mirror of
https://github.com/TanelOrumaa/Estonian-ID-card-mobile-authenticator-POC.git
synced 2024-12-22 12:30:16 +02:00
MOB-55 Disabled CSRF
This commit is contained in:
parent
44430bfab2
commit
5719712bef
@ -7,8 +7,9 @@
|
|||||||
|
|
||||||
<p class="text-center">Read more from <a href="https://github.com/TanelOrumaa/Estonian-ID-card-mobile-authenticator-POC">here.</a></p>
|
<p class="text-center">Read more from <a href="https://github.com/TanelOrumaa/Estonian-ID-card-mobile-authenticator-POC">here.</a></p>
|
||||||
</div>
|
</div>
|
||||||
|
<div id="canvas"></div>
|
||||||
<div class="justify-content-center d-flex">
|
<div class="justify-content-center d-flex">
|
||||||
<div id="canvas"></div>
|
|
||||||
<button type="button" class="btn loginButton btn-dark" v-on:click="authenticate">
|
<button type="button" class="btn loginButton btn-dark" v-on:click="authenticate">
|
||||||
<div v-if="loading" class="d-flex justify-content-center">
|
<div v-if="loading" class="d-flex justify-content-center">
|
||||||
<div class="spinner-border text-light spinner-border-sm" role="status">
|
<div class="spinner-border text-light spinner-border-sm" role="status">
|
||||||
@ -115,7 +116,7 @@ export default {
|
|||||||
}
|
}
|
||||||
|
|
||||||
#canvas {
|
#canvas {
|
||||||
height: 5vh;
|
height: 30vh;
|
||||||
width: 5vh;
|
width: 30vh;
|
||||||
}
|
}
|
||||||
</style>
|
</style>
|
||||||
|
@ -22,8 +22,19 @@ export default {
|
|||||||
},
|
},
|
||||||
methods: {
|
methods: {
|
||||||
logOut: function () {
|
logOut: function () {
|
||||||
this.$store.commit("setLoggedIn", false);
|
|
||||||
router.push("/");
|
const requestOptions = {
|
||||||
|
method: "POST",
|
||||||
|
headers: {"Content-Type": "application/json"},
|
||||||
|
body: JSON.stringify({"sessionId": this.$store.getters.getSessionId})
|
||||||
|
};
|
||||||
|
fetch("/auth/logout", requestOptions)
|
||||||
|
.then((response) => {
|
||||||
|
console.log(response);
|
||||||
|
this.$store.commit("setLoggedIn", false);
|
||||||
|
router.push("/");
|
||||||
|
}
|
||||||
|
)
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
mounted() {
|
mounted() {
|
||||||
@ -36,7 +47,7 @@ export default {
|
|||||||
</script>
|
</script>
|
||||||
|
|
||||||
<style scoped>
|
<style scoped>
|
||||||
nav {
|
nav {
|
||||||
height: 5vh;
|
height: 5vh;
|
||||||
}
|
}
|
||||||
</style>
|
</style>
|
@ -857,7 +857,7 @@ class IntentUrl {
|
|||||||
url += this.postFinalizeSigningUrl ? "&postFinalizeSigningUrl=\"" + encodeURIComponent(this.postFinalizeSigningUrl) + "\"" : "";
|
url += this.postFinalizeSigningUrl ? "&postFinalizeSigningUrl=\"" + encodeURIComponent(this.postFinalizeSigningUrl) + "\"" : "";
|
||||||
url += this.applicationName ? "&applicationName=\"" + encodeURIComponent(this.applicationName) + "\"" : "";
|
url += this.applicationName ? "&applicationName=\"" + encodeURIComponent(this.applicationName) + "\"" : "";
|
||||||
url += this.actionDescription ? "&actionDescription=\"" + encodeURIComponent(this.actionDescription) + "\"" : "";
|
url += this.actionDescription ? "&actionDescription=\"" + encodeURIComponent(this.actionDescription) + "\"" : "";
|
||||||
url += this.headers ? "&headers=\"" + this.headers + "\"" : "";
|
url += this.headers ? "&headers=\"" + JSON.stringify(this.headers) + "\"" : "";
|
||||||
url += this.userInteractionTimeout ? "&userInteractionTimeout=\"" + this.userInteractionTimeout + "\"" : "";
|
url += this.userInteractionTimeout ? "&userInteractionTimeout=\"" + this.userInteractionTimeout + "\"" : "";
|
||||||
url += this.serverRequestTimeout ? "&serverRequestTimeout=\"" + this.serverRequestTimeout + "\"" : "";
|
url += this.serverRequestTimeout ? "&serverRequestTimeout=\"" + this.serverRequestTimeout + "\"" : "";
|
||||||
url += this.lang ? "&lang=\"" + this.lang + "\"" : "";
|
url += this.lang ? "&lang=\"" + this.lang + "\"" : "";
|
||||||
|
@ -14,8 +14,10 @@ class SecurityConfiguration : WebSecurityConfigurerAdapter() {
|
|||||||
?.roles("USER")
|
?.roles("USER")
|
||||||
}
|
}
|
||||||
|
|
||||||
override fun configure(http: HttpSecurity?) {
|
override fun configure(http: HttpSecurity) {
|
||||||
http?.sessionManagement()?.sessionCreationPolicy(SessionCreationPolicy.ALWAYS);
|
http.authorizeRequests()?.antMatchers("/**")?.permitAll()
|
||||||
http?.authorizeRequests()?.antMatchers("/**")?.permitAll()
|
?.antMatchers("/auth/**")?.permitAll()
|
||||||
|
http.sessionManagement()?.sessionCreationPolicy(SessionCreationPolicy.ALWAYS)
|
||||||
|
http.csrf().disable()
|
||||||
}
|
}
|
||||||
}
|
}
|
@ -38,4 +38,12 @@ class AuthenticationController {
|
|||||||
}
|
}
|
||||||
return auth
|
return auth
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@PostMapping("logout", consumes = [MediaType.APPLICATION_JSON_VALUE])
|
||||||
|
fun logOut(@RequestBody body: String) : HttpStatus? {
|
||||||
|
LOG.warn("I WAS HERE")
|
||||||
|
LOG.warn(body)
|
||||||
|
return HttpStatus.ACCEPTED
|
||||||
|
|
||||||
|
}
|
||||||
}
|
}
|
Loading…
Reference in New Issue
Block a user