CSRF bugfix + ACL frontend started
This commit is contained in:
parent
bad08af314
commit
abaf2a9283
@ -120,7 +120,6 @@ class Request {
|
||||
return false;
|
||||
}
|
||||
|
||||
// TODO: Check this!
|
||||
if($this->externalCall) {
|
||||
$apiKeyAuthorized = false;
|
||||
|
||||
@ -136,16 +135,16 @@ class Request {
|
||||
header('HTTP 1.1 401 Unauthorized');
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
// CSRF Token
|
||||
if($this->csrfTokenRequired && !$apiKeyAuthorized) {
|
||||
// csrf token required + external call
|
||||
// if it's not a call with API_KEY, check for csrf_token
|
||||
if (!isset($values["csrf_token"]) || strcmp($values["csrf_token"], $this->user->getSession()->getCsrfToken()) !== 0) {
|
||||
$this->lastError = "CSRF-Token mismatch";
|
||||
header('HTTP 1.1 403 Forbidden');
|
||||
return false;
|
||||
// CSRF Token
|
||||
if($this->csrfTokenRequired && !$apiKeyAuthorized) {
|
||||
// csrf token required + external call
|
||||
// if it's not a call with API_KEY, check for csrf_token
|
||||
if (!isset($values["csrf_token"]) || strcmp($values["csrf_token"], $this->user->getSession()->getCsrfToken()) !== 0) {
|
||||
$this->lastError = "CSRF-Token mismatch";
|
||||
header('HTTP 1.1 403 Forbidden');
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
18
js/admin.min.js
vendored
18
js/admin.min.js
vendored
File diff suppressed because one or more lines are too long
@ -19,6 +19,7 @@ import Footer from "./footer";
|
||||
import EditUser from "./views/edituser";
|
||||
import CreateGroup from "./views/addgroup";
|
||||
import Settings from "./views/settings";
|
||||
import PermissionSettings from "./views/permissions";
|
||||
|
||||
class AdminDashboard extends React.Component {
|
||||
|
||||
@ -92,6 +93,7 @@ class AdminDashboard extends React.Component {
|
||||
let newProps = {...props, ...this.controlObj};
|
||||
return <EditUser {...newProps} />
|
||||
}}/>
|
||||
<Route path={"/admin/user/permissions"}><PermissionSettings {...this.controlObj}/></Route>
|
||||
<Route path={"/admin/group/add"}><CreateGroup {...this.controlObj} /></Route>
|
||||
<Route path={"/admin/logs"}><Logs {...this.controlObj} notifications={this.state.notifications} /></Route>
|
||||
<Route path={"/admin/settings"}><Settings {...this.controlObj} /></Route>
|
||||
|
@ -83,7 +83,7 @@ export default class Logs extends React.Component {
|
||||
for (let event of dates[date]) {
|
||||
let timeString = moment(event.timestamp).fromNow();
|
||||
elements.push(
|
||||
<div>
|
||||
<div key={"time-entry-" + event.uid}>
|
||||
<Icon icon={event.icon} className={"bg-" + color}/>
|
||||
<div className="timeline-item">
|
||||
<span className="time"><Icon icon={"clock"}/> {timeString}</span>
|
||||
|
49
src/src/views/permissions.js
Normal file
49
src/src/views/permissions.js
Normal file
@ -0,0 +1,49 @@
|
||||
import * as React from "react";
|
||||
import {Link} from "react-router-dom";
|
||||
import Icon from "../elements/icon";
|
||||
|
||||
export default class PermissionSettings extends React.Component {
|
||||
|
||||
constructor(props) {
|
||||
super(props);
|
||||
|
||||
this.state = {
|
||||
alerts: [],
|
||||
permissions: [],
|
||||
groups: {}
|
||||
}
|
||||
}
|
||||
|
||||
render() {
|
||||
return <>
|
||||
<div className="content-header">
|
||||
<div className="container-fluid">
|
||||
<div className="row mb-2">
|
||||
<div className="col-sm-6">
|
||||
<h1 className="m-0 text-dark">API Access Control</h1>
|
||||
</div>
|
||||
<div className="col-sm-6">
|
||||
<ol className="breadcrumb float-sm-right">
|
||||
<li className="breadcrumb-item"><Link to={"/admin/dashboard"}>Home</Link></li>
|
||||
<li className="breadcrumb-item"><Link to={"/admin/users"}>Users</Link></li>
|
||||
<li className="breadcrumb-item active">Permissions</li>
|
||||
</ol>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div className={"content"}>
|
||||
<div className={"row"}>
|
||||
<div className={"col-lg-6 pl-5 pr-5"}>
|
||||
<form>
|
||||
<Link to={"/admin/users"} className={"btn btn-info mt-2 mr-2"}>
|
||||
<Icon icon={"arrow-left"}/>
|
||||
Back
|
||||
</Link>
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</>;
|
||||
}
|
||||
};
|
@ -144,6 +144,14 @@ export default class UserOverview extends React.Component {
|
||||
{this.createGroupCard()}
|
||||
</div>
|
||||
</div>
|
||||
<div className={"row"}>
|
||||
<div className={"col-12"}>
|
||||
<Link to={"/admin/user/permissions"} className={"btn btn-primary"}>
|
||||
<Icon icon={"user-check"} className={"mr-2"}/>
|
||||
Edit Permissions
|
||||
</Link>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<ReactTooltip />
|
||||
|
Loading…
Reference in New Issue
Block a user