refactor(actions): centralize wave-2 post/csrf guards
This commit is contained in:
@@ -4,7 +4,6 @@ use MintyPHP\Buffer;
|
||||
use MintyPHP\Http\SessionStoreInterface;
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Service\Access\DepartmentAuthorizationPolicy;
|
||||
use MintyPHP\Session;
|
||||
use MintyPHP\Support\Flash;
|
||||
use MintyPHP\Support\Guard;
|
||||
|
||||
@@ -50,9 +49,7 @@ if ($allowedTenantIds) {
|
||||
$tenants = [];
|
||||
}
|
||||
|
||||
if ($request->isMethod('POST') && !Session::checkCsrfToken()) {
|
||||
Flash::error(t('Form expired, please try again'), $createTarget, 'csrf_expired');
|
||||
Router::redirect($createTarget);
|
||||
if ($request->isMethod('POST') && !actionRequireCsrf($createTarget, $createTarget, 'csrf_expired')) {
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
@@ -4,7 +4,6 @@ use MintyPHP\Buffer;
|
||||
use MintyPHP\Http\SessionStoreInterface;
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Service\Access\DepartmentAuthorizationPolicy;
|
||||
use MintyPHP\Session;
|
||||
use MintyPHP\Support\Flash;
|
||||
use MintyPHP\Support\Guard;
|
||||
|
||||
@@ -81,9 +80,7 @@ if ($allowedTenantIds) {
|
||||
$form['tenant_id'] = 0;
|
||||
}
|
||||
|
||||
if ($request->isMethod('POST') && !Session::checkCsrfToken()) {
|
||||
Flash::error(t('Form expired, please try again'), $editTarget, 'csrf_expired');
|
||||
Router::redirect($editTarget);
|
||||
if ($request->isMethod('POST') && !actionRequireCsrf($editTarget, $editTarget, 'csrf_expired')) {
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
@@ -4,7 +4,6 @@ use MintyPHP\Buffer;
|
||||
use MintyPHP\Http\SessionStoreInterface;
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Service\Access\PermissionAuthorizationPolicy;
|
||||
use MintyPHP\Session;
|
||||
use MintyPHP\Support\Flash;
|
||||
use MintyPHP\Support\Guard;
|
||||
|
||||
@@ -33,9 +32,7 @@ $form = [
|
||||
'is_system' => 0,
|
||||
];
|
||||
|
||||
if ($request->isMethod('POST') && !Session::checkCsrfToken()) {
|
||||
Flash::error(t('Form expired, please try again'), $createTarget, 'csrf_expired');
|
||||
Router::redirect($createTarget);
|
||||
if ($request->isMethod('POST') && !actionRequireCsrf($createTarget, $createTarget, 'csrf_expired')) {
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
@@ -5,7 +5,6 @@ use MintyPHP\Http\SessionStoreInterface;
|
||||
use MintyPHP\Repository\Access\RoleRepository;
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Service\Access\PermissionAuthorizationPolicy;
|
||||
use MintyPHP\Session;
|
||||
use MintyPHP\Support\Flash;
|
||||
use MintyPHP\Support\Guard;
|
||||
|
||||
@@ -48,9 +47,7 @@ $userWriteRepository = app(\MintyPHP\Repository\User\UserWriteRepository::class)
|
||||
$selectedRoleIds = $rolePermissionRepository->listRoleIdsByPermissionId($id);
|
||||
$previousRoleIds = $selectedRoleIds;
|
||||
|
||||
if ($request->isMethod('POST') && !Session::checkCsrfToken()) {
|
||||
Flash::error(t('Form expired, please try again'), $editTarget, 'csrf_expired');
|
||||
Router::redirect($editTarget);
|
||||
if ($request->isMethod('POST') && !actionRequireCsrf($editTarget, $editTarget, 'csrf_expired')) {
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
@@ -4,7 +4,6 @@ use MintyPHP\Buffer;
|
||||
use MintyPHP\Http\SessionStoreInterface;
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Service\Access\RoleAuthorizationPolicy;
|
||||
use MintyPHP\Session;
|
||||
use MintyPHP\Support\Flash;
|
||||
use MintyPHP\Support\Guard;
|
||||
|
||||
@@ -37,9 +36,7 @@ $rolePermissionRepository = app(\MintyPHP\Repository\Access\RolePermissionReposi
|
||||
$permissions = $permissionRepository->listActive();
|
||||
$selectedPermissionIds = [];
|
||||
|
||||
if ($request->isMethod('POST') && !Session::checkCsrfToken()) {
|
||||
Flash::error(t('Form expired, please try again'), $createTarget, 'csrf_expired');
|
||||
Router::redirect($createTarget);
|
||||
if ($request->isMethod('POST') && !actionRequireCsrf($createTarget, $createTarget, 'csrf_expired')) {
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
@@ -4,7 +4,6 @@ use MintyPHP\Buffer;
|
||||
use MintyPHP\Http\SessionStoreInterface;
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Service\Access\RoleAuthorizationPolicy;
|
||||
use MintyPHP\Session;
|
||||
use MintyPHP\Support\Flash;
|
||||
use MintyPHP\Support\Guard;
|
||||
|
||||
@@ -53,9 +52,7 @@ $assignableRoleRepo = app(\MintyPHP\Repository\Access\RoleAssignableRoleReposito
|
||||
$allRolesForAssignable = app(\MintyPHP\Service\Access\RoleService::class)->listActive();
|
||||
$selectedAssignableRoleIds = $assignableRoleRepo->listAssignableRoleIdsByRoleId($roleId);
|
||||
|
||||
if ($request->isMethod('POST') && !Session::checkCsrfToken()) {
|
||||
Flash::error(t('Form expired, please try again'), $editTarget, 'csrf_expired');
|
||||
Router::redirect($editTarget);
|
||||
if ($request->isMethod('POST') && !actionRequireCsrf($editTarget, $editTarget, 'csrf_expired')) {
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
@@ -3,17 +3,18 @@
|
||||
use MintyPHP\Buffer;
|
||||
use MintyPHP\Http\SessionStoreInterface;
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Session;
|
||||
use MintyPHP\Support\Flash;
|
||||
use MintyPHP\Support\Guard;
|
||||
|
||||
$session = app(SessionStoreInterface::class)->all();
|
||||
Guard::requireLogin();
|
||||
Guard::requireAbility(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_JOBS_VIEW);
|
||||
$request = requestInput();
|
||||
|
||||
$scheduledJobService = app(\MintyPHP\Service\Scheduler\ScheduledJobService::class);
|
||||
|
||||
$jobId = (int) ($id ?? 0);
|
||||
$editTarget = "admin/scheduled-jobs/edit/$jobId";
|
||||
$job = $jobId > 0 ? $scheduledJobService->find($jobId) : null;
|
||||
if (!$job) {
|
||||
Flash::error(t('Scheduled job not found'), 'admin/scheduled-jobs', 'scheduled_job_not_found');
|
||||
@@ -47,22 +48,22 @@ if (!$isRegistered) {
|
||||
$errorBag->addGlobal(t('This scheduled job is no longer registered and cannot be edited. It has been superseded by a newer version.'));
|
||||
}
|
||||
|
||||
if (requestInput()->method() === 'POST') {
|
||||
if ($request->isMethod('POST')) {
|
||||
if (!$canManage) {
|
||||
Guard::deny();
|
||||
}
|
||||
|
||||
if (!Session::checkCsrfToken()) {
|
||||
if (!actionRequireCsrf($editTarget, flashOnFailure: false, redirectOnFailure: false)) {
|
||||
$errorBag->addGlobal(t('Form expired, please try again'));
|
||||
}
|
||||
|
||||
if (!$errorBag->hasAny()) {
|
||||
$saved = $scheduledJobService->updateFromAdmin($jobId, requestInput()->bodyAll());
|
||||
$saved = $scheduledJobService->updateFromAdmin($jobId, $request->bodyAll());
|
||||
if (!($saved['ok'] ?? false)) {
|
||||
$errorBag->merge((array) ($saved['errors'] ?? [t('Scheduled job could not be saved')]));
|
||||
$form = array_merge($form, (array) ($saved['form'] ?? []));
|
||||
} else {
|
||||
Flash::success(t('Scheduled job saved'), "admin/scheduled-jobs/edit/$jobId", 'scheduled_job_saved');
|
||||
Flash::success(t('Scheduled job saved'), $editTarget, 'scheduled_job_saved');
|
||||
$job = $saved['job'] ?? $job;
|
||||
$form = [
|
||||
'enabled' => (int) ($job['enabled'] ?? 0),
|
||||
|
||||
@@ -1,21 +1,18 @@
|
||||
<?php
|
||||
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Session;
|
||||
use MintyPHP\Support\Flash;
|
||||
use MintyPHP\Support\Guard;
|
||||
|
||||
Guard::requireLogin();
|
||||
Guard::requireAbility(\MintyPHP\Service\Access\SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_UPDATE);
|
||||
|
||||
if (strtoupper((string) (requestInput()->method())) !== 'POST') {
|
||||
Router::redirect('admin/scheduled-jobs');
|
||||
if (!actionRequirePost('admin/scheduled-jobs')) {
|
||||
return;
|
||||
}
|
||||
$errorBag = formErrors();
|
||||
if (!Session::checkCsrfToken()) {
|
||||
$errorBag->addGlobal(t('Form expired, please try again'));
|
||||
flashFormErrors($errorBag, 'admin/scheduled-jobs', 'scheduled_job_purge');
|
||||
Router::redirect('admin/scheduled-jobs');
|
||||
|
||||
if (!actionRequireCsrf('admin/scheduled-jobs', 'admin/scheduled-jobs', 'scheduled_job_purge')) {
|
||||
return;
|
||||
}
|
||||
|
||||
$deleted = app(\MintyPHP\Service\Scheduler\ScheduledJobService::class)->purgeRunsExpired();
|
||||
|
||||
@@ -4,7 +4,6 @@ use MintyPHP\Domain\Taxonomy\ScheduledJobRunStatus;
|
||||
use MintyPHP\Domain\Taxonomy\SchedulerRuntimeResult;
|
||||
use MintyPHP\Http\SessionStoreInterface;
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Session;
|
||||
use MintyPHP\Support\Flash;
|
||||
use MintyPHP\Support\Guard;
|
||||
|
||||
@@ -13,16 +12,16 @@ Guard::requireLogin();
|
||||
Guard::requireAbility(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_JOBS_RUN_NOW);
|
||||
|
||||
$jobId = (int) ($id ?? 0);
|
||||
if (strtoupper((string) (requestInput()->method())) !== 'POST') {
|
||||
Router::redirect("admin/scheduled-jobs/edit/$jobId");
|
||||
}
|
||||
$errorBag = formErrors();
|
||||
if (!Session::checkCsrfToken()) {
|
||||
$errorBag->addGlobal(t('Form expired, please try again'));
|
||||
flashFormErrors($errorBag, "admin/scheduled-jobs/edit/$jobId", 'scheduled_job_run');
|
||||
Router::redirect("admin/scheduled-jobs/edit/$jobId");
|
||||
$redirectTarget = "admin/scheduled-jobs/edit/$jobId";
|
||||
if (!actionRequirePost($redirectTarget)) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (!actionRequireCsrf($redirectTarget, $redirectTarget, 'scheduled_job_run')) {
|
||||
return;
|
||||
}
|
||||
|
||||
$errorBag = formErrors();
|
||||
$result = app(\MintyPHP\Service\Scheduler\SchedulerRunService::class)->runJobNow($jobId, (int) ($session['user']['id'] ?? 0));
|
||||
if (!($result['ok'] ?? false)) {
|
||||
$error = (string) ($result['error'] ?? '');
|
||||
|
||||
@@ -3,7 +3,6 @@
|
||||
use MintyPHP\Http\SessionStoreInterface;
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Service\Access\SettingsAuthorizationPolicy;
|
||||
use MintyPHP\Session;
|
||||
use MintyPHP\Support\Flash;
|
||||
use MintyPHP\Support\Guard;
|
||||
|
||||
@@ -19,15 +18,12 @@ if (!$decision->isAllowed()) {
|
||||
Guard::deny();
|
||||
}
|
||||
|
||||
if (requestInput()->method() !== 'POST') {
|
||||
Router::redirect('admin/settings');
|
||||
if (!actionRequirePost('admin/settings')) {
|
||||
return;
|
||||
}
|
||||
|
||||
$errorBag = formErrors();
|
||||
if (!Session::checkCsrfToken()) {
|
||||
$errorBag->addGlobal(t('Form expired, please try again'));
|
||||
flashFormErrors($errorBag, 'admin/settings', 'settings_tokens_expire');
|
||||
Router::redirect('admin/settings');
|
||||
if (!actionRequireCsrf('admin/settings', 'admin/settings', 'settings_tokens_expire')) {
|
||||
return;
|
||||
}
|
||||
|
||||
$rememberMeService = app(\MintyPHP\Service\Auth\RememberMeService::class);
|
||||
|
||||
@@ -5,7 +5,6 @@ use MintyPHP\Http\SessionStoreInterface;
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Service\Access\SettingsAuthorizationPolicy;
|
||||
use MintyPHP\Service\Settings\AdminSettingsService;
|
||||
use MintyPHP\Session;
|
||||
use MintyPHP\Support\Flash;
|
||||
use MintyPHP\Support\Guard;
|
||||
|
||||
@@ -34,9 +33,7 @@ $settings = is_array($pageData['settings'] ?? null) ? $pageData['settings'] : []
|
||||
$activeLoginTokens = (int) ($pageData['active_login_tokens'] ?? 0);
|
||||
$activeApiTokens = (int) ($pageData['active_api_tokens'] ?? 0);
|
||||
|
||||
if ($request->isMethod('POST') && !Session::checkCsrfToken()) {
|
||||
Flash::error(t('Form expired, please try again'), 'admin/settings', 'csrf_expired');
|
||||
Router::redirect('admin/settings');
|
||||
if ($request->isMethod('POST') && !actionRequireCsrf('admin/settings', 'admin/settings', 'csrf_expired')) {
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
@@ -3,7 +3,6 @@
|
||||
use MintyPHP\Http\SessionStoreInterface;
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Service\Access\SettingsAuthorizationPolicy;
|
||||
use MintyPHP\Session;
|
||||
use MintyPHP\Support\Flash;
|
||||
use MintyPHP\Support\Guard;
|
||||
|
||||
@@ -19,15 +18,12 @@ if (!$decision->isAllowed()) {
|
||||
Guard::deny();
|
||||
}
|
||||
|
||||
if (requestInput()->method() !== 'POST') {
|
||||
Router::redirect('admin/settings');
|
||||
if (!actionRequirePost('admin/settings')) {
|
||||
return;
|
||||
}
|
||||
|
||||
$errorBag = formErrors();
|
||||
if (!Session::checkCsrfToken()) {
|
||||
$errorBag->addGlobal(t('Form expired, please try again'));
|
||||
flashFormErrors($errorBag, 'admin/settings', 'settings_tokens_revoke');
|
||||
Router::redirect('admin/settings');
|
||||
if (!actionRequireCsrf('admin/settings', 'admin/settings', 'settings_tokens_revoke')) {
|
||||
return;
|
||||
}
|
||||
|
||||
$apiTokenService = app(\MintyPHP\Service\Auth\ApiTokenService::class);
|
||||
|
||||
@@ -4,7 +4,6 @@ use MintyPHP\Buffer;
|
||||
use MintyPHP\Http\SessionStoreInterface;
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Service\Access\TenantAuthorizationPolicy;
|
||||
use MintyPHP\Session;
|
||||
use MintyPHP\Support\Flash;
|
||||
use MintyPHP\Support\Guard;
|
||||
|
||||
@@ -56,9 +55,7 @@ $form = [
|
||||
];
|
||||
$ssoUiState = $canManageSso ? $tenantSsoService->buildMicrosoftUiState(0, $form) : [];
|
||||
|
||||
if ($request->isMethod('POST') && !Session::checkCsrfToken()) {
|
||||
Flash::error(t('Form expired, please try again'), $createTarget, 'csrf_expired');
|
||||
Router::redirect($createTarget);
|
||||
if ($request->isMethod('POST') && !actionRequireCsrf($createTarget, $createTarget, 'csrf_expired')) {
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
@@ -4,7 +4,6 @@ use MintyPHP\Http\SessionStoreInterface;
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Service\Access\TenantAuthorizationPolicy;
|
||||
use MintyPHP\Service\CustomField\TenantCustomFieldService;
|
||||
use MintyPHP\Session;
|
||||
use MintyPHP\Support\Flash;
|
||||
use MintyPHP\Support\Guard;
|
||||
|
||||
@@ -35,13 +34,11 @@ if (!$decision->isAllowed()) {
|
||||
|
||||
$flashScope = 'admin/tenants/edit/' . $tenantUuid;
|
||||
$redirect = $flashScope . '?tab=custom_fields';
|
||||
if (!$request->isMethod('POST')) {
|
||||
Router::redirect($redirect);
|
||||
if (!actionRequirePost($redirect)) {
|
||||
return;
|
||||
}
|
||||
if (!Session::checkCsrfToken()) {
|
||||
Flash::error(t('Form expired, please try again'), $flashScope, 'tenant_custom_fields_csrf');
|
||||
Router::redirect($redirect);
|
||||
|
||||
if (!actionRequireCsrf($redirect, $flashScope, 'tenant_custom_fields_csrf')) {
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
@@ -4,7 +4,6 @@ use MintyPHP\Http\SessionStoreInterface;
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Service\Access\TenantAuthorizationPolicy;
|
||||
use MintyPHP\Service\CustomField\TenantCustomFieldService;
|
||||
use MintyPHP\Session;
|
||||
use MintyPHP\Support\Flash;
|
||||
use MintyPHP\Support\Guard;
|
||||
|
||||
@@ -44,14 +43,11 @@ if ($tenantUuid === '') {
|
||||
|
||||
$flashScope = 'admin/tenants/edit/' . $tenantUuid;
|
||||
$redirect = $flashScope . '?tab=custom_fields';
|
||||
if ((requestInput()->method()) !== 'POST') {
|
||||
Router::redirect($redirect);
|
||||
if (!actionRequirePost($redirect)) {
|
||||
return;
|
||||
}
|
||||
if (!Session::checkCsrfToken()) {
|
||||
$errorBag->addGlobal(t('Form expired, please try again'));
|
||||
flashFormErrors($errorBag, $flashScope, 'tenant_custom_fields');
|
||||
Router::redirect($redirect);
|
||||
|
||||
if (!actionRequireCsrf($redirect, $flashScope, 'tenant_custom_fields')) {
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
@@ -4,7 +4,6 @@ use MintyPHP\Http\SessionStoreInterface;
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Service\Access\TenantAuthorizationPolicy;
|
||||
use MintyPHP\Service\CustomField\TenantCustomFieldService;
|
||||
use MintyPHP\Session;
|
||||
use MintyPHP\Support\Flash;
|
||||
use MintyPHP\Support\Guard;
|
||||
|
||||
@@ -42,13 +41,11 @@ if ($tenantUuid === '') {
|
||||
|
||||
$flashScope = 'admin/tenants/edit/' . $tenantUuid;
|
||||
$redirect = $flashScope . '?tab=custom_fields';
|
||||
if (!$request->isMethod('POST')) {
|
||||
Router::redirect($redirect);
|
||||
if (!actionRequirePost($redirect)) {
|
||||
return;
|
||||
}
|
||||
if (!Session::checkCsrfToken()) {
|
||||
Flash::error(t('Form expired, please try again'), $flashScope, 'tenant_custom_fields_csrf');
|
||||
Router::redirect($redirect);
|
||||
|
||||
if (!actionRequireCsrf($redirect, $flashScope, 'tenant_custom_fields_csrf')) {
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
@@ -5,7 +5,6 @@ use MintyPHP\Http\SessionStoreInterface;
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Service\Access\TenantAuthorizationPolicy;
|
||||
use MintyPHP\Service\CustomField\TenantCustomFieldService;
|
||||
use MintyPHP\Session;
|
||||
use MintyPHP\Support\Flash;
|
||||
use MintyPHP\Support\Guard;
|
||||
|
||||
@@ -77,9 +76,7 @@ $form = array_merge($tenant, $ssoConfig);
|
||||
$form['microsoft_enabled'] = $ssoConfig['enabled'] ?? false;
|
||||
$form['ldap_enabled'] = $ldapConfig['enabled'] ?? false;
|
||||
|
||||
if ($request->isMethod('POST') && !Session::checkCsrfToken()) {
|
||||
Flash::error(t('Form expired, please try again'), $editTarget, 'csrf_expired');
|
||||
Router::redirect($editTarget);
|
||||
if ($request->isMethod('POST') && !actionRequireCsrf($editTarget, $editTarget, 'csrf_expired')) {
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
@@ -4,7 +4,6 @@ use MintyPHP\Http\SessionStoreInterface;
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Service\Access\UserAuthorizationPolicy;
|
||||
use MintyPHP\Service\User\UserAccessPdfService;
|
||||
use MintyPHP\Session;
|
||||
use MintyPHP\Support\Guard;
|
||||
|
||||
$session = app(SessionStoreInterface::class)->all();
|
||||
@@ -15,22 +14,20 @@ Guard::requireLogin();
|
||||
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
|
||||
$userAccountService = app(\MintyPHP\Service\User\UserAccountService::class);
|
||||
$userAccessPdfService = app(UserAccessPdfService::class);
|
||||
$request = requestInput();
|
||||
$errorBag = formErrors();
|
||||
|
||||
// Support both route param and POSTed uuid (POST avoids exposing uuid in URL/history).
|
||||
$uuid = trim((string) ($id ?? ''));
|
||||
if ($uuid === '' && strtoupper((string) (requestInput()->method())) === 'POST') {
|
||||
if (!Session::checkCsrfToken()) {
|
||||
$errorBag->addGlobal(t('Form expired, please try again'));
|
||||
flashFormErrors($errorBag, 'admin/users', 'users_access_pdf');
|
||||
Router::redirect('admin/users');
|
||||
if ($uuid === '' && $request->isMethod('POST')) {
|
||||
if (!actionRequireCsrf('admin/users', 'admin/users', 'users_access_pdf')) {
|
||||
return;
|
||||
}
|
||||
$uuid = trim((string) (requestInput()->bodyAll()['uuid'] ?? ''));
|
||||
$uuid = trim((string) ($request->bodyAll()['uuid'] ?? ''));
|
||||
}
|
||||
$user = $uuid !== '' ? $userAccountService->findByUuid($uuid) : null;
|
||||
if (!$user) {
|
||||
if (strtoupper((string) (requestInput()->method())) === 'POST') {
|
||||
if ($request->isMethod('POST')) {
|
||||
$errorBag->addGlobal(t('User not found'));
|
||||
flashFormErrors($errorBag, 'admin/users', 'users_access_pdf');
|
||||
Router::redirect('admin/users');
|
||||
|
||||
@@ -4,8 +4,6 @@ use MintyPHP\Http\SessionStoreInterface;
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Service\Access\UserAuthorizationPolicy;
|
||||
use MintyPHP\Service\User\UserAccessPdfService;
|
||||
use MintyPHP\Session;
|
||||
use MintyPHP\Support\Flash;
|
||||
use MintyPHP\Support\Guard;
|
||||
|
||||
$session = app(SessionStoreInterface::class)->all();
|
||||
@@ -24,14 +22,11 @@ if (!$decision->isAllowed()) {
|
||||
$userAccountService = app(\MintyPHP\Service\User\UserAccountService::class);
|
||||
$userAccessPdfService = app(UserAccessPdfService::class);
|
||||
|
||||
if (strtoupper((string) (requestInput()->method())) !== 'POST') {
|
||||
Router::redirect('admin/users');
|
||||
if (!actionRequirePost('admin/users')) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (!Session::checkCsrfToken()) {
|
||||
Flash::error(t('Form expired, please try again'), 'admin/users', 'csrf_expired');
|
||||
Router::redirect('admin/users');
|
||||
if (!actionRequireCsrf('admin/users', 'admin/users', 'csrf_expired')) {
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
@@ -8,7 +8,6 @@ use MintyPHP\Repository\Auth\RememberTokenRepository;
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Service\Access\UserAuthorizationPolicy;
|
||||
use MintyPHP\Service\CustomField\UserCustomFieldValueService;
|
||||
use MintyPHP\Session;
|
||||
use MintyPHP\Support\Flash;
|
||||
use MintyPHP\Support\Guard;
|
||||
|
||||
@@ -155,9 +154,7 @@ if ($canViewSecurityArtifacts) {
|
||||
$canManageApiTokens = $canManageApiTokens && $canViewSecurityArtifacts;
|
||||
$showApiTokens = $canViewSecurityArtifacts;
|
||||
|
||||
if ($request->isMethod('POST') && !Session::checkCsrfToken()) {
|
||||
Flash::error(t('Form expired, please try again'), $editTarget, 'csrf_expired');
|
||||
Router::redirect($editTarget);
|
||||
if ($request->isMethod('POST') && !actionRequireCsrf($editTarget, $editTarget, 'csrf_expired')) {
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user