From 85d67d299583947f97b23803f600653004350bc1 Mon Sep 17 00:00:00 2001 From: Mikko Sartanen Date: Mon, 26 Jun 2023 11:12:40 +0300 Subject: [PATCH 1/5] TILA-2698 cleanup lint errors --- src/domain/about/AboutPage.js | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/domain/about/AboutPage.js b/src/domain/about/AboutPage.js index e4c7dfd63..836996c8e 100644 --- a/src/domain/about/AboutPage.js +++ b/src/domain/about/AboutPage.js @@ -9,8 +9,11 @@ import injectT from '../../../app/i18n/injectT'; import { getCurrentCustomization } from '../../../app/utils/customizationUtils'; function AboutPage({ t }) { - const city = getCurrentCustomization() ? getCurrentCustomization().toLowerCase() : 'default'; // TODO: Remove me along with getCurrentCustomization stuff. + const city = getCurrentCustomization() ? getCurrentCustomization().toLowerCase() : 'default'; + + // eslint-disable-next-line max-len + const registerLink = 'https://www.hel.fi/static/liitteet-2019/Kaupunginkanslia/Rekisteriselosteet/Kuva/Tilanvaraus-%20ja%20tietokantarekisteri,%20Varaamo%20ja%20Respa.pdf'; return ( @@ -38,7 +41,7 @@ function AboutPage({ t }) {

{t('AboutPageContent.customerRegisterHeader')}

{t('AboutPageContent.customerRegisterParagraph')} - + {t('AboutPageContent.customerRegisterLink')}

From 95b15539fee02ecd64035031cba21f63beaeb33c Mon Sep 17 00:00:00 2001 From: Mikko Sartanen Date: Mon, 26 Jun 2023 11:13:55 +0300 Subject: [PATCH 2/5] TILA-2698 use csrf token in auth path --- package.json | 1 + server/auth/auth.js | 4 +++ yarn.lock | 71 +++++++++++++++++++++++++++++++++++++++++++-- 3 files changed, 74 insertions(+), 2 deletions(-) diff --git a/package.json b/package.json index e09b82134..7dd492b74 100644 --- a/package.json +++ b/package.json @@ -27,6 +27,7 @@ "bootstrap-sass": "3.4.1", "camelcase-keys-deep": "^0.1.0", "classnames": "2.2.5", + "csurf": "^1.11.0", "dotenv": "7.0.0", "dragscroll": "0.0.8", "enzyme-to-json": "^3.3.5", diff --git a/server/auth/auth.js b/server/auth/auth.js index caaa78576..c561f0476 100644 --- a/server/auth/auth.js +++ b/server/auth/auth.js @@ -3,6 +3,7 @@ import cookieParser from 'cookie-parser'; import cookieSession from 'cookie-session'; import express from 'express'; import nocache from 'nocache'; +import csurf from 'csurf'; import configurePassport from './configurePassport'; import getAuthState from './getAuthState'; @@ -24,6 +25,8 @@ router.use(cookieSession({ router.use(passport.initialize()); router.use(passport.session()); +router.use(csurf({ cookie: true })); + router.get('/auth', nocache(), (req, res) => { res.json(getAuthState(req)); }); @@ -36,6 +39,7 @@ router.get('/login', passport.authenticate('helsinki')); router.get('/login/helsinki/return', + csurf(), passport.authenticate('helsinki', { failureRedirect: '/login' }), (req, res) => { if (req.session.next) { diff --git a/yarn.lock b/yarn.lock index 77484e90d..1e5d47d2c 100644 --- a/yarn.lock +++ b/yarn.lock @@ -3466,6 +3466,11 @@ cookie@0.3.1: resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.3.1.tgz#e7e0a1f9ef43b4c8ba925c5c5a96e806d16873bb" integrity sha1-5+Ch+e9DtMi6klxcWpboBtFoc7s= +cookie@0.4.0: + version "0.4.0" + resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.4.0.tgz#beb437e7022b3b6d49019d088665303ebe9c14ba" + integrity sha512-+Hp8fLp57wnUSt0tY0tHEXh4voZRDnoIrZPqlo3DPiI4y9lwg/jqx+1Om94/W6ZaPDOUbnjOt/99w66zk+l1Xg== + cookies@0.7.3: version "0.7.3" resolved "https://registry.yarnpkg.com/cookies/-/cookies-0.7.3.tgz#7912ce21fbf2e8c2da70cf1c3f351aecf59dadfa" @@ -3608,6 +3613,15 @@ crypto-browserify@^3.11.0: randombytes "^2.0.0" randomfill "^1.0.3" +csrf@3.1.0: + version "3.1.0" + resolved "https://registry.yarnpkg.com/csrf/-/csrf-3.1.0.tgz#ec75e9656d004d674b8ef5ba47b41fbfd6cb9c30" + integrity sha512-uTqEnCvWRk042asU6JtapDTcJeeailFy4ydOQS28bj1hcLnYRiqi8SsD2jS412AY1I/4qdOwWZun774iqywf9w== + dependencies: + rndm "1.2.0" + tsscmp "1.0.6" + uid-safe "2.1.5" + css-animation@^1.3.2: version "1.6.1" resolved "https://registry.yarnpkg.com/css-animation/-/css-animation-1.6.1.tgz#162064a3b0d51f958b7ff37b3d6d4de18e17039e" @@ -3685,6 +3699,16 @@ csstype@^2.5.7: resolved "https://registry.yarnpkg.com/csstype/-/csstype-2.6.18.tgz#980a8b53085f34af313410af064f2bd241784218" integrity sha512-RSU6Hyeg14am3Ah4VZEmeX8H7kLwEEirXe6aU2IPfKNvhXwTflK5HQRDNI0ypQXoqmm+QPyG2IaPuQE5zMwSIQ== +csurf@^1.11.0: + version "1.11.0" + resolved "https://registry.yarnpkg.com/csurf/-/csurf-1.11.0.tgz#ab0c3c6634634192bd3d6f4b861be20800eeb61a" + integrity sha512-UCtehyEExKTxgiu8UHdGvHj4tnpE/Qctue03Giq5gPgMQ9cg/ciod5blZQ5a4uCEenNQjxyGuzygLdKUmee/bQ== + dependencies: + cookie "0.4.0" + cookie-signature "1.0.6" + csrf "3.1.0" + http-errors "~1.7.3" + cyclist@^1.0.1: version "1.0.1" resolved "https://registry.yarnpkg.com/cyclist/-/cyclist-1.0.1.tgz#596e9698fd0c80e12038c2b82d6eb1b35b6224d9" @@ -5422,6 +5446,17 @@ http-errors@1.6.3, http-errors@~1.6.2, http-errors@~1.6.3: setprototypeof "1.1.0" statuses ">= 1.4.0 < 2" +http-errors@~1.7.3: + version "1.7.3" + resolved "https://registry.yarnpkg.com/http-errors/-/http-errors-1.7.3.tgz#6c619e4f9c60308c38519498c14fbb10aacebb06" + integrity sha512-ZTTX0MWrsQ2ZAhA1cejAwDLycFsd7I7nVtnkT3Ol0aqodaKW+0CTZDQ1uBv5whptCnc8e8HeRRJxRs0kmm/Qfw== + dependencies: + depd "~1.1.2" + inherits "2.0.4" + setprototypeof "1.1.1" + statuses ">= 1.5.0 < 2" + toidentifier "1.0.0" + http-parser-js@>=0.5.1: version "0.5.3" resolved "https://registry.yarnpkg.com/http-parser-js/-/http-parser-js-0.5.3.tgz#01d2709c79d41698bb01d4decc5e9da4e4a033d9" @@ -5605,7 +5640,7 @@ inflight@^1.0.4: once "^1.3.0" wrappy "1" -inherits@2, inherits@^2.0.1, inherits@^2.0.3, inherits@^2.0.4, inherits@~2.0.1, inherits@~2.0.3: +inherits@2, inherits@2.0.4, inherits@^2.0.1, inherits@^2.0.3, inherits@^2.0.4, inherits@~2.0.1, inherits@~2.0.3: version "2.0.4" resolved "https://registry.yarnpkg.com/inherits/-/inherits-2.0.4.tgz#0fa2c64f932917c3433a0ded55363aae37416b7c" integrity sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ== @@ -8305,6 +8340,11 @@ randexp@0.4.6: discontinuous-range "1.0.0" ret "~0.1.10" +random-bytes@~1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/random-bytes/-/random-bytes-1.0.0.tgz#4f68a1dc0ae58bd3fb95848c30324db75d64360b" + integrity sha512-iv7LhNVO047HzYR3InF6pUcUsPQiHTM1Qal51DcGSuZFBil1aBBWG5eHPNek7bvILMaYJ/8RU1e8w1AMdHmLQQ== + randombytes@^2.0.0, randombytes@^2.0.1, randombytes@^2.0.5, randombytes@^2.1.0: version "2.1.0" resolved "https://registry.yarnpkg.com/randombytes/-/randombytes-2.1.0.tgz#df6f84372f0270dc65cdf6291349ab7a473d4f2a" @@ -9154,6 +9194,11 @@ ripemd160@^2.0.0, ripemd160@^2.0.1: hash-base "^3.0.0" inherits "^2.0.1" +rndm@1.2.0: + version "1.2.0" + resolved "https://registry.yarnpkg.com/rndm/-/rndm-1.2.0.tgz#f33fe9cfb52bbfd520aa18323bc65db110a1b76c" + integrity sha512-fJhQQI5tLrQvYIYFpOnFinzv9dwmR7hRnUz1XqP3OJ1jIweTNOd6aTO4jwQSgcBSFUB+/KHJxuGneime+FdzOw== + rosie@1.6.0: version "1.6.0" resolved "https://registry.yarnpkg.com/rosie/-/rosie-1.6.0.tgz#bc0ef64cd401d00794450d5792c0276e226b6ab0" @@ -9383,6 +9428,11 @@ setprototypeof@1.1.0: resolved "https://registry.yarnpkg.com/setprototypeof/-/setprototypeof-1.1.0.tgz#d0bd85536887b6fe7c0d818cb962d9d91c54e656" integrity sha512-BvE/TwpZX4FXExxOxZyRGQQv651MSwmWKZGqvmPcRIjDqWub67kTKuIMx43cZZrS/cBBzwBcNDWoFxt2XEFIpQ== +setprototypeof@1.1.1: + version "1.1.1" + resolved "https://registry.yarnpkg.com/setprototypeof/-/setprototypeof-1.1.1.tgz#7e95acb24aa92f5885e0abef5ba131330d4ae683" + integrity sha512-JvdAWfbXeIGaZ9cILp38HntZSFSo3mWg6xGcJJsd+d4aRMOqauag1C63dJfDw7OaMYwEbHMOxEZ1lqVRYP2OAw== + sha.js@^2.4.0, sha.js@^2.4.8: version "2.4.11" resolved "https://registry.yarnpkg.com/sha.js/-/sha.js-2.4.11.tgz#37a5cf0b81ecbc6943de109ba2960d1b26584ae7" @@ -9635,7 +9685,7 @@ static-extend@^0.1.1: define-property "^0.2.5" object-copy "^0.1.0" -"statuses@>= 1.4.0 < 2": +"statuses@>= 1.4.0 < 2", "statuses@>= 1.5.0 < 2": version "1.5.0" resolved "https://registry.yarnpkg.com/statuses/-/statuses-1.5.0.tgz#161c7dac177659fd9811f43771fa99381478628c" integrity sha1-Fhx9rBd2Wf2YEfQ3cfqZOBR4Yow= @@ -10083,6 +10133,11 @@ to-space-case@^1.0.0: dependencies: to-no-case "^1.0.0" +toidentifier@1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/toidentifier/-/toidentifier-1.0.0.tgz#7e1be3470f1e77948bc43d94a3c8f4d7752ba553" + integrity sha512-yaOH/Pk/VEhBWWTlhI+qXxDFXlejDGcQipMlyxda9nthulaxLZUNcUqFxokp0vcYnvteJln5FNQDRrxj3YcbVw== + toposort@^1.0.0: version "1.0.7" resolved "https://registry.yarnpkg.com/toposort/-/toposort-1.0.7.tgz#2e68442d9f64ec720b8cc89e6443ac6caa950029" @@ -10125,6 +10180,11 @@ tslib@^2.2.0: resolved "https://registry.yarnpkg.com/tslib/-/tslib-2.3.1.tgz#e8a335add5ceae51aa261d32a490158ef042ef01" integrity sha512-77EbyPPpMz+FRFRuAFlWMtmgUWGe9UOG2Z25NqCwiIjRhOf5iKGuzSe5P2w1laq+FkRy4p+PCuVkJSGkzTEKVw== +tsscmp@1.0.6: + version "1.0.6" + resolved "https://registry.yarnpkg.com/tsscmp/-/tsscmp-1.0.6.tgz#85b99583ac3589ec4bfef825b5000aa911d605eb" + integrity sha512-LxhtAkPDTkVCMQjt2h6eBVY28KCjikZqZfMcC15YBeNjkgUpdCfBu5HoiOTDu86v6smE8yOjyEktJ8hlbANHQA== + tty-browserify@0.0.0: version "0.0.0" resolved "https://registry.yarnpkg.com/tty-browserify/-/tty-browserify-0.0.0.tgz#a157ba402da24e9bf957f9aa69d524eed42901a6" @@ -10178,6 +10238,13 @@ uglify-js@3.4.x: commander "~2.19.0" source-map "~0.6.1" +uid-safe@2.1.5: + version "2.1.5" + resolved "https://registry.yarnpkg.com/uid-safe/-/uid-safe-2.1.5.tgz#2b3d5c7240e8fc2e58f8aa269e5ee49c0857bd3a" + integrity sha512-KPHm4VL5dDXKz01UuEd88Df+KzynaohSL9fBh096KWAxSKZQDI2uBrVqtvRM4rwrIrRRKsdLNML/lnaaVSRioA== + dependencies: + random-bytes "~1.0.0" + uid2@0.0.x: version "0.0.4" resolved "https://registry.yarnpkg.com/uid2/-/uid2-0.0.4.tgz#033f3b1d5d32505f5ce5f888b9f3b667123c0a44" From aa835fef0eefe5e302299d46d2f376623e47c8f4 Mon Sep 17 00:00:00 2001 From: Mikko Sartanen Date: Mon, 26 Jun 2023 11:15:00 +0300 Subject: [PATCH 3/5] TILA-2698 bump version --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 7dd492b74..4a7bd3795 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "varaamo", - "version": "0.12.9", + "version": "0.12.10", "repository": { "type": "git", "url": "https://github.com/City-of-Helsinki/varaamo" From 756f1239ef1f87e536ab8dc818eea69afd45869e Mon Sep 17 00:00:00 2001 From: Mikko Sartanen Date: Mon, 26 Jun 2023 11:25:22 +0300 Subject: [PATCH 4/5] TILA-2698 update snapshot --- src/domain/footer/__tests__/__snapshots__/Footer.test.js.snap | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/domain/footer/__tests__/__snapshots__/Footer.test.js.snap b/src/domain/footer/__tests__/__snapshots__/Footer.test.js.snap index fac6811ec..e44c6ad2f 100644 --- a/src/domain/footer/__tests__/__snapshots__/Footer.test.js.snap +++ b/src/domain/footer/__tests__/__snapshots__/Footer.test.js.snap @@ -56,7 +56,7 @@ exports[`domain/footer/Footer When there is no customization in use renders corr - v0.12.9 + v0.12.10 @@ -121,7 +121,7 @@ exports[`domain/footer/Footer renders correctly 1`] = ` - v0.12.9 + v0.12.10 From 0730b511b1ac51685252fe23fa84f1588483e002 Mon Sep 17 00:00:00 2001 From: Mikko Sartanen Date: Tue, 27 Jun 2023 13:56:19 +0300 Subject: [PATCH 5/5] TILA-2698 use passport state for csrf-check --- .../user-reservations/__tests__/UserReservationsPage.test.js | 4 ++-- package.json | 1 - server/auth/auth.js | 4 ---- server/auth/configurePassport.js | 1 + .../modal/__tests__/ReservationInfomationModal.test.js | 1 + 5 files changed, 4 insertions(+), 7 deletions(-) diff --git a/app/pages/user-reservations/__tests__/UserReservationsPage.test.js b/app/pages/user-reservations/__tests__/UserReservationsPage.test.js index 45cf17fd0..319753030 100644 --- a/app/pages/user-reservations/__tests__/UserReservationsPage.test.js +++ b/app/pages/user-reservations/__tests__/UserReservationsPage.test.js @@ -11,7 +11,7 @@ describe('pages/user-reservations/UserReservationsPage', () => { search: '', }, history: { - push: () => {}, + push: () => { }, }, t: path => path, reduxReservations: {}, @@ -73,7 +73,7 @@ describe('pages/user-reservations/UserReservationsPage', () => { describe('tabs', () => { const findTabs = wrapper => wrapper.find('[role="tab"]'); const findUpcomingTab = wrapper => findTabs(wrapper).at(0); - const findPastTab = wrapper => findTabs(wrapper).at(1); + // const findPastTab = wrapper => findTabs(wrapper).at(1); test('should render upcoming and past tabs', () => { expect(findTabs(getWrapper()).length).toEqual(2); diff --git a/package.json b/package.json index 4a7bd3795..6fb111201 100644 --- a/package.json +++ b/package.json @@ -27,7 +27,6 @@ "bootstrap-sass": "3.4.1", "camelcase-keys-deep": "^0.1.0", "classnames": "2.2.5", - "csurf": "^1.11.0", "dotenv": "7.0.0", "dragscroll": "0.0.8", "enzyme-to-json": "^3.3.5", diff --git a/server/auth/auth.js b/server/auth/auth.js index c561f0476..caaa78576 100644 --- a/server/auth/auth.js +++ b/server/auth/auth.js @@ -3,7 +3,6 @@ import cookieParser from 'cookie-parser'; import cookieSession from 'cookie-session'; import express from 'express'; import nocache from 'nocache'; -import csurf from 'csurf'; import configurePassport from './configurePassport'; import getAuthState from './getAuthState'; @@ -25,8 +24,6 @@ router.use(cookieSession({ router.use(passport.initialize()); router.use(passport.session()); -router.use(csurf({ cookie: true })); - router.get('/auth', nocache(), (req, res) => { res.json(getAuthState(req)); }); @@ -39,7 +36,6 @@ router.get('/login', passport.authenticate('helsinki')); router.get('/login/helsinki/return', - csurf(), passport.authenticate('helsinki', { failureRedirect: '/login' }), (req, res) => { if (req.session.next) { diff --git a/server/auth/configurePassport.js b/server/auth/configurePassport.js index dd2f5a89d..4b8a80b3e 100644 --- a/server/auth/configurePassport.js +++ b/server/auth/configurePassport.js @@ -11,6 +11,7 @@ function configurePassport() { clientSecret: settings.CLIENT_SECRET, callbackURL: settings.LOGIN_CALLBACK_URL, proxy: Boolean(settings.PROXY), + state: true, }, (accessToken, refreshToken, profile, cb) => { helsinkiStrategy.getAPIToken(accessToken, settings.TARGET_APP, (token) => { diff --git a/src/domain/reservation/modal/__tests__/ReservationInfomationModal.test.js b/src/domain/reservation/modal/__tests__/ReservationInfomationModal.test.js index 2cb137fef..3ad1a6f99 100644 --- a/src/domain/reservation/modal/__tests__/ReservationInfomationModal.test.js +++ b/src/domain/reservation/modal/__tests__/ReservationInfomationModal.test.js @@ -53,6 +53,7 @@ describe('ReservationInformationModal', () => { }); describe('refund policy', () => { + // eslint-disable-next-line max-len test('rendered when resource is not null, when user is admin, when reservation is not a staff event and when the reservation has a price', () => { const getRefundPolicy = (wrapper) => { return wrapper.find({ id: 'refund-policy' });