diff options
author | Daniel Schalla <daniel@schalla.me> | 2018-08-02 00:16:04 +0200 |
---|---|---|
committer | Christopher Speller <crspeller@gmail.com> | 2018-08-01 15:16:04 -0700 |
commit | 2936dc87d074e6d83147c9e6cf4ae8bac4e4af8d (patch) | |
tree | 2e843f8fdf8382b13fe0a902e7b6183f1f4475bd /plugin | |
parent | 90e84d76efa775cdf7c54363218bf6817cd1bf33 (diff) | |
download | chat-2936dc87d074e6d83147c9e6cf4ae8bac4e4af8d.tar.gz chat-2936dc87d074e6d83147c9e6cf4ae8bac4e4af8d.tar.bz2 chat-2936dc87d074e6d83147c9e6cf4ae8bac4e4af8d.zip |
CSRF Token Implementation for Plugins (#9192)
deleted test config
fix test config
Dont wipe the session token for plugins
Simplified Tokens; Generate CSRF for other sessions
Remove CSRF from Access Token; Remove Getter/Setter from Context
fix removed setter
remove getcsrf helper from plugin api
enforce csrf only for cookie auth
Diffstat (limited to 'plugin')
-rw-r--r-- | plugin/api.go | 3 | ||||
-rw-r--r-- | plugin/client_rpc_generated.go | 29 | ||||
-rw-r--r-- | plugin/context.go | 1 | ||||
-rw-r--r-- | plugin/plugintest/api.go | 25 |
4 files changed, 58 insertions, 0 deletions
diff --git a/plugin/api.go b/plugin/api.go index 0b413d4d1..d0ad178ca 100644 --- a/plugin/api.go +++ b/plugin/api.go @@ -25,6 +25,9 @@ type API interface { // UnregisterCommand unregisters a command previously registered via RegisterCommand. UnregisterCommand(teamId, trigger string) error + // GetSession returns the session object for the Session ID + GetSession(sessionId string) (*model.Session, *model.AppError) + // GetConfig fetches the currently persisted config GetConfig() *model.Config diff --git a/plugin/client_rpc_generated.go b/plugin/client_rpc_generated.go index 98b906186..b43b93c5b 100644 --- a/plugin/client_rpc_generated.go +++ b/plugin/client_rpc_generated.go @@ -558,6 +558,35 @@ func (s *apiRPCServer) UnregisterCommand(args *Z_UnregisterCommandArgs, returns return nil } +type Z_GetSessionArgs struct { + A string +} + +type Z_GetSessionReturns struct { + A *model.Session + B *model.AppError +} + +func (g *apiRPCClient) GetSession(sessionId string) (*model.Session, *model.AppError) { + _args := &Z_GetSessionArgs{sessionId} + _returns := &Z_GetSessionReturns{} + if err := g.client.Call("Plugin.GetSession", _args, _returns); err != nil { + log.Printf("RPC call to GetSession API failed: %s", err.Error()) + } + return _returns.A, _returns.B +} + +func (s *apiRPCServer) GetSession(args *Z_GetSessionArgs, returns *Z_GetSessionReturns) error { + if hook, ok := s.impl.(interface { + GetSession(sessionId string) (*model.Session, *model.AppError) + }); ok { + returns.A, returns.B = hook.GetSession(args.A) + } else { + return fmt.Errorf("API GetSession called but not implemented.") + } + return nil +} + type Z_GetConfigArgs struct { } diff --git a/plugin/context.go b/plugin/context.go index 60d01bbe4..ec3f8b65e 100644 --- a/plugin/context.go +++ b/plugin/context.go @@ -7,4 +7,5 @@ package plugin // // It is currently a placeholder while the implementation details are sorted out. type Context struct { + SessionId string } diff --git a/plugin/plugintest/api.go b/plugin/plugintest/api.go index 70e90df4b..35a83ca9c 100644 --- a/plugin/plugintest/api.go +++ b/plugin/plugintest/api.go @@ -499,6 +499,31 @@ func (_m *API) GetPublicChannelsForTeam(teamId string, offset int, limit int) (* return r0, r1 } +// GetSession provides a mock function with given fields: sessionId +func (_m *API) GetSession(sessionId string) (*model.Session, *model.AppError) { + ret := _m.Called(sessionId) + + var r0 *model.Session + if rf, ok := ret.Get(0).(func(string) *model.Session); ok { + r0 = rf(sessionId) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*model.Session) + } + } + + var r1 *model.AppError + if rf, ok := ret.Get(1).(func(string) *model.AppError); ok { + r1 = rf(sessionId) + } else { + if ret.Get(1) != nil { + r1 = ret.Get(1).(*model.AppError) + } + } + + return r0, r1 +} + // GetTeam provides a mock function with given fields: teamId func (_m *API) GetTeam(teamId string) (*model.Team, *model.AppError) { ret := _m.Called(teamId) |