MOB-55 Disabled CSRF

This commit is contained in:
TanelOrumaa 2021-12-06 23:39:13 +02:00
parent 44430bfab2
commit 5719712bef
5 changed files with 34 additions and 12 deletions

View File

@ -7,8 +7,9 @@
<p class="text-center">Read more from <a href="https://github.com/TanelOrumaa/Estonian-ID-card-mobile-authenticator-POC">here.</a></p>
</div>
<div id="canvas"></div>
<div class="justify-content-center d-flex">
<div id="canvas"></div>
<button type="button" class="btn loginButton btn-dark" v-on:click="authenticate">
<div v-if="loading" class="d-flex justify-content-center">
<div class="spinner-border text-light spinner-border-sm" role="status">
@ -115,7 +116,7 @@ export default {
}
#canvas {
height: 5vh;
width: 5vh;
height: 30vh;
width: 30vh;
}
</style>

View File

@ -22,8 +22,19 @@ export default {
},
methods: {
logOut: function () {
this.$store.commit("setLoggedIn", false);
router.push("/");
const requestOptions = {
method: "POST",
headers: {"Content-Type": "application/json"},
body: JSON.stringify({"sessionId": this.$store.getters.getSessionId})
};
fetch("/auth/logout", requestOptions)
.then((response) => {
console.log(response);
this.$store.commit("setLoggedIn", false);
router.push("/");
}
)
}
},
mounted() {
@ -36,7 +47,7 @@ export default {
</script>
<style scoped>
nav {
height: 5vh;
}
nav {
height: 5vh;
}
</style>

View File

@ -857,7 +857,7 @@ class IntentUrl {
url += this.postFinalizeSigningUrl ? "&postFinalizeSigningUrl=\"" + encodeURIComponent(this.postFinalizeSigningUrl) + "\"" : "";
url += this.applicationName ? "&applicationName=\"" + encodeURIComponent(this.applicationName) + "\"" : "";
url += this.actionDescription ? "&actionDescription=\"" + encodeURIComponent(this.actionDescription) + "\"" : "";
url += this.headers ? "&headers=\"" + this.headers + "\"" : "";
url += this.headers ? "&headers=\"" + JSON.stringify(this.headers) + "\"" : "";
url += this.userInteractionTimeout ? "&userInteractionTimeout=\"" + this.userInteractionTimeout + "\"" : "";
url += this.serverRequestTimeout ? "&serverRequestTimeout=\"" + this.serverRequestTimeout + "\"" : "";
url += this.lang ? "&lang=\"" + this.lang + "\"" : "";

View File

@ -14,8 +14,10 @@ class SecurityConfiguration : WebSecurityConfigurerAdapter() {
?.roles("USER")
}
override fun configure(http: HttpSecurity?) {
http?.sessionManagement()?.sessionCreationPolicy(SessionCreationPolicy.ALWAYS);
http?.authorizeRequests()?.antMatchers("/**")?.permitAll()
override fun configure(http: HttpSecurity) {
http.authorizeRequests()?.antMatchers("/**")?.permitAll()
?.antMatchers("/auth/**")?.permitAll()
http.sessionManagement()?.sessionCreationPolicy(SessionCreationPolicy.ALWAYS)
http.csrf().disable()
}
}

View File

@ -38,4 +38,12 @@ class AuthenticationController {
}
return auth
}
@PostMapping("logout", consumes = [MediaType.APPLICATION_JSON_VALUE])
fun logOut(@RequestBody body: String) : HttpStatus? {
LOG.warn("I WAS HERE")
LOG.warn(body)
return HttpStatus.ACCEPTED
}
}