Skip to content

Commit

Permalink
fix: csrf check failed on public share with password
Browse files Browse the repository at this point in the history 
Signed-off-by: Luka Trovic <luka@nextcloud.com>
  • Loading branch information
@luka-nextcloud
luka-nextcloud committed Mar 25, 2024
1 parent 0a9a982 commit 6d5b7ea
Show file tree
Hide file tree
Showing 4 changed files with 19 additions and 33 deletions.
15 changes: 0 additions & 15 deletions core/js/publicshareauth.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,18 +52,3 @@ document.addEventListener('DOMContentLoaded', function() {
}

});

// Fix error "CSRF check failed"
document.addEventListener('DOMContentLoaded', function() {
var form = document.getElementById('password-input-form');
if (form) {
form.addEventListener('submit', async function(event) {
event.preventDefault();
var requestToken = document.getElementById('requesttoken');
if (requestToken) {
requestToken.value = await OC.fetchRequestToken();
}
form.submit();
});
}
});
2 changes: 0 additions & 2 deletions core/src/OC/index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,6 @@ import {
} from './host.js'
import {
getToken as getRequestToken,
fetchToken as fetchRequestToken,
} from './requesttoken.js'
import {
hideMenus,
Expand Down Expand Up @@ -275,7 +274,6 @@ export default {
redirect,
reload,
requestToken: getRequestToken(),
fetchRequestToken,
/**
* @deprecated 19.0.0 use `linkTo` from https://www.npmjs.com/package/@nextcloud/router
*/
Expand Down
16 changes: 0 additions & 16 deletions core/src/OC/requesttoken.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,6 @@
*/

import { emit } from '@nextcloud/event-bus'
import { generateUrl } from '@nextcloud/router'
import $ from 'jquery'

/**
* @private
Expand All @@ -43,15 +41,6 @@ export const manageToken = (global, emit) => {
token,
})
},
fetchToken: async () => {
const url = generateUrl('/csrftoken')
const resp = await $.get(url)
token = resp.token
emit('csrf-token-update', {
token,
})
return token
},
}
}

Expand All @@ -66,8 +55,3 @@ export const getToken = manageFromDocument.getToken
* @param {string} newToken new token
*/
export const setToken = manageFromDocument.setToken

/**
* @return {Promise<string>}
*/
export const fetchToken = manageFromDocument.fetchToken
19 changes: 19 additions & 0 deletions core/src/main.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,8 @@ import './jquery/index.js'
import { initCore } from './init.js'
import { registerAppsSlideToggle } from './OC/apps.js'
import { getRequestToken } from '@nextcloud/auth'
import { generateUrl } from '@nextcloud/router'
import Axios from '@nextcloud/axios'

// eslint-disable-next-line camelcase
__webpack_nonce__ = btoa(getRequestToken())
Expand All @@ -50,3 +52,20 @@ window.addEventListener('DOMContentLoaded', function() {
window.onhashchange = _.bind(OC.Util.History._onPopState, OC.Util.History)
}
})

// Fix error "CSRF check failed"
document.addEventListener('DOMContentLoaded', function() {
const form = document.getElementById('password-input-form')
if (form) {
form.addEventListener('submit', async function(event) {
event.preventDefault()
const requestToken = document.getElementById('requesttoken')
if (requestToken) {
const url = generateUrl('/csrftoken')
const resp = await Axios.get(url)
requestToken.value = resp.data.token
}
form.submit()
})
}
})

0 comments on commit 6d5b7ea

Please sign in to comment.