From 2936dc87d074e6d83147c9e6cf4ae8bac4e4af8d Mon Sep 17 00:00:00 2001
From: Daniel Schalla <daniel@schalla.me>
Date: Thu, 2 Aug 2018 00:16:04 +0200
Subject: CSRF Token Implementation for Plugins (#9192)

deleted test config

fix test config

Dont wipe the session token for plugins

Simplified Tokens; Generate CSRF for other sessions

Remove CSRF from Access Token; Remove Getter/Setter from Context

fix removed setter

remove getcsrf helper from plugin api

enforce csrf only for cookie auth
---
 app/plugin_api.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'app/plugin_api.go')

diff --git a/app/plugin_api.go b/app/plugin_api.go
index 66f17bdfb..31bfd401d 100644
--- a/app/plugin_api.go
+++ b/app/plugin_api.go
@@ -65,6 +65,16 @@ func (api *PluginAPI) UnregisterCommand(teamId, trigger string) error {
 	return nil
 }
 
+func (api *PluginAPI) GetSession(sessionId string) (*model.Session, *model.AppError) {
+	session, err := api.app.GetSessionById(sessionId)
+
+	if err != nil {
+		return nil, err
+	}
+
+	return session, nil
+}
+
 func (api *PluginAPI) GetConfig() *model.Config {
 	return api.app.GetConfig()
 }
-- 
cgit v1.2.3-1-g7c22