rnsrk/wisski-cloud-distillery
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Refactor CSRF protection

Browse source
This commit is contained in:
Tom Wiesing 2023-01-05 14:07:36 +01:00
parent 59b565ae19
commit eb17dbe33f
No known key found for this signature in database
8 changed files with 20 additions and 45 deletions
Download patch file Download diff file Expand all files Collapse all files

9
internal/dis/component/auth/panel/totp.go
View file

@ -22,8 +22,7 @@ func (panel *UserPanel) routeTOTPEnable(ctx context.Context) http.Handler {
{Name: "password", Type: httpx.PasswordField, EmptyOnError: true, Label: "Current Password"},
},
FieldTemplate: httpx.PureCSSFieldTemplate,
CSRF: panel.Dependencies.Auth.CSRF(),
CSRF: true,
SkipForm: func(r *http.Request) (data struct{}, skip bool) {
user, err := panel.Dependencies.Auth.UserOf(r)
@ -81,8 +80,7 @@ func (panel *UserPanel) routeTOTPEnroll(ctx context.Context) http.Handler {
{Name: "otp", Type: httpx.TextField, EmptyOnError: true, Label: "Passcode"},
},
FieldTemplate: httpx.PureCSSFieldTemplate,
CSRF: panel.Dependencies.Auth.CSRF(),
CSRF: true,
SkipForm: func(r *http.Request) (data struct{}, skip bool) {
user, err := panel.Dependencies.Auth.UserOf(r)
@ -152,8 +150,7 @@ func (panel *UserPanel) routeTOTPDisable(ctx context.Context) http.Handler {
{Name: "otp", Type: httpx.TextField, EmptyOnError: true, Label: "Current Passcode"},
},
FieldTemplate: httpx.PureCSSFieldTemplate,
CSRF: panel.Dependencies.Auth.CSRF(),
CSRF: true,
SkipForm: func(r *http.Request) (data struct{}, skip bool) {
user, err := panel.Dependencies.Auth.UserOf(r)