IT4Change/gradido
3
0
Fork 0
mirror of https://github.com/IT4Change/gradido.git synced 2025-12-13 07:45:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'stage1' of github.com:gradido/gradido_community_server into stage1

Browse Source
This commit is contained in:
einhornimmond 2021-02-17 16:44:41 +01:00
commit e4508f2be7
2 changed files with 38 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
config/routes.php
View File

@ -58,6 +58,7 @@ Router::scope('/', function (RouteBuilder $routes) {
// Skip token check for API URLs.
//die($request->getParam('controller'));
$whitelist = ['JsonRequestHandler', 'ElopageWebhook'];
foreach($whitelist as $entry) {
if($request->getParam('controller') === $entry) {
if($entry == 'ElopageWebhook') {

38
src/Controller/StateUsersController.php
View File

@ -5,6 +5,8 @@ use Cake\Routing\Router;
use Cake\I18n\I18n;
use Cake\I18n\FrozenTime;
use Cake\ORM\TableRegistry;
use Cake\Http\Client;
use Cake\Core\Configure;
use App\Controller\AppController;
use App\Form\UserSearchForm;
@ -43,7 +45,7 @@ class StateUsersController extends AppController
$this->Auth->allow([
'search', 'ajaxCopyLoginToCommunity', 'ajaxCopyCommunityToLogin',
'ajaxDelete', 'ajaxCountTransactions', 'ajaxVerificationEmailResend',
'ajaxGetUserEmailVerificationCode'
'ajaxGetUserEmailVerificationCode', 'ajaxGetCSFRToken'
]);
$this->set(
'naviHierarchy',
@ -433,6 +435,40 @@ class StateUsersController extends AppController
}
return $this->returnJson(['state' => 'error', 'msg' => 'no post request']);
}
public function ajaxGetCSFRToken($session_id)
{
if(!isset($session_id) || $session_id == 0) {
$this->returnJson(['state' => 'error', 'msg' => 'no session id']);
}
$client_ip = $this->request->clientIp();
$loginServer = Configure::read('LoginServer');
$url = $loginServer['host'] . ':' . $loginServer['port'];
$http = new Client();
$response = $http->get($url . '/login', ['session_id' => $session_id]);
$json = $response->getJson();
if (isset($json) && count($json) > 0) {
if ($json['state'] === 'success') {
if($json['clientIP'] == $client_ip) {
return $this->returnJson(['state' => 'success', 'csfr' => $this->request->getParam('_csrfToken')]);
} else {
return $this->returnJson([
'state' => 'error',
'msg' => 'client ip mismatch',
'details' => ['login_server' => $json['clientIP'], 'caller' => $client_ip]]);
}
} else {
return $this->returnJson($json);
}
} else {
return $this->returnJson(['state' => 'error', 'invalid response form logins server']);
}
}
/*
getField(vnode, 'receive'),