From 2936dc87d074e6d83147c9e6cf4ae8bac4e4af8d Mon Sep 17 00:00:00 2001 From: Daniel Schalla Date: Thu, 2 Aug 2018 00:16:04 +0200 Subject: CSRF Token Implementation for Plugins (#9192) deleted test config fix test config Dont wipe the session token for plugins Simplified Tokens; Generate CSRF for other sessions Remove CSRF from Access Token; Remove Getter/Setter from Context fix removed setter remove getcsrf helper from plugin api enforce csrf only for cookie auth --- plugin/api.go | 3 +++ plugin/client_rpc_generated.go | 29 +++++++++++++++++++++++++++++ plugin/context.go | 1 + plugin/plugintest/api.go | 25 +++++++++++++++++++++++++ 4 files changed, 58 insertions(+) (limited to 'plugin') diff --git a/plugin/api.go b/plugin/api.go index 0b413d4d1..d0ad178ca 100644 --- a/plugin/api.go +++ b/plugin/api.go @@ -25,6 +25,9 @@ type API interface { // UnregisterCommand unregisters a command previously registered via RegisterCommand. UnregisterCommand(teamId, trigger string) error + // GetSession returns the session object for the Session ID + GetSession(sessionId string) (*model.Session, *model.AppError) + // GetConfig fetches the currently persisted config GetConfig() *model.Config diff --git a/plugin/client_rpc_generated.go b/plugin/client_rpc_generated.go index 98b906186..b43b93c5b 100644 --- a/plugin/client_rpc_generated.go +++ b/plugin/client_rpc_generated.go @@ -558,6 +558,35 @@ func (s *apiRPCServer) UnregisterCommand(args *Z_UnregisterCommandArgs, returns return nil } +type Z_GetSessionArgs struct { + A string +} + +type Z_GetSessionReturns struct { + A *model.Session + B *model.AppError +} + +func (g *apiRPCClient) GetSession(sessionId string) (*model.Session, *model.AppError) { + _args := &Z_GetSessionArgs{sessionId} + _returns := &Z_GetSessionReturns{} + if err := g.client.Call("Plugin.GetSession", _args, _returns); err != nil { + log.Printf("RPC call to GetSession API failed: %s", err.Error()) + } + return _returns.A, _returns.B +} + +func (s *apiRPCServer) GetSession(args *Z_GetSessionArgs, returns *Z_GetSessionReturns) error { + if hook, ok := s.impl.(interface { + GetSession(sessionId string) (*model.Session, *model.AppError) + }); ok { + returns.A, returns.B = hook.GetSession(args.A) + } else { + return fmt.Errorf("API GetSession called but not implemented.") + } + return nil +} + type Z_GetConfigArgs struct { } diff --git a/plugin/context.go b/plugin/context.go index 60d01bbe4..ec3f8b65e 100644 --- a/plugin/context.go +++ b/plugin/context.go @@ -7,4 +7,5 @@ package plugin // // It is currently a placeholder while the implementation details are sorted out. type Context struct { + SessionId string } diff --git a/plugin/plugintest/api.go b/plugin/plugintest/api.go index 70e90df4b..35a83ca9c 100644 --- a/plugin/plugintest/api.go +++ b/plugin/plugintest/api.go @@ -499,6 +499,31 @@ func (_m *API) GetPublicChannelsForTeam(teamId string, offset int, limit int) (* return r0, r1 } +// GetSession provides a mock function with given fields: sessionId +func (_m *API) GetSession(sessionId string) (*model.Session, *model.AppError) { + ret := _m.Called(sessionId) + + var r0 *model.Session + if rf, ok := ret.Get(0).(func(string) *model.Session); ok { + r0 = rf(sessionId) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*model.Session) + } + } + + var r1 *model.AppError + if rf, ok := ret.Get(1).(func(string) *model.AppError); ok { + r1 = rf(sessionId) + } else { + if ret.Get(1) != nil { + r1 = ret.Get(1).(*model.AppError) + } + } + + return r0, r1 +} + // GetTeam provides a mock function with given fields: teamId func (_m *API) GetTeam(teamId string) (*model.Team, *model.AppError) { ret := _m.Called(teamId) -- cgit v1.2.3-1-g7c22