CSRF Token Implementation for Plugins (#9192)

deleted test config fix test config Dont wipe the session token for plugins Simplified Tokens; Generate CSRF for other sessions Remove CSRF from Access Token; Remove Getter/Setter from Context fix removed setter remove getcsrf helper from plugin api enforce csrf only for cookie auth
author: Daniel Schalla <daniel@schalla.me> 2018-08-02 00:16:04 +0200
committer: Christopher Speller <crspeller@gmail.com> 2018-08-01 15:16:04 -0700
commit: 2936dc87d074e6d83147c9e6cf4ae8bac4e4af8d (patch)
tree: 2e843f8fdf8382b13fe0a902e7b6183f1f4475bd /model/session.go
parent: 90e84d76efa775cdf7c54363218bf6817cd1bf33 (diff)
download: chat-2936dc87d074e6d83147c9e6cf4ae8bac4e4af8d.tar.gz
chat-2936dc87d074e6d83147c9e6cf4ae8bac4e4af8d.tar.bz2
chat-2936dc87d074e6d83147c9e6cf4ae8bac4e4af8d.zip
1 files changed, 14 insertions, 0 deletions
diff --git a/model/session.go b/model/session.go
index 7c6bbe06d..d59e9b183 100644
--- a/model/session.go
+++ b/model/session.go
@@ -135,6 +135,20 @@ func (me *Session) GetUserRoles() []string {
 	return strings.Fields(me.Roles)
 }
 
+func (me *Session) GenerateCSRF() string {
+	token := NewId()
+	me.AddProp("csrf", token)
+	return token
+}
+
+func (me *Session) GetCSRF() string {
+	if me.Props == nil {
+		return ""
+	}
+
+	return me.Props["csrf"]
+}
+
 func SessionsToJson(o []*Session) string {
 	if b, err := json.Marshal(o); err != nil {
 		return "[]"
author	Daniel Schalla <daniel@schalla.me>	2018-08-02 00:16:04 +0200
committer	Christopher Speller <crspeller@gmail.com>	2018-08-01 15:16:04 -0700
commit	2936dc87d074e6d83147c9e6cf4ae8bac4e4af8d (patch)
tree	2e843f8fdf8382b13fe0a902e7b6183f1f4475bd /model/session.go
parent	90e84d76efa775cdf7c54363218bf6817cd1bf33 (diff)
download	chat-2936dc87d074e6d83147c9e6cf4ae8bac4e4af8d.tar.gz chat-2936dc87d074e6d83147c9e6cf4ae8bac4e4af8d.tar.bz2 chat-2936dc87d074e6d83147c9e6cf4ae8bac4e4af8d.zip