Merge pull request #1250 from City-of-Helsinki/TILA-2698

TILA-2698 use csrf token in auth path
City-of-Helsinki · Jun 27, 2023 · 3443e58 · 3443e58
2 parents db97f64 + 0730b51
commit 3443e58
Show file tree

Hide file tree

Showing 7 changed files with 81 additions and 9 deletions.
diff --git a/app/pages/user-reservations/__tests__/UserReservationsPage.test.js b/app/pages/user-reservations/__tests__/UserReservationsPage.test.js
@@ -11,7 +11,7 @@ describe('pages/user-reservations/UserReservationsPage', () => {
       search: '',
     },
     history: {
-      push: () => {},
+      push: () => { },
     },
     t: path => path,
     reduxReservations: {},
@@ -73,7 +73,7 @@ describe('pages/user-reservations/UserReservationsPage', () => {
   describe('tabs', () => {
     const findTabs = wrapper => wrapper.find('[role="tab"]');
     const findUpcomingTab = wrapper => findTabs(wrapper).at(0);
-    const findPastTab = wrapper => findTabs(wrapper).at(1);
+    // const findPastTab = wrapper => findTabs(wrapper).at(1);
 
     test('should render upcoming and past tabs', () => {
       expect(findTabs(getWrapper()).length).toEqual(2);

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "varaamo",
-  "version": "0.12.9",
+  "version": "0.12.10",
   "repository": {
     "type": "git",
     "url": "https://github.com/City-of-Helsinki/varaamo"

diff --git a/server/auth/configurePassport.js b/server/auth/configurePassport.js
@@ -11,6 +11,7 @@ function configurePassport() {
       clientSecret: settings.CLIENT_SECRET,
       callbackURL: settings.LOGIN_CALLBACK_URL,
       proxy: Boolean(settings.PROXY),
+      state: true,
     },
     (accessToken, refreshToken, profile, cb) => {
       helsinkiStrategy.getAPIToken(accessToken, settings.TARGET_APP, (token) => {

diff --git a/src/domain/about/AboutPage.js b/src/domain/about/AboutPage.js
@@ -9,8 +9,11 @@ import injectT from '../../../app/i18n/injectT';
 import { getCurrentCustomization } from '../../../app/utils/customizationUtils';
 
 function AboutPage({ t }) {
-  const city = getCurrentCustomization() ? getCurrentCustomization().toLowerCase() : 'default';
   // TODO: Remove me along with getCurrentCustomization stuff.
+  const city = getCurrentCustomization() ? getCurrentCustomization().toLowerCase() : 'default';
+
+  // eslint-disable-next-line max-len
+  const registerLink = 'https://www.hel.fi/static/liitteet-2019/Kaupunginkanslia/Rekisteriselosteet/Kuva/Tilanvaraus-%20ja%20tietokantarekisteri,%20Varaamo%20ja%20Respa.pdf';
 
   return (
     <PageWrapper className="about-page" title={t('AboutPage.title')}>
@@ -38,7 +41,7 @@ function AboutPage({ t }) {
         <h3>{t('AboutPageContent.customerRegisterHeader')}</h3>
         <p>
           {t('AboutPageContent.customerRegisterParagraph')}
-          <a href="https://www.hel.fi/static/liitteet-2019/Kaupunginkanslia/Rekisteriselosteet/Kuva/Tilanvaraus-%20ja%20tietokantarekisteri,%20Varaamo%20ja%20Respa.pdf">
+          <a href={registerLink}>
             {t('AboutPageContent.customerRegisterLink')}
           </a>
         </p>

diff --git a/src/domain/footer/__tests__/__snapshots__/Footer.test.js.snap b/src/domain/footer/__tests__/__snapshots__/Footer.test.js.snap
@@ -56,7 +56,7 @@ exports[`domain/footer/Footer When there is no customization in use renders corr
           <span
             className="app-varaamo-version"
           >
-            v0.12.9
+            v0.12.10
           </span>
         </div>
       </Col>
@@ -121,7 +121,7 @@ exports[`domain/footer/Footer renders correctly 1`] = `
           <span
             className="app-varaamo-version"
           >
-            v0.12.9
+            v0.12.10
           </span>
         </div>
       </Col>

diff --git a/src/domain/reservation/modal/__tests__/ReservationInfomationModal.test.js b/src/domain/reservation/modal/__tests__/ReservationInfomationModal.test.js
@@ -53,6 +53,7 @@ describe('ReservationInformationModal', () => {
   });
 
   describe('refund policy', () => {
+    // eslint-disable-next-line max-len
     test('rendered when resource is not null, when user is admin, when reservation is not a staff event and when the reservation has a price', () => {
       const getRefundPolicy = (wrapper) => {
         return wrapper.find({ id: 'refund-policy' });

diff --git a/yarn.lock b/yarn.lock
@@ -3466,6 +3466,11 @@ [email protected]:
   resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.3.1.tgz#e7e0a1f9ef43b4c8ba925c5c5a96e806d16873bb"
   integrity sha1-5+Ch+e9DtMi6klxcWpboBtFoc7s=
 
+[email protected]:
+  version "0.4.0"
+  resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.4.0.tgz#beb437e7022b3b6d49019d088665303ebe9c14ba"
+  integrity sha512-+Hp8fLp57wnUSt0tY0tHEXh4voZRDnoIrZPqlo3DPiI4y9lwg/jqx+1Om94/W6ZaPDOUbnjOt/99w66zk+l1Xg==
+
 [email protected]:
   version "0.7.3"
   resolved "https://registry.yarnpkg.com/cookies/-/cookies-0.7.3.tgz#7912ce21fbf2e8c2da70cf1c3f351aecf59dadfa"
@@ -3608,6 +3613,15 @@ crypto-browserify@^3.11.0:
     randombytes "^2.0.0"
     randomfill "^1.0.3"
 
+[email protected]:
+  version "3.1.0"
+  resolved "https://registry.yarnpkg.com/csrf/-/csrf-3.1.0.tgz#ec75e9656d004d674b8ef5ba47b41fbfd6cb9c30"
+  integrity sha512-uTqEnCvWRk042asU6JtapDTcJeeailFy4ydOQS28bj1hcLnYRiqi8SsD2jS412AY1I/4qdOwWZun774iqywf9w==
+  dependencies:
+    rndm "1.2.0"
+    tsscmp "1.0.6"
+    uid-safe "2.1.5"
+
 css-animation@^1.3.2:
   version "1.6.1"
   resolved "https://registry.yarnpkg.com/css-animation/-/css-animation-1.6.1.tgz#162064a3b0d51f958b7ff37b3d6d4de18e17039e"
@@ -3685,6 +3699,16 @@ csstype@^2.5.7:
   resolved "https://registry.yarnpkg.com/csstype/-/csstype-2.6.18.tgz#980a8b53085f34af313410af064f2bd241784218"
   integrity sha512-RSU6Hyeg14am3Ah4VZEmeX8H7kLwEEirXe6aU2IPfKNvhXwTflK5HQRDNI0ypQXoqmm+QPyG2IaPuQE5zMwSIQ==
 
+csurf@^1.11.0:
+  version "1.11.0"
+  resolved "https://registry.yarnpkg.com/csurf/-/csurf-1.11.0.tgz#ab0c3c6634634192bd3d6f4b861be20800eeb61a"
+  integrity sha512-UCtehyEExKTxgiu8UHdGvHj4tnpE/Qctue03Giq5gPgMQ9cg/ciod5blZQ5a4uCEenNQjxyGuzygLdKUmee/bQ==
+  dependencies:
+    cookie "0.4.0"
+    cookie-signature "1.0.6"
+    csrf "3.1.0"
+    http-errors "~1.7.3"
+
 cyclist@^1.0.1:
   version "1.0.1"
   resolved "https://registry.yarnpkg.com/cyclist/-/cyclist-1.0.1.tgz#596e9698fd0c80e12038c2b82d6eb1b35b6224d9"
@@ -5422,6 +5446,17 @@ [email protected], http-errors@~1.6.2, http-errors@~1.6.3:
     setprototypeof "1.1.0"
     statuses ">= 1.4.0 < 2"
 
+http-errors@~1.7.3:
+  version "1.7.3"
+  resolved "https://registry.yarnpkg.com/http-errors/-/http-errors-1.7.3.tgz#6c619e4f9c60308c38519498c14fbb10aacebb06"
+  integrity sha512-ZTTX0MWrsQ2ZAhA1cejAwDLycFsd7I7nVtnkT3Ol0aqodaKW+0CTZDQ1uBv5whptCnc8e8HeRRJxRs0kmm/Qfw==
+  dependencies:
+    depd "~1.1.2"
+    inherits "2.0.4"
+    setprototypeof "1.1.1"
+    statuses ">= 1.5.0 < 2"
+    toidentifier "1.0.0"
+
 http-parser-js@>=0.5.1:
   version "0.5.3"
   resolved "https://registry.yarnpkg.com/http-parser-js/-/http-parser-js-0.5.3.tgz#01d2709c79d41698bb01d4decc5e9da4e4a033d9"
@@ -5605,7 +5640,7 @@ inflight@^1.0.4:
     once "^1.3.0"
     wrappy "1"
 
-inherits@2, inherits@^2.0.1, inherits@^2.0.3, inherits@^2.0.4, inherits@~2.0.1, inherits@~2.0.3:
+inherits@2, inherits@2.0.4, inherits@^2.0.1, inherits@^2.0.3, inherits@^2.0.4, inherits@~2.0.1, inherits@~2.0.3:
   version "2.0.4"
   resolved "https://registry.yarnpkg.com/inherits/-/inherits-2.0.4.tgz#0fa2c64f932917c3433a0ded55363aae37416b7c"
   integrity sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==
@@ -8305,6 +8340,11 @@ [email protected]:
     discontinuous-range "1.0.0"
     ret "~0.1.10"
 
+random-bytes@~1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/random-bytes/-/random-bytes-1.0.0.tgz#4f68a1dc0ae58bd3fb95848c30324db75d64360b"
+  integrity sha512-iv7LhNVO047HzYR3InF6pUcUsPQiHTM1Qal51DcGSuZFBil1aBBWG5eHPNek7bvILMaYJ/8RU1e8w1AMdHmLQQ==
+
 randombytes@^2.0.0, randombytes@^2.0.1, randombytes@^2.0.5, randombytes@^2.1.0:
   version "2.1.0"
   resolved "https://registry.yarnpkg.com/randombytes/-/randombytes-2.1.0.tgz#df6f84372f0270dc65cdf6291349ab7a473d4f2a"
@@ -9154,6 +9194,11 @@ ripemd160@^2.0.0, ripemd160@^2.0.1:
     hash-base "^3.0.0"
     inherits "^2.0.1"
 
+[email protected]:
+  version "1.2.0"
+  resolved "https://registry.yarnpkg.com/rndm/-/rndm-1.2.0.tgz#f33fe9cfb52bbfd520aa18323bc65db110a1b76c"
+  integrity sha512-fJhQQI5tLrQvYIYFpOnFinzv9dwmR7hRnUz1XqP3OJ1jIweTNOd6aTO4jwQSgcBSFUB+/KHJxuGneime+FdzOw==
+
 [email protected]:
   version "1.6.0"
   resolved "https://registry.yarnpkg.com/rosie/-/rosie-1.6.0.tgz#bc0ef64cd401d00794450d5792c0276e226b6ab0"
@@ -9383,6 +9428,11 @@ [email protected]:
   resolved "https://registry.yarnpkg.com/setprototypeof/-/setprototypeof-1.1.0.tgz#d0bd85536887b6fe7c0d818cb962d9d91c54e656"
   integrity sha512-BvE/TwpZX4FXExxOxZyRGQQv651MSwmWKZGqvmPcRIjDqWub67kTKuIMx43cZZrS/cBBzwBcNDWoFxt2XEFIpQ==
 
+[email protected]:
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/setprototypeof/-/setprototypeof-1.1.1.tgz#7e95acb24aa92f5885e0abef5ba131330d4ae683"
+  integrity sha512-JvdAWfbXeIGaZ9cILp38HntZSFSo3mWg6xGcJJsd+d4aRMOqauag1C63dJfDw7OaMYwEbHMOxEZ1lqVRYP2OAw==
+
 sha.js@^2.4.0, sha.js@^2.4.8:
   version "2.4.11"
   resolved "https://registry.yarnpkg.com/sha.js/-/sha.js-2.4.11.tgz#37a5cf0b81ecbc6943de109ba2960d1b26584ae7"
@@ -9635,7 +9685,7 @@ static-extend@^0.1.1:
     define-property "^0.2.5"
     object-copy "^0.1.0"
 
-"statuses@>= 1.4.0 < 2":
+"statuses@>= 1.4.0 < 2", "statuses@>= 1.5.0 < 2":
   version "1.5.0"
   resolved "https://registry.yarnpkg.com/statuses/-/statuses-1.5.0.tgz#161c7dac177659fd9811f43771fa99381478628c"
   integrity sha1-Fhx9rBd2Wf2YEfQ3cfqZOBR4Yow=
@@ -10083,6 +10133,11 @@ to-space-case@^1.0.0:
   dependencies:
     to-no-case "^1.0.0"
 
+[email protected]:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/toidentifier/-/toidentifier-1.0.0.tgz#7e1be3470f1e77948bc43d94a3c8f4d7752ba553"
+  integrity sha512-yaOH/Pk/VEhBWWTlhI+qXxDFXlejDGcQipMlyxda9nthulaxLZUNcUqFxokp0vcYnvteJln5FNQDRrxj3YcbVw==
+
 toposort@^1.0.0:
   version "1.0.7"
   resolved "https://registry.yarnpkg.com/toposort/-/toposort-1.0.7.tgz#2e68442d9f64ec720b8cc89e6443ac6caa950029"
@@ -10125,6 +10180,11 @@ tslib@^2.2.0:
   resolved "https://registry.yarnpkg.com/tslib/-/tslib-2.3.1.tgz#e8a335add5ceae51aa261d32a490158ef042ef01"
   integrity sha512-77EbyPPpMz+FRFRuAFlWMtmgUWGe9UOG2Z25NqCwiIjRhOf5iKGuzSe5P2w1laq+FkRy4p+PCuVkJSGkzTEKVw==
 
+[email protected]:
+  version "1.0.6"
+  resolved "https://registry.yarnpkg.com/tsscmp/-/tsscmp-1.0.6.tgz#85b99583ac3589ec4bfef825b5000aa911d605eb"
+  integrity sha512-LxhtAkPDTkVCMQjt2h6eBVY28KCjikZqZfMcC15YBeNjkgUpdCfBu5HoiOTDu86v6smE8yOjyEktJ8hlbANHQA==
+
 [email protected]:
   version "0.0.0"
   resolved "https://registry.yarnpkg.com/tty-browserify/-/tty-browserify-0.0.0.tgz#a157ba402da24e9bf957f9aa69d524eed42901a6"
@@ -10178,6 +10238,13 @@ [email protected]:
     commander "~2.19.0"
     source-map "~0.6.1"
 
+[email protected]:
+  version "2.1.5"
+  resolved "https://registry.yarnpkg.com/uid-safe/-/uid-safe-2.1.5.tgz#2b3d5c7240e8fc2e58f8aa269e5ee49c0857bd3a"
+  integrity sha512-KPHm4VL5dDXKz01UuEd88Df+KzynaohSL9fBh096KWAxSKZQDI2uBrVqtvRM4rwrIrRRKsdLNML/lnaaVSRioA==
+  dependencies:
+    random-bytes "~1.0.0"
+
 [email protected]:
   version "0.0.4"
   resolved "https://registry.yarnpkg.com/uid2/-/uid2-0.0.4.tgz#033f3b1d5d32505f5ce5f888b9f3b667123c0a44"
-Original file line number
+Diff line change
@@ Expand Up @@
               <span
                 className="app-varaamo-version"
               >
-                v0.12.9
+                v0.12.10
               </span>
             </div>
           </Col>
@@ Expand Down Expand Up / @@ -121,7 +121,7 @@ exports[`domain/footer/Footer renders correctly 1`] = ` @@
               <span
                 className="app-varaamo-version"
               >
-                v0.12.9
+                v0.12.10
               </span>
             </div>
           </Col>
@@ Expand Down @@