better support for now csrftoken protection

Author: tmunzer-AIDE

angular/package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "mist-extension",
-  "version": "5.1.0",
+  "version": "5.2.0",
   "description": "Generated with @larscom/ng-mist-extension",
   "scripts": {
     "start": "npm run watch",
@@ -38,7 +38,7 @@
     "@types/webextension-polyfill": "^0.12.1",
     "dompurify": "^3.2.5",
     "ngx-build-plus": "^18.0.0",
-    "rxjs": "^7.8.1",
+    "rxjs": "^7.8.2",
     "tslib": "^2.8.1",
     "web-ext-types": "^3.2.1",
     "webext-base-css": "^2.1.0",

angular/package.json

@@ -14,20 +14,25 @@ import { AccountManageComponent } from './pages/account/manage/manage.component'
 import { AccountCreateComponent } from './pages/account/create/create.component'
 import { AccountManageOrgComponent } from './pages/account/manage_org/manage_org.component';
 import { AccountCreateOrgComponent } from './pages/account/create_org/create_org.component';
+import { TokenDeleteWarningComponent } from './pages/account/delete_warning/warning.component';
 import { ToolsComponent } from './pages/tools/tools.component';
 import { TokenInfoComponent } from './pages/tools/token_info/info.component';
 import { TokenUsageComponent } from './pages/tools/token_usage/usage.component';
 import { ToolsWarningComponent } from './pages/tools/warning/warning.component';
 import { AboutComponent } from './pages/about/about.component';
 
-
 @NgModule({ declarations: [
         AppComponent,
         ApiJuniperManageComponent,
         ApiComponent, ApiManageComponent, ApiDjangoComponent, ZtpPasswordComponent,
-        AccountComponent, AccountManageComponent, AccountCreateComponent, AccountManageOrgComponent, AccountCreateOrgComponent,
+        AccountComponent, AccountManageComponent, AccountCreateComponent, AccountManageOrgComponent, AccountCreateOrgComponent, TokenDeleteWarningComponent,
         ToolsComponent, TokenInfoComponent, TokenUsageComponent, ToolsWarningComponent,
         AboutComponent
     ],
-    bootstrap: [AppComponent], imports: [BrowserModule, AppRoutingModule, FormsModule], providers: [provideHttpClient(withInterceptorsFromDi())] })
+    bootstrap: [AppComponent], 
+    imports: [BrowserModule, AppRoutingModule, FormsModule], 
+    providers: [
+        provideHttpClient(withInterceptorsFromDi()),
+    ] 
+})
 export class AppModule { }

angular/src/app/app.module.ts

@@ -56,14 +56,10 @@ <h3 class="title-cloud">API Usage</h3>
                             <img class="icon"src="assets/list.svg">
                             <span *ngIf="session.two_factor_passed" class="tooltiptext top">Manage</span>
                     </button>
-                    <button  *ngIf="!session.domain.includes('mistsys.com')" class="circle secondary tooltip" (click)="openCreateToken(session.domain, 'user')" [disabled]="!session.two_factor_passed">
+                    <button class="circle secondary tooltip" (click)="openCreateToken(session.domain, 'user')" [disabled]="!session.two_factor_passed">
                         <img class="icon" src="assets/add.svg">
                         <span *ngIf="session.two_factor_passed" class="tooltiptext top">Create</span>
-                    </button>
-                    <button  *ngIf="session.domain.includes('mistsys.com')" class="circle secondary tooltip" disabled>
-                        <img class="icon" src="assets/add.svg">
-                        <span *ngIf="session.two_factor_passed" class="tooltiptext top" style="color: var(--warning)">Disabled on staging</span>
-                    </button>
+                    </button>                    
                 </div>
             </div>
 
@@ -79,22 +75,18 @@ <h3 class="title-cloud">API Usage</h3>
                         <img class="icon"src="assets/list.svg">
                         <span *ngIf="session.two_factor_passed" class="tooltiptext top">Manage</span>
                     </button>
-                    <button *ngIf="!session.domain.includes('mistsys.com')" class="circle secondary tooltip" (click)="openCreateToken(session.domain, 'org')" [disabled]="!session.two_factor_passed">
+                    <button class="circle secondary tooltip" (click)="openCreateToken(session.domain, 'org')" [disabled]="!session.two_factor_passed">
                         <img class="icon" src="assets/add.svg">
                         <span *ngIf="session.two_factor_passed" class="tooltiptext top">Create</span>
                     </button>
-                    <button *ngIf="session.domain.includes('mistsys.com')" class="circle secondary tooltip" disabled>
-                        <img class="icon" src="assets/add.svg">
-                        <span *ngIf="session.two_factor_passed" class="tooltiptext top" style="color: var(--warning)">Disabled on staging</span>
-                    </button>
                 </div>
             </div>
         </div>
     </div>
 </div>
 <div *ngIf="!has_active_sessions && !is_working" class="notice-text" style="margin: 0;">
     <div>Sorry, I'm not able to find any Mist Session in this browser...</div>
-    <div>Please log in to your Mist Dashobard first.</div>
+    <div>Please log in to your Mist Dashboard first.</div>
 </div>
 <div *ngIf="!has_active_sessions && is_working" class="notice-text" style="margin: 0;">
     <div>I'm still eating your cookies... Not done yet...</div>

angular/src/app/pages/account/account.component.html

@@ -6,7 +6,6 @@
         <div class="cloud">manage{{session.domain}}</div>
         <div class="token-name">
             <input type="text" [(ngModel)]="token_name" placeholder="Token Name (optional)"/>
-            <button (click)="createToken()" class="secondary xlarge">Create</button>
         </div>
         <div class="textarea" fxLayout="row">
             <textarea class="token" type="text" readonly rows="3" [ngClass]="focused == 'token'? 'focused' : ''" id="token" #token_input>{{token.key}}</textarea>
@@ -15,5 +14,8 @@
                 </button>
         </div>
     </div>
-    <button (click)="close()" class="xlarge">CLOSE</button>
+    <div class="popup-footer">
+        <button (click)="close()" class="xlarge">CLOSE</button>
+        <button (click)="createToken()" class="secondary xlarge">Create</button>
+        </div>
 </div>

angular/src/app/pages/account/create/create.component.html

@@ -1,11 +1,9 @@
-// CONTENAIRS
-
 .box-token {
     display: flex;
     flex-direction: column;
     align-items: center;
     margin: 0 1em;
-    
+
     label {
         margin: .2em .5em .2em 1em;
         display: flex;
@@ -22,18 +20,31 @@
         display: flex;
         flex-direction: column;
         width: 100%;
+
         input {
             margin: 1em 0;
             padding: 0.5em;
             border: 1px solid var(--b, var(--text-color));
             border-radius: 10px;
             background-color: var(--b, var(--background));
-            color:  var(--b, var(--text-color));
+            color: var(--b, var(--text-color));
         }
+
         input:focus {
-            background-color:  var(--background2);
-            border-color: var(--primary) ;
+            background-color: var(--background2);
+            border-color: var(--primary);
+        }
     }
+
 }
 
+.popup-footer {
+    display: flex;
+    justify-content: space-between;
+    flex-direction: row;
+    align-items: center;
+
+    button {
+        width: 40%;
+    }
 }

angular/src/app/pages/account/create/create.component.scss

@@ -1,7 +1,7 @@
 import { Component, Input, Output, ChangeDetectionStrategy, ChangeDetectorRef, EventEmitter, OnInit } from '@angular/core';
 import { HttpClient } from '@angular/common/http';
 import { Observable } from 'rxjs';
-import { SessionElement } from "../../../services/browser.service"
+import { BrowserService, SessionElement } from "../../../services/browser.service"
 
 export interface TokenElement {
   id: string | undefined,
@@ -39,7 +39,8 @@ export class AccountCreateComponent implements OnInit {
   focused: string = "";
   constructor(
     private _cd: ChangeDetectorRef,
-    private _http: HttpClient
+    private _http: HttpClient,
+    private _browser: BrowserService,
   ) { }
 
   token_name: string = "";
@@ -64,22 +65,32 @@ export class AccountCreateComponent implements OnInit {
   ////////////
   // SESSIONS
   ////////////
-  createToken(csrftoken: string = null, retry:boolean=true): void {
-    console.log(this.session);
-    if (!csrftoken) {csrftoken = this.session.csrftoken}
+  createToken(): void {
     if (this.do_create) {
       let url = "https://" + this.session.api_host + "/api/v1/self/apitokens";
-      this._http.post(url, { name: this.token_name }, { headers: { "X-CSRFTOKEN": csrftoken, 'Access-Control-Allow-Origin': 'https://api.mistsys.com/api/v1/self/apitokens' } })
+      this._http
+        .post<TokenElement>(url, { name: this.token_name }, { headers: { "X-CSRFTOKEN": this.session.csrftoken } })
         .subscribe({
-          next: (token: TokenElement) => {
+          next: (data) => {
+            this.token = data;
             this.session.requests += 1;
-            this.token = token;
             this._cd.detectChanges();
+          },
+          error: (e) => {
+            this.createTokenBackup(url);
           }
         })
     }
   }
 
+  private createTokenBackup(url: string): void {
+    this._browser.setStorage("post", JSON.stringify({ url: url, payload: { name: this.token_name }, ts: Date.now() }));
+    setTimeout(() => {
+      this._browser.tabOpen(url);
+    }, 10);
+  }
+
+
   close(): void {
     this.closeCreateToken.emit()
   }
@@ -93,7 +104,7 @@ export class AccountCreateComponent implements OnInit {
     setTimeout(() => {
       this.focused = "";
       this._cd.detectChanges()
-    }, 100);
+    }, 150);
     inputElement.setSelectionRange(0, 0);
   }
 

angular/src/app/pages/account/create/create.component.ts

@@ -1,7 +1,7 @@
 import { Component, Input, Output, ChangeDetectionStrategy, ChangeDetectorRef, EventEmitter, OnInit } from '@angular/core';
 import { HttpClient } from '@angular/common/http';
 import { Observable } from 'rxjs';
-import { SessionElement } from '../../../services/browser.service';
+import { BrowserService, SessionElement } from '../../../services/browser.service';
 import { PrivilegeService, OrgElement, MspElement } from "../../../services/privileges.service"
 
 export interface TokenElement {
@@ -36,7 +36,8 @@ export class AccountCreateOrgComponent implements OnInit {
   constructor(
     private _cd: ChangeDetectorRef,
     private _http: HttpClient,
-    private _privilege: PrivilegeService
+    private _privilege: PrivilegeService,
+    private _browser: BrowserService,
   ) { }
 
   token: TokenElement;
@@ -94,19 +95,33 @@ export class AccountCreateOrgComponent implements OnInit {
     }
     if (this.scope == "site" && this.site_id) {
       body.privileges[0]["site_id"] = this.site_id;
-    } else if (this.scope == "sitegroupo" && this.sitegroup_id) {
+    } else if (this.scope == "sitegroup" && this.sitegroup_id) {
       body.privileges[0]["sitegroup_id"] = this.sitegroup_id;
     }
     if (this.do_create && this.org_id != "none") {
       let url = "https://" + this.session.api_host + "/api/v1/orgs/" + this.org_id + "/apitokens"
-      this._http.post(url, body, { headers: { "X-CSRFTOKEN": this.session.csrftoken } }).subscribe((token: TokenElement) => {
-        this.token = token;
-        this.session.requests += 1;
-        this._cd.detectChanges();
-      })
+      this._http
+        .post<TokenElement>(url, body, { headers: { "X-CSRFTOKEN": this.session.csrftoken } })
+        .subscribe({
+          next: (data) => {
+            this.token = data;
+            this.session.requests += 1;
+            this._cd.detectChanges();
+          },
+          error: (e) => {
+            this.createTokenBackup(url, body);
+          }
+        })
     }
   }
 
+  private createTokenBackup(url: string, body): void {
+    this._browser.setStorage("post", JSON.stringify({ url: url, payload: body, ts: Date.now() }));
+    setTimeout(() => {
+      this._browser.tabOpen(url);
+    }, 10);
+  }
+
   close(): void {
     this.closeCreateToken.emit()
   }
@@ -120,7 +135,7 @@ export class AccountCreateOrgComponent implements OnInit {
     setTimeout(() => {
       this.focused = "";
       this._cd.detectChanges()
-    }, 100);
+    }, 150);
     inputElement.setSelectionRange(0, 0);
   }
 

angular/src/app/pages/account/create_org/create_org.component.ts

@@ -0,0 +1,11 @@
+<div class="popup-content">
+    <div class="popup-header">
+        <h2>Warning</h2>
+    </div>
+    <div class="popup-body">
+      <div>Are you sure you want to delete this API Token?</div>
+    </div>
+    <div class="popup-footer">
+      <button (click)="cancel()">CANCEL</button>
+      <button (click)="confirm()" class="warning">CONFIRM</button>
+</div>

angular/src/app/pages/account/delete_warning/warning.component.html

@@ -0,0 +1,21 @@
+.popup-header h2 {
+    color: var(--warning);
+}
+.popup-body {
+    font-size: larger;
+    margin-bottom: 1em;
+    div {
+        margin: 1em 0;
+    }
+}
+
+.popup-footer {
+    display: flex;
+    justify-content: space-between;
+    flex-direction: row;
+    align-items: center;
+
+    button {
+        width: 40%;
+    }
+}