MOB-55 Disabled CSRF

This commit is contained in:
TanelOrumaa 2021-12-06 23:39:13 +02:00
parent 44430bfab2
commit 5719712bef
5 changed files with 34 additions and 12 deletions

View File

@ -7,8 +7,9 @@
<p class="text-center">Read more from <a href="https://github.com/TanelOrumaa/Estonian-ID-card-mobile-authenticator-POC">here.</a></p> <p class="text-center">Read more from <a href="https://github.com/TanelOrumaa/Estonian-ID-card-mobile-authenticator-POC">here.</a></p>
</div> </div>
<div class="justify-content-center d-flex">
<div id="canvas"></div> <div id="canvas"></div>
<div class="justify-content-center d-flex">
<button type="button" class="btn loginButton btn-dark" v-on:click="authenticate"> <button type="button" class="btn loginButton btn-dark" v-on:click="authenticate">
<div v-if="loading" class="d-flex justify-content-center"> <div v-if="loading" class="d-flex justify-content-center">
<div class="spinner-border text-light spinner-border-sm" role="status"> <div class="spinner-border text-light spinner-border-sm" role="status">
@ -115,7 +116,7 @@ export default {
} }
#canvas { #canvas {
height: 5vh; height: 30vh;
width: 5vh; width: 30vh;
} }
</style> </style>

View File

@ -22,9 +22,20 @@ export default {
}, },
methods: { methods: {
logOut: function () { logOut: function () {
const requestOptions = {
method: "POST",
headers: {"Content-Type": "application/json"},
body: JSON.stringify({"sessionId": this.$store.getters.getSessionId})
};
fetch("/auth/logout", requestOptions)
.then((response) => {
console.log(response);
this.$store.commit("setLoggedIn", false); this.$store.commit("setLoggedIn", false);
router.push("/"); router.push("/");
} }
)
}
}, },
mounted() { mounted() {
if (this.$store.getters.getSessionId == null) { if (this.$store.getters.getSessionId == null) {
@ -36,7 +47,7 @@ export default {
</script> </script>
<style scoped> <style scoped>
nav { nav {
height: 5vh; height: 5vh;
} }
</style> </style>

View File

@ -857,7 +857,7 @@ class IntentUrl {
url += this.postFinalizeSigningUrl ? "&postFinalizeSigningUrl=\"" + encodeURIComponent(this.postFinalizeSigningUrl) + "\"" : ""; url += this.postFinalizeSigningUrl ? "&postFinalizeSigningUrl=\"" + encodeURIComponent(this.postFinalizeSigningUrl) + "\"" : "";
url += this.applicationName ? "&applicationName=\"" + encodeURIComponent(this.applicationName) + "\"" : ""; url += this.applicationName ? "&applicationName=\"" + encodeURIComponent(this.applicationName) + "\"" : "";
url += this.actionDescription ? "&actionDescription=\"" + encodeURIComponent(this.actionDescription) + "\"" : ""; url += this.actionDescription ? "&actionDescription=\"" + encodeURIComponent(this.actionDescription) + "\"" : "";
url += this.headers ? "&headers=\"" + this.headers + "\"" : ""; url += this.headers ? "&headers=\"" + JSON.stringify(this.headers) + "\"" : "";
url += this.userInteractionTimeout ? "&userInteractionTimeout=\"" + this.userInteractionTimeout + "\"" : ""; url += this.userInteractionTimeout ? "&userInteractionTimeout=\"" + this.userInteractionTimeout + "\"" : "";
url += this.serverRequestTimeout ? "&serverRequestTimeout=\"" + this.serverRequestTimeout + "\"" : ""; url += this.serverRequestTimeout ? "&serverRequestTimeout=\"" + this.serverRequestTimeout + "\"" : "";
url += this.lang ? "&lang=\"" + this.lang + "\"" : ""; url += this.lang ? "&lang=\"" + this.lang + "\"" : "";

View File

@ -14,8 +14,10 @@ class SecurityConfiguration : WebSecurityConfigurerAdapter() {
?.roles("USER") ?.roles("USER")
} }
override fun configure(http: HttpSecurity?) { override fun configure(http: HttpSecurity) {
http?.sessionManagement()?.sessionCreationPolicy(SessionCreationPolicy.ALWAYS); http.authorizeRequests()?.antMatchers("/**")?.permitAll()
http?.authorizeRequests()?.antMatchers("/**")?.permitAll() ?.antMatchers("/auth/**")?.permitAll()
http.sessionManagement()?.sessionCreationPolicy(SessionCreationPolicy.ALWAYS)
http.csrf().disable()
} }
} }

View File

@ -38,4 +38,12 @@ class AuthenticationController {
} }
return auth return auth
} }
@PostMapping("logout", consumes = [MediaType.APPLICATION_JSON_VALUE])
fun logOut(@RequestBody body: String) : HttpStatus? {
LOG.warn("I WAS HERE")
LOG.warn(body)
return HttpStatus.ACCEPTED
}
} }