CSRF Token Implementation for Plugins (#9192)

deleted test config fix test config Dont wipe the session token for plugins Simplified Tokens; Generate CSRF for other sessions Remove CSRF from Access Token; Remove Getter/Setter from Context fix removed setter remove getcsrf helper from plugin api enforce csrf only for cookie auth
author: Daniel Schalla <daniel@schalla.me> 2018-08-02 00:16:04 +0200
committer: Christopher Speller <crspeller@gmail.com> 2018-08-01 15:16:04 -0700
commit: 2936dc87d074e6d83147c9e6cf4ae8bac4e4af8d (patch)
tree: 2e843f8fdf8382b13fe0a902e7b6183f1f4475bd /app/login.go
parent: 90e84d76efa775cdf7c54363218bf6817cd1bf33 (diff)
download: chat-2936dc87d074e6d83147c9e6cf4ae8bac4e4af8d.tar.gz
chat-2936dc87d074e6d83147c9e6cf4ae8bac4e4af8d.tar.bz2
chat-2936dc87d074e6d83147c9e6cf4ae8bac4e4af8d.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/app/login.go b/app/login.go
index 0d22f2635..4897ae171 100644
--- a/app/login.go
+++ b/app/login.go
@@ -126,7 +126,7 @@ func (a *App) GetUserForLogin(id, loginId string) (*model.User, *model.AppError)
 
 func (a *App) DoLogin(w http.ResponseWriter, r *http.Request, user *model.User, deviceId string) (*model.Session, *model.AppError) {
 	session := &model.Session{UserId: user.Id, Roles: user.GetRawRoles(), DeviceId: deviceId, IsOAuth: false}
-
+	session.GenerateCSRF()
 	maxAge := *a.Config().ServiceSettings.SessionLengthWebInDays * 60 * 60 * 24
 
 	if len(deviceId) > 0 {
author	Daniel Schalla <daniel@schalla.me>	2018-08-02 00:16:04 +0200
committer	Christopher Speller <crspeller@gmail.com>	2018-08-01 15:16:04 -0700
commit	2936dc87d074e6d83147c9e6cf4ae8bac4e4af8d (patch)
tree	2e843f8fdf8382b13fe0a902e7b6183f1f4475bd /app/login.go
parent	90e84d76efa775cdf7c54363218bf6817cd1bf33 (diff)
download	chat-2936dc87d074e6d83147c9e6cf4ae8bac4e4af8d.tar.gz chat-2936dc87d074e6d83147c9e6cf4ae8bac4e4af8d.tar.bz2 chat-2936dc87d074e6d83147c9e6cf4ae8bac4e4af8d.zip