mirror of
https://github.com/TanelOrumaa/Estonian-ID-card-mobile-authenticator-POC.git
synced 2024-12-22 04:20:16 +02:00
MOB-55 Disabled CSRF
This commit is contained in:
parent
44430bfab2
commit
5719712bef
@ -7,8 +7,9 @@
|
||||
|
||||
<p class="text-center">Read more from <a href="https://github.com/TanelOrumaa/Estonian-ID-card-mobile-authenticator-POC">here.</a></p>
|
||||
</div>
|
||||
<div id="canvas"></div>
|
||||
<div class="justify-content-center d-flex">
|
||||
<div id="canvas"></div>
|
||||
|
||||
<button type="button" class="btn loginButton btn-dark" v-on:click="authenticate">
|
||||
<div v-if="loading" class="d-flex justify-content-center">
|
||||
<div class="spinner-border text-light spinner-border-sm" role="status">
|
||||
@ -115,7 +116,7 @@ export default {
|
||||
}
|
||||
|
||||
#canvas {
|
||||
height: 5vh;
|
||||
width: 5vh;
|
||||
height: 30vh;
|
||||
width: 30vh;
|
||||
}
|
||||
</style>
|
||||
|
@ -22,8 +22,19 @@ export default {
|
||||
},
|
||||
methods: {
|
||||
logOut: function () {
|
||||
this.$store.commit("setLoggedIn", false);
|
||||
router.push("/");
|
||||
|
||||
const requestOptions = {
|
||||
method: "POST",
|
||||
headers: {"Content-Type": "application/json"},
|
||||
body: JSON.stringify({"sessionId": this.$store.getters.getSessionId})
|
||||
};
|
||||
fetch("/auth/logout", requestOptions)
|
||||
.then((response) => {
|
||||
console.log(response);
|
||||
this.$store.commit("setLoggedIn", false);
|
||||
router.push("/");
|
||||
}
|
||||
)
|
||||
}
|
||||
},
|
||||
mounted() {
|
||||
@ -36,7 +47,7 @@ export default {
|
||||
</script>
|
||||
|
||||
<style scoped>
|
||||
nav {
|
||||
height: 5vh;
|
||||
}
|
||||
nav {
|
||||
height: 5vh;
|
||||
}
|
||||
</style>
|
@ -857,7 +857,7 @@ class IntentUrl {
|
||||
url += this.postFinalizeSigningUrl ? "&postFinalizeSigningUrl=\"" + encodeURIComponent(this.postFinalizeSigningUrl) + "\"" : "";
|
||||
url += this.applicationName ? "&applicationName=\"" + encodeURIComponent(this.applicationName) + "\"" : "";
|
||||
url += this.actionDescription ? "&actionDescription=\"" + encodeURIComponent(this.actionDescription) + "\"" : "";
|
||||
url += this.headers ? "&headers=\"" + this.headers + "\"" : "";
|
||||
url += this.headers ? "&headers=\"" + JSON.stringify(this.headers) + "\"" : "";
|
||||
url += this.userInteractionTimeout ? "&userInteractionTimeout=\"" + this.userInteractionTimeout + "\"" : "";
|
||||
url += this.serverRequestTimeout ? "&serverRequestTimeout=\"" + this.serverRequestTimeout + "\"" : "";
|
||||
url += this.lang ? "&lang=\"" + this.lang + "\"" : "";
|
||||
|
@ -14,8 +14,10 @@ class SecurityConfiguration : WebSecurityConfigurerAdapter() {
|
||||
?.roles("USER")
|
||||
}
|
||||
|
||||
override fun configure(http: HttpSecurity?) {
|
||||
http?.sessionManagement()?.sessionCreationPolicy(SessionCreationPolicy.ALWAYS);
|
||||
http?.authorizeRequests()?.antMatchers("/**")?.permitAll()
|
||||
override fun configure(http: HttpSecurity) {
|
||||
http.authorizeRequests()?.antMatchers("/**")?.permitAll()
|
||||
?.antMatchers("/auth/**")?.permitAll()
|
||||
http.sessionManagement()?.sessionCreationPolicy(SessionCreationPolicy.ALWAYS)
|
||||
http.csrf().disable()
|
||||
}
|
||||
}
|
@ -38,4 +38,12 @@ class AuthenticationController {
|
||||
}
|
||||
return auth
|
||||
}
|
||||
|
||||
@PostMapping("logout", consumes = [MediaType.APPLICATION_JSON_VALUE])
|
||||
fun logOut(@RequestBody body: String) : HttpStatus? {
|
||||
LOG.warn("I WAS HERE")
|
||||
LOG.warn(body)
|
||||
return HttpStatus.ACCEPTED
|
||||
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user