Use a TagHelperInitializer to set the Antiforgery attribute

DFE-Digital · Sep 28, 2023 · 0bfec26 · 0bfec26
1 parent 703019d
commit 0bfec26
Show file tree

Hide file tree

Showing 10 changed files with 31 additions and 66 deletions.
diff --git a/TeachingRecordSystem/src/TeachingRecordSystem.SupportUi/Pages/Cases/EditCase/Accept.cshtml b/TeachingRecordSystem/src/TeachingRecordSystem.SupportUi/Pages/Cases/EditCase/Accept.cshtml
@@ -11,7 +11,7 @@
 <div class="govuk-grid-row">
     <div class="govuk-grid-column-two-thirds-from-desktop">
         <h1 class="govuk-heading-l">@ViewBag.Title</h1>
-        <form action="@LinkGenerator.AcceptCase(Model.TicketNumber)" method="post" asp-antiforgery="true">
+        <form action="@LinkGenerator.AcceptCase(Model.TicketNumber)" method="post">
             <govuk-summary-list>
                 <govuk-summary-list-row>
                     <govuk-summary-list-row-key>Current</govuk-summary-list-row-key>

diff --git a/TeachingRecordSystem/src/TeachingRecordSystem.SupportUi/Pages/Cases/EditCase/Reject.cshtml b/TeachingRecordSystem/src/TeachingRecordSystem.SupportUi/Pages/Cases/EditCase/Reject.cshtml
@@ -12,7 +12,7 @@
 <div class="govuk-grid-row">
     <div class="govuk-grid-column-two-thirds-from-desktop">
         <h1 class="govuk-heading-l">@ViewBag.Title</h1>
-        <form action="@LinkGenerator.RejectCase(Model.TicketNumber)" method="post" asp-antiforgery="true">
+        <form action="@LinkGenerator.RejectCase(Model.TicketNumber)" method="post">
             <govuk-radios asp-for="RejectionReasonChoice">
                 <govuk-radios-fieldset>
                     <govuk-radios-fieldset-legend>

diff --git a/TeachingRecordSystem/src/TeachingRecordSystem.SupportUi/Pages/Persons/Index.cshtml b/TeachingRecordSystem/src/TeachingRecordSystem.SupportUi/Pages/Persons/Index.cshtml
@@ -10,7 +10,7 @@
 <div class="govuk-grid-row">
     <div class="govuk-grid-column-two-thirds-from-desktop">
         <div class="govuk-!-margin-bottom-6">
-            <form trs-action="l => l.Persons()" method="get" data-testid="search-form">
+            <form action="@LinkGenerator.Persons()" method="get" data-testid="search-form">
                 <div class="moj-search trs-search govuk-!-margin-bottom-4">
                     <govuk-input asp-for="Search"
                                  input-class="moj-search__input"

diff --git a/TeachingRecordSystem/src/TeachingRecordSystem.SupportUi/Pages/SignOut.cshtml b/TeachingRecordSystem/src/TeachingRecordSystem.SupportUi/Pages/SignOut.cshtml
@@ -1,4 +1,4 @@
-@page "/sign-out"
+@page "/sign-out"
 @addTagHelper *, Joonasw.AspNetCore.SecurityHeaders
 @model TeachingRecordSystem.SupportUi.Pages.SignOutModel
 @{
@@ -7,7 +7,7 @@
 
 <div class="govuk-grid-row">
     <div class="govuk-grid-column-two-thirds">
-        <form action="@LinkGenerator.SignOut()" method="post" asp-antiforgery="true">
+        <form action="@LinkGenerator.SignOut()" method="post">
             <govuk-button type="submit">Sign out</govuk-button>
         </form>
         <script asp-add-nonce="true">document.forms[0].submit();</script>

diff --git a/TeachingRecordSystem/src/TeachingRecordSystem.SupportUi/Pages/Users/AddUser/Confirm.cshtml b/TeachingRecordSystem/src/TeachingRecordSystem.SupportUi/Pages/Users/AddUser/Confirm.cshtml
@@ -1,4 +1,4 @@
-@page "/users/add/confirm"
+@page "/users/add/confirm"
 @using TeachingRecordSystem.Core;
 @model TeachingRecordSystem.SupportUi.Pages.Users.AddUser.ConfirmModel
 @{
@@ -7,7 +7,7 @@
 
 <div class="govuk-grid-row">
     <div class="govuk-grid-column-two-thirds">
-        <form trs-action="l => l.AddUser(Model.UserId!)">
+        <form action="@LinkGenerator.AddUser(Model.UserId!)" method="post">
             <h1 class="govuk-heading-l">@ViewBag.Title</h1>
 
             <govuk-input asp-for="Email" type="email" disabled />

diff --git a/TeachingRecordSystem/src/TeachingRecordSystem.SupportUi/Pages/Users/AddUser/Index.cshtml b/TeachingRecordSystem/src/TeachingRecordSystem.SupportUi/Pages/Users/AddUser/Index.cshtml
@@ -1,12 +1,12 @@
-@page "/users/add"
+@page "/users/add"
 @model TeachingRecordSystem.SupportUi.Pages.Users.AddUser.IndexModel
 @{
     ViewBag.Title = "Add user";
 }
 
 <div class="govuk-grid-row">
     <div class="govuk-grid-column-two-thirds">
-        <form trs-action="l => l.AddUser()">
+        <form action="@LinkGenerator.AddUser()" method="post">
             <h1 class="govuk-heading-l">@ViewBag.Title</h1>
 
             <govuk-input asp-for="Email" type="email" autocomplete="off" />

diff --git a/TeachingRecordSystem/src/TeachingRecordSystem.SupportUi/Pages/Users/EditUser.cshtml b/TeachingRecordSystem/src/TeachingRecordSystem.SupportUi/Pages/Users/EditUser.cshtml
@@ -11,7 +11,7 @@
 
 <div class="govuk-grid-row">
     <div class="govuk-grid-column-two-thirds">
-        <form trs-action="l => l.EditUser(Model.UserId!)">
+        <form action="@LinkGenerator.EditUser(Model.UserId!)" method="post">
             <h1 class="govuk-heading-l">@ViewBag.Title</h1>
 
             <govuk-input asp-for="Email" type="email" disabled />

diff --git a/TeachingRecordSystem/src/TeachingRecordSystem.SupportUi/Program.cs b/TeachingRecordSystem/src/TeachingRecordSystem.SupportUi/Program.cs
@@ -6,6 +6,8 @@
 using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.HttpOverrides;
 using Microsoft.AspNetCore.Mvc.Authorization;
+using Microsoft.AspNetCore.Mvc.Razor;
+using Microsoft.AspNetCore.Mvc.TagHelpers;
 using Microsoft.Extensions.Caching.Distributed;
 using Microsoft.Extensions.Diagnostics.HealthChecks;
 using Microsoft.Identity.Web;
@@ -19,6 +21,7 @@
 using TeachingRecordSystem.SupportUi.Infrastructure.Redis;
 using TeachingRecordSystem.SupportUi.Infrastructure.Security;
 using TeachingRecordSystem.SupportUi.Services;
+using TeachingRecordSystem.SupportUi.TagHelpers;
 
 var builder = WebApplication.CreateBuilder(args);
 
@@ -177,7 +180,8 @@
     .AddTransient<CheckUserExistsFilter>()
     .AddSingleton<IClock, Clock>()
     .AddSupportUiServices(builder.Configuration, builder.Environment)
-    .AddSingleton<ReferenceDataCache>();
+    .AddSingleton<ReferenceDataCache>()
+    .AddSingleton<ITagHelperInitializer<FormTagHelper>, FormTagHelperInitializer>();
 
 var app = builder.Build();
 

diff --git a/...ingRecordSystem/src/TeachingRecordSystem.SupportUi/TagHelpers/FormTagHelperInitializer.cs b/...ingRecordSystem/src/TeachingRecordSystem.SupportUi/TagHelpers/FormTagHelperInitializer.cs
@@ -0,0 +1,16 @@
+using Microsoft.AspNetCore.Mvc.Razor;
+using Microsoft.AspNetCore.Mvc.Rendering;
+using Microsoft.AspNetCore.Mvc.TagHelpers;
+
+namespace TeachingRecordSystem.SupportUi.TagHelpers;
+
+public class FormTagHelperInitializer : ITagHelperInitializer<FormTagHelper>
+{
+    public void Initialize(FormTagHelper helper, ViewContext context)
+    {
+        if (helper.Antiforgery is null)
+        {
+            helper.Antiforgery = true;
+        }
+    }
+}
diff --git a/TeachingRecordSystem/src/TeachingRecordSystem.SupportUi/TagHelpers/TrsActionFormTagHelper.cs b/TeachingRecordSystem/src/TeachingRecordSystem.SupportUi/TagHelpers/TrsActionFormTagHelper.cs