diff --git a/client/coral-admin/src/actions/auth.js b/client/coral-admin/src/actions/auth.js index 281f87409..8cc094d5f 100644 --- a/client/coral-admin/src/actions/auth.js +++ b/client/coral-admin/src/actions/auth.js @@ -12,7 +12,7 @@ export const checkLogin = () => dispatch => { coralApi('/auth') .then(result => { if (result.csrfToken !== null) { - dispatch(checkCSRFToken(result.csrfToken)); + dispatch(check_csrf(result.csrfToken)); } const isAdmin = !!result.user.roles.filter(i => i === 'admin').length; @@ -22,7 +22,7 @@ export const checkLogin = () => dispatch => { }; // Set CSRF Token -export const checkCSRFToken = (csrfToken) => ({type: actions.CHECK_CSRF_TOKEN, csrfToken}); +export const check_csrf = (_csrf) => ({type: actions.CHECK_CSRF_TOKEN, _csrf}); // LogOut Actions diff --git a/client/coral-admin/src/components/CommentBox.js b/client/coral-admin/src/components/CommentBox.js index ff53d61b4..fc9e6c9ea 100644 --- a/client/coral-admin/src/components/CommentBox.js +++ b/client/coral-admin/src/components/CommentBox.js @@ -7,13 +7,13 @@ import {Button} from 'react-mdl'; export default class CommentBox extends React.Component { constructor (props) { super(props); - this.state = {name: '', body: '', csrfToken: props.csrfToken}; + this.state = {name: '', body: '', _csrf: props._csrf}; this.onSubmit = this.onSubmit.bind(this); } onSubmit () { - const {name, body, csrfToken} = this.state; - this.props.onSubmit({name, body, csrfToken}); + const {name, body, _csrf} = this.state; + this.props.onSubmit({name, body, _csrf}); this.setState({body: '', name: ''}); } diff --git a/client/coral-admin/src/containers/CommentStream/CommentStream.js b/client/coral-admin/src/containers/CommentStream/CommentStream.js index ee8d0e512..3b16f6434 100644 --- a/client/coral-admin/src/containers/CommentStream/CommentStream.js +++ b/client/coral-admin/src/containers/CommentStream/CommentStream.js @@ -15,7 +15,7 @@ class CommentStream extends React.Component { constructor (props) { super(props); console.log('PROPS IN COMMENTSTREAM ', props); - this.state = {snackbar: false, snackbarMsg: '', csrfToken: props.csrfToken}; + this.state = {snackbar: false, snackbarMsg: '', _csrf: props._csrf}; this.onSubmit = this.onSubmit.bind(this); this.onClickAction = this.onClickAction.bind(this); } @@ -26,8 +26,8 @@ class CommentStream extends React.Component { } // Submit the new comment - onSubmit (comment, csrfToken) { - this.props.dispatch(createComment(comment.name, comment.body, csrfToken)); + onSubmit (comment, _csrf) { + this.props.dispatch(createComment(comment.name, comment.body, _csrf)); } // The only action for now is flagging @@ -44,7 +44,7 @@ class CommentStream extends React.Component { render ({comments, users}, {snackbar, snackbarMsg}) { return (
- + + _csrf={_csrf}/>
:

{closedMessage}

} - {!loggedIn && } + {!loggedIn && } { rootItem.comments && rootItem.comments.map((commentId) => { const comment = comments[commentId]; @@ -205,7 +205,7 @@ class CommentStream extends Component { premod={moderation} currentUser={user} charCount={charCountEnable && charCount} - csrfToken={csrfToken} + _csrf={_csrf} showReply={comment.showReply}/> { comment.children && @@ -266,7 +266,7 @@ class CommentStream extends Component { banned={banned} currentUser={user} charCount={charCountEnable && charCount} - csrfToken={csrfToken} + _csrf={_csrf} showReply={reply.showReply}/> ; }) @@ -319,7 +319,7 @@ const mapStateToProps = state => ({ const mapDispatchToProps = (dispatch) => ({ addItem: (item, item_id) => dispatch(addItem(item, item_id)), updateItem: (id, property, value, itemType) => dispatch(updateItem(id, property, value, itemType)), - postItem: (data, type, id, csrfToken) => dispatch(postItem(data, type, id, csrfToken)), + postItem: (data, type, id, _csrf) => dispatch(postItem(data, type, id, _csrf)), getStream: (rootId) => dispatch(getStream(rootId)), addNotification: (type, text) => dispatch(addNotification(type, text)), clearNotification: () => dispatch(clearNotification()), diff --git a/client/coral-framework/actions/auth.js b/client/coral-framework/actions/auth.js index 1c58be02f..3a00de53f 100644 --- a/client/coral-framework/actions/auth.js +++ b/client/coral-framework/actions/auth.js @@ -27,7 +27,6 @@ export const fetchSignIn = (formData) => dispatch => { dispatch(signInRequest()); coralApi('/auth/local', {method: 'POST', body: formData}) .then(({user}) => { - console.log('DEBUG FORMDATA ', formData); const isAdmin = !!user.roles.filter(i => i === 'admin').length; dispatch(signInSuccess(user, isAdmin)); dispatch(hideSignInDialog()); @@ -75,6 +74,7 @@ const signUpFailure = error => ({type: actions.FETCH_SIGNUP_FAILURE, error}); export const fetchSignUp = formData => dispatch => { dispatch(signUpRequest()); + coralApi('/users', {method: 'POST', body: formData}) .then(({user}) => { dispatch(signUpSuccess(user)); @@ -121,18 +121,15 @@ export const invalidForm = error => ({type: actions.INVALID_FORM, error}); const checkLoginRequest = () => ({type: actions.CHECK_LOGIN_REQUEST}); const checkLoginSuccess = (user, isAdmin) => ({type: actions.CHECK_LOGIN_SUCCESS, user, isAdmin}); const checkLoginFailure = error => ({type: actions.CHECK_LOGIN_FAILURE, error}); -const checkCSRFToken = (csrfToken) => ({type: actions.CHECK_CSRF_TOKEN, csrfToken}); +const checkCSRF = (_csrf) => ({type: actions.CHECK_CSRF_TOKEN, _csrf}); export const checkLogin = () => dispatch => { dispatch(checkLoginRequest()); coralApi('/auth') .then((result) => { - console.log('debug 1 result ', result); if (result.csrfToken !== null) { - console.log('DEBUG 2 TOKEN', result.csrfToken); - dispatch(checkCSRFToken(result.csrfToken)); + dispatch(checkCSRF(result.csrfToken)); } - if (!result.user) { throw new Error('Not logged in'); } diff --git a/client/coral-framework/helpers/response.js b/client/coral-framework/helpers/response.js index 1b4340dc4..4706a2821 100644 --- a/client/coral-framework/helpers/response.js +++ b/client/coral-framework/helpers/response.js @@ -12,6 +12,11 @@ const buildOptions = (inputOptions = {}) => { }; const options = Object.assign({}, defaultOptions, inputOptions); + // // Add CSRF field to each POST. + // if (options.method.toLowerCase() === 'post') { + // options.body._csrf = 'futurecsrf'; + // } + if (options.method.toLowerCase() !== 'get') { options.body = JSON.stringify(options.body); } diff --git a/client/coral-framework/reducers/auth.js b/client/coral-framework/reducers/auth.js index fc00bc68c..a003b20ed 100644 --- a/client/coral-framework/reducers/auth.js +++ b/client/coral-framework/reducers/auth.js @@ -12,7 +12,7 @@ const initialState = Map({ passwordRequestSuccess: null, passwordRequestFailure: null, successSignUp: false, - csrfToken: '' + _csrf: '' }); const purge = user => { @@ -44,7 +44,7 @@ export default function auth (state = initialState, action) { return initialState; case actions.CHECK_CSRF_TOKEN: return state - .set('csrfToken', action.csrfToken); + .set('_csrf', action._csrf); case actions.FETCH_SIGNIN_REQUEST: return state .set('isLoading', true); diff --git a/client/coral-plugin-commentbox/CommentBox.js b/client/coral-plugin-commentbox/CommentBox.js index 1d02df5bf..fe67b22e0 100644 --- a/client/coral-plugin-commentbox/CommentBox.js +++ b/client/coral-plugin-commentbox/CommentBox.js @@ -14,8 +14,7 @@ class CommentBox extends Component { comments: PropTypes.array, reply: PropTypes.bool, canPost: PropTypes.bool, - currentUser: PropTypes.object, - csrfToken: PropTypes.string + currentUser: PropTypes.object } state = { @@ -33,8 +32,7 @@ class CommentBox extends Component { addNotification, appendItemArray, premod, - author, - csrfToken + author } = this.props; let comment = { @@ -59,7 +57,7 @@ class CommentBox extends Component { if (this.props.charCount && this.state.body.length > this.props.charCount) { return; } - postItem(comment, 'comments', csrfToken) + postItem(comment, 'comments') .then((postedComment) => { const commentId = postedComment.id; if (postedComment.status === 'rejected') { diff --git a/client/coral-plugin-csrf/FormCSRFField.js b/client/coral-plugin-csrf/FormCSRFField.js index 65432efb1..253291dab 100644 --- a/client/coral-plugin-csrf/FormCSRFField.js +++ b/client/coral-plugin-csrf/FormCSRFField.js @@ -1,7 +1,7 @@ import React from 'react'; const FormCSRFField = ({...props}) => ( - + ); export default FormCSRFField; diff --git a/client/coral-sign-in/components/ForgotContent.js b/client/coral-sign-in/components/ForgotContent.js index d17768479..fe373e957 100644 --- a/client/coral-sign-in/components/ForgotContent.js +++ b/client/coral-sign-in/components/ForgotContent.js @@ -18,7 +18,7 @@ class ForgotContent extends React.Component { } render () { - const {changeView, auth, csrfToken} = this.props; + const {changeView, auth, _csrf} = this.props; const {passwordRequestSuccess, passwordRequestFailure} = auth; return ( @@ -28,7 +28,7 @@ class ForgotContent extends React.Component {
diff --git a/client/coral-sign-in/components/SignInContent.js b/client/coral-sign-in/components/SignInContent.js index b4ba1b2f9..de5e77a49 100644 --- a/client/coral-sign-in/components/SignInContent.js +++ b/client/coral-sign-in/components/SignInContent.js @@ -1,7 +1,6 @@ import React from 'react'; import Button from 'coral-ui/components/Button'; import FormField from './FormField'; -import FormCSRFField from 'coral-plugin-csrf/FormCSRFField'; import Alert from './Alert'; import Spinner from 'coral-ui/components/Spinner'; import styles from './styles.css'; @@ -28,9 +27,6 @@ const SignInContent = ({handleChange, formData, ...props}) => (
{ props.auth.error && {props.auth.error} } - ( { props.auth.error && {props.auth.error} } - {!noButton &&