/response.js
@@ -12,6 +12,11 @@ const buildOptions = (inputOptions = {}) => {
};
const options = Object.assign({}, defaultOptions, inputOptions);
+ // // Add CSRF field to each POST.
+ // if (options.method.toLowerCase() === 'post') {
+ // options.body._csrf = 'futurecsrf';
+ // }
+
if (options.method.toLowerCase() !== 'get') {
options.body = JSON.stringify(options.body);
}
diff --git a/client/coral-framework/reducers/auth.js b/client/coral-framework/reducers/auth.js
index fc00bc68c..a003b20ed 100644
--- a/client/coral-framework/reducers/auth.js
+++ b/client/coral-framework/reducers/auth.js
@@ -12,7 +12,7 @@ const initialState = Map({
passwordRequestSuccess: null,
passwordRequestFailure: null,
successSignUp: false,
- csrfToken: ''
+ _csrf: ''
});
const purge = user => {
@@ -44,7 +44,7 @@ export default function auth (state = initialState, action) {
return initialState;
case actions.CHECK_CSRF_TOKEN:
return state
- .set('csrfToken', action.csrfToken);
+ .set('_csrf', action._csrf);
case actions.FETCH_SIGNIN_REQUEST:
return state
.set('isLoading', true);
diff --git a/client/coral-plugin-commentbox/CommentBox.js b/client/coral-plugin-commentbox/CommentBox.js
index 1d02df5bf..fe67b22e0 100644
--- a/client/coral-plugin-commentbox/CommentBox.js
+++ b/client/coral-plugin-commentbox/CommentBox.js
@@ -14,8 +14,7 @@ class CommentBox extends Component {
comments: PropTypes.array,
reply: PropTypes.bool,
canPost: PropTypes.bool,
- currentUser: PropTypes.object,
- csrfToken: PropTypes.string
+ currentUser: PropTypes.object
}
state = {
@@ -33,8 +32,7 @@ class CommentBox extends Component {
addNotification,
appendItemArray,
premod,
- author,
- csrfToken
+ author
} = this.props;
let comment = {
@@ -59,7 +57,7 @@ class CommentBox extends Component {
if (this.props.charCount && this.state.body.length > this.props.charCount) {
return;
}
- postItem(comment, 'comments', csrfToken)
+ postItem(comment, 'comments')
.then((postedComment) => {
const commentId = postedComment.id;
if (postedComment.status === 'rejected') {
diff --git a/client/coral-plugin-csrf/FormCSRFField.js b/client/coral-plugin-csrf/FormCSRFField.js
index 65432efb1..253291dab 100644
--- a/client/coral-plugin-csrf/FormCSRFField.js
+++ b/client/coral-plugin-csrf/FormCSRFField.js
@@ -1,7 +1,7 @@
import React from 'react';
const FormCSRFField = ({...props}) => (
-
+
);
export default FormCSRFField;
diff --git a/client/coral-sign-in/components/ForgotContent.js b/client/coral-sign-in/components/ForgotContent.js
index d17768479..fe373e957 100644
--- a/client/coral-sign-in/components/ForgotContent.js
+++ b/client/coral-sign-in/components/ForgotContent.js
@@ -18,7 +18,7 @@ class ForgotContent extends React.Component {
}
render () {
- const {changeView, auth, csrfToken} = this.props;
+ const {changeView, auth, _csrf} = this.props;
const {passwordRequestSuccess, passwordRequestFailure} = auth;
return (
@@ -28,7 +28,7 @@ class ForgotContent extends React.Component {