kritbit Commit Details

Date:

2015-11-22 14:41:23 (9 years 29 days ago)

Author:

Natalie Adams

Branch:

master

Commit:

5c021cdd67e11a87bcce1c6e64ce28c15f9edce8

Parents:

555bd1d25a7c972c853b0d8d07582942ea929d0f

Message:

adding CSRF token updating README

Changes:

File differences

-19
20 20
21 21
22 
22
23 23
24 24
25 25
+␊
# Authentication/Authorization␊
␊
Each user logs in using OAuth (see below for setup) and can only edit jobs that they have created (there are no groups or way of "granting" permission). A job history can have a flag to allow anonymous users to view the history. However, kritbit does not censor the output so be careful allowing people to view history of jobs that may contain sensitive information.␊
Each user logs in using OAuth (see below for setup) and can only edit jobs that they have created (there are no groups or way of "granting" permission). A user MUST be pre-registered into the users table otherwise they will not be able to login and create jobs (this is done to prevent abuse - though you can easily change this behavior). A job history can have a flag to allow anonymous users to view the history. However, kritbit does not censor the output so be careful allowing people to view history of jobs that may contain sensitive information.␊
␊
# Install␊
␊
 ␊
 # Authentication/Authorization␊
 ␊
-Each user logs in using OAuth (see below for setup) and can only edit jobs that they have created (there are no groups or way of "granting" permission). A job history can have a flag to allow anonymous users to view the history. However, kritbit does not censor the output so be careful allowing people to view history of jobs that may contain sensitive information.␊
+Each user logs in using OAuth (see below for setup) and can only edit jobs that they have created (there are no groups or way of "granting" permission). A user MUST be pre-registered into the users table otherwise they will not be able to login and create jobs (this is done to prevent abuse - though you can easily change this behavior). A job history can have a flag to allow anonymous users to view the history. However, kritbit does not censor the output so be careful allowing people to view history of jobs that may contain sensitive information.␊
 ␊
 # Install␊
 ␊

-116
117 117
118 118
119
120
121
122
123
124
125
119 126
120 127
+␉␉if ($this->loginRequired && !$this->user) {␊
␉␉␉$this->login();␊
␉␉}␊
␊
␊
␉␉if (isset($_POST["csrfmiddlewaretoken"])) {␊
␉␉␉if ($_POST["csrfmiddlewaretoken"] != $_COOKIE["csrftoken"]) {␊
␉␉␉␉throw new \Exception("CSRF tokens did not match");␊
␉␉␉}␊
␉␉}␊
␉}␊
}
 ␉␉if ($this->loginRequired && !$this->user) {␊
 ␉␉␉$this->login();␊
 ␉␉}␊
+␊
+␊
+␉␉if (isset($_POST["csrfmiddlewaretoken"])) {␊
+␉␉␉if ($_POST["csrfmiddlewaretoken"] != $_COOKIE["csrftoken"]) {␊
+␉␉␉␉throw new \Exception("CSRF tokens did not match");␊
+␉␉␉}␊
+␉␉}␊
 ␉}␊
 }

-7
8 8
9 9
10 
10
11 11
12 12
13 13
+</div>␊
␊
<form method="post" class="form-horizontal">␊
␊
    {% csrf_token %}␊
    <div class="form-group col-sm-10">␊
        <label for="jobName" class="col-sm-2 control-label">Job Name</label>␊
        <div class="col-sm-10">␊
 </div>␊
 ␊
 <form method="post" class="form-horizontal">␊
-␊
+    {% csrf_token %}␊
     <div class="form-group col-sm-10">␊
         <label for="jobName" class="col-sm-2 control-label">Job Name</label>␊
         <div class="col-sm-10">␊

Download the corresponding diff file

kritbit

File differences

Branches