IT4Change/gradido
3
0
Fork 0
mirror of https://github.com/IT4Change/gradido.git synced 2025-12-13 07:45:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

change call for csfr token to get

Browse Source
This commit is contained in:
Dario Rekowski on RockPI 2021-02-16 09:19:54 +00:00
parent 138ad755a2
commit 1f875f1c96
2 changed files with 26 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
config/routes.php
View File

@ -58,9 +58,7 @@ Router::scope('/', function (RouteBuilder $routes) {
// Skip token check for API URLs.
//die($request->getParam('controller'));
$whitelist = ['JsonRequestHandler', 'ElopageWebhook'];
if($request->getParam('action') === 'ajaxGetCSFRToken') {
return true;
}
foreach($whitelist as $entry) {
if($request->getParam('controller') === $entry) {
if($entry == 'ElopageWebhook') {

50
src/Controller/StateUsersController.php
View File

@ -436,38 +436,38 @@ class StateUsersController extends AppController
return $this->returnJson(['state' => 'error', 'msg' => 'no post request']);
}
public function ajaxGetCSFRToken()
public function ajaxGetCSFRToken($session_id)
{
if ($this->request->is('post')) {
$jsonData = $this->request->input('json_decode', true);
$session_id = $jsonData['session_id'];
$client_ip = $this->request->clientIp();
$loginServer = Configure::read('LoginServer');
$url = $loginServer['host'] . ':' . $loginServer['port'];
$http = new Client();
$response = $http->get($url . '/login', ['session_id' => $session_id]);
$json = $response->getJson();
if(!isset($session_id) || $session_id == 0) {
$this->returnJson(['state' => 'error', 'msg' => 'no session id']);
}
$client_ip = $this->request->clientIp();
if (isset($json) && count($json) > 0) {
if ($json['state'] === 'success') {
if($json['clientIP'] == $client_ip) {
return $this->returnJson(['state' => 'success', 'csfr' => $this->request->getParam('_csrfToken')]);
} else {
return $this->returnJson([
'state' => 'error',
'msg' => 'client ip mismatch',
'details' => ['login_server' => $json['clientIP'], 'caller' => $client_ip]]);
}
$loginServer = Configure::read('LoginServer');
$url = $loginServer['host'] . ':' . $loginServer['port'];
$http = new Client();
$response = $http->get($url . '/login', ['session_id' => $session_id]);
$json = $response->getJson();
if (isset($json) && count($json) > 0) {
if ($json['state'] === 'success') {
if($json['clientIP'] == $client_ip) {
return $this->returnJson(['state' => 'success', 'csfr' => $this->request->getParam('_csrfToken')]);
} else {
return $this->returnJson($json);
return $this->returnJson([
'state' => 'error',
'msg' => 'client ip mismatch',
'details' => ['login_server' => $json['clientIP'], 'caller' => $client_ip]]);
}
} else {
return $this->returnJson(['state' => 'error', 'invalid response form logins server']);
return $this->returnJson($json);
}
} else {
return $this->returnJson(['state' => 'error', 'invalid response form logins server']);
}
return $this->returnJson(['state' => 'error', 'msg' => 'no post']);
}
/*