diff options
author | Daniel Schalla <daniel@schalla.me> | 2018-08-02 00:16:04 +0200 |
---|---|---|
committer | Christopher Speller <crspeller@gmail.com> | 2018-08-01 15:16:04 -0700 |
commit | 2936dc87d074e6d83147c9e6cf4ae8bac4e4af8d (patch) | |
tree | 2e843f8fdf8382b13fe0a902e7b6183f1f4475bd /model | |
parent | 90e84d76efa775cdf7c54363218bf6817cd1bf33 (diff) | |
download | chat-2936dc87d074e6d83147c9e6cf4ae8bac4e4af8d.tar.gz chat-2936dc87d074e6d83147c9e6cf4ae8bac4e4af8d.tar.bz2 chat-2936dc87d074e6d83147c9e6cf4ae8bac4e4af8d.zip |
CSRF Token Implementation for Plugins (#9192)
deleted test config
fix test config
Dont wipe the session token for plugins
Simplified Tokens; Generate CSRF for other sessions
Remove CSRF from Access Token; Remove Getter/Setter from Context
fix removed setter
remove getcsrf helper from plugin api
enforce csrf only for cookie auth
Diffstat (limited to 'model')
-rw-r--r-- | model/session.go | 14 | ||||
-rw-r--r-- | model/session_test.go | 15 |
2 files changed, 29 insertions, 0 deletions
diff --git a/model/session.go b/model/session.go index 7c6bbe06d..d59e9b183 100644 --- a/model/session.go +++ b/model/session.go @@ -135,6 +135,20 @@ func (me *Session) GetUserRoles() []string { return strings.Fields(me.Roles) } +func (me *Session) GenerateCSRF() string { + token := NewId() + me.AddProp("csrf", token) + return token +} + +func (me *Session) GetCSRF() string { + if me.Props == nil { + return "" + } + + return me.Props["csrf"] +} + func SessionsToJson(o []*Session) string { if b, err := json.Marshal(o); err != nil { return "[]" diff --git a/model/session_test.go b/model/session_test.go index 5f4a4730d..bf32d2f09 100644 --- a/model/session_test.go +++ b/model/session_test.go @@ -63,3 +63,18 @@ func TestSessionJson(t *testing.T) { session.SetExpireInDays(10) } + +func TestSessionCSRF(t *testing.T) { + s := Session{} + token := s.GetCSRF() + assert.Empty(t, token) + + token = s.GenerateCSRF() + assert.NotEmpty(t, token) + + token2 := s.GetCSRF() + assert.NotEmpty(t, token2) + assert.Equal(t, token, token2) +} + + |