From 2936dc87d074e6d83147c9e6cf4ae8bac4e4af8d Mon Sep 17 00:00:00 2001
From: Daniel Schalla <daniel@schalla.me>
Date: Thu, 2 Aug 2018 00:16:04 +0200
Subject: CSRF Token Implementation for Plugins (#9192)

deleted test config

fix test config

Dont wipe the session token for plugins

Simplified Tokens; Generate CSRF for other sessions

Remove CSRF from Access Token; Remove Getter/Setter from Context

fix removed setter

remove getcsrf helper from plugin api

enforce csrf only for cookie auth
---
 plugin/plugintest/api.go | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

(limited to 'plugin/plugintest')

diff --git a/plugin/plugintest/api.go b/plugin/plugintest/api.go
index 70e90df4b..35a83ca9c 100644
--- a/plugin/plugintest/api.go
+++ b/plugin/plugintest/api.go
@@ -499,6 +499,31 @@ func (_m *API) GetPublicChannelsForTeam(teamId string, offset int, limit int) (*
 	return r0, r1
 }
 
+// GetSession provides a mock function with given fields: sessionId
+func (_m *API) GetSession(sessionId string) (*model.Session, *model.AppError) {
+	ret := _m.Called(sessionId)
+
+	var r0 *model.Session
+	if rf, ok := ret.Get(0).(func(string) *model.Session); ok {
+		r0 = rf(sessionId)
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).(*model.Session)
+		}
+	}
+
+	var r1 *model.AppError
+	if rf, ok := ret.Get(1).(func(string) *model.AppError); ok {
+		r1 = rf(sessionId)
+	} else {
+		if ret.Get(1) != nil {
+			r1 = ret.Get(1).(*model.AppError)
+		}
+	}
+
+	return r0, r1
+}
+
 // GetTeam provides a mock function with given fields: teamId
 func (_m *API) GetTeam(teamId string) (*model.Team, *model.AppError) {
 	ret := _m.Called(teamId)
-- 
cgit v1.2.3-1-g7c22