Skip to content

Commit

Permalink
added csrf manager, changed way that session and user components cont…
Browse files Browse the repository at this point in the history 
…act api
  • Loading branch information
@aholachek
aholachek committed May 10, 2015
1 parent 668778f commit a29cc04
Show file tree
Hide file tree
Showing 16 changed files with 307 additions and 139 deletions.
2 changes: 2 additions & 0 deletions Gruntfile.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -467,6 +467,7 @@ module.exports = function(grunt) {
"page_managers/three_column_view.js":60,
"mixins/widget_utility.js":40,
"components/query_builder/rules_translator.js":45,
"components/csrf_manager.js": 25,
"widgets/base/tree_view.js":50,
"widgets/facet/factory.js":50,
"widgets/list_of_things/item_view.js":50,
Expand All @@ -486,6 +487,7 @@ module.exports = function(grunt) {
"components/api_feedback.js":77,
"components/transition.js":77,
"components/recaptcha_manager.js":49,
"components/user.js": 76,
"widgets/dropdown-menu/widget.js":78,
"widgets/list_of_things/paginated_view.js":78,
"wraps/paper_network.js": 77, // some tests don't run properly in phantomjs,
Expand Down
2 changes: 1 addition & 1 deletion src/404.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,6 @@
<div style="text-align: center;margin-top:10%">
<h3>404 Not Found</h3>
<img src="styles/img/jetpack.gif" alt="two men with jetpacks">
<h3>Oops, not found. Would you like to <a href="/">go back to the homepage?</a></h3></div>
<h3>We couldn't find that page. Would you like to <a href="#">go back to the homepage?</a></h3></div>
</body>
</html>
2 changes: 1 addition & 1 deletion src/500.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,6 @@
<div style="text-align: center;margin-top:10%">
<h3>500 Error</h3>
<img src="styles/img/rolling.gif" alt=""/>
<h3>Oh no! Did you break, Bumblebee?</h3></div>
<h3>We've made an error. Please try again later.</h3></div>
</body>
</html>
3 changes: 2 additions & 1 deletion src/discovery.config.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,8 @@ require.config({
HistoryManager: 'js/components/history_manager',
MasterPageManager: 'js/page_managers/master',
AppStorage: 'js/components/app_storage',
RecaptchaManager : 'js/components/recaptcha_manager'
RecaptchaManager : 'js/components/recaptcha_manager',
CSRFManager : "js/components/csrf_manager",
},
modules: {
FacetFactory: 'js/widgets/facet/factory'
Expand Down
2 changes: 1 addition & 1 deletion src/js/components/api_targets.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ define([
SERVICE_METRICS: 'metrics',
MYADS_STORAGE: 'http://localhost:5000',


CSRF : 'accounts/csrf',
USER: 'accounts/user',
LOGOUT: 'accounts/logout',
REGISTER: 'accounts/register',
Expand Down
59 changes: 59 additions & 0 deletions src/js/components/csrf_manager.js
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
/*
widgets can attach callbacks to a deferred that waits until
* a new csrf token has been requested
*
* */
define([
'backbone',
'js/components/generic_module',
'js/mixins/hardened',
"js/components/api_request",
"js/components/api_targets"
],
function(
Backbone,
GenericModule,
Hardened,
ApiRequest,
ApiTargets
) {


var CSRFManager = GenericModule.extend({

activate: function (beehive) {
this.beehive = beehive;
this.pubsub = beehive.Services.get('PubSub');
this.key = this.pubsub.getPubSubKey();
_.bindAll(this, ["resolvePromiseWithNewKey"]);
this.pubsub.subscribe(this.key, this.pubsub.DELIVERING_RESPONSE, this.resolvePromiseWithNewKey);
},

getCSRF : function(){
this.deferred = $.Deferred();

var request = new ApiRequest({
target : ApiTargets.CSRF
});

this.pubsub.publish(this.key, this.pubsub.EXECUTE_REQUEST, request);
return this.deferred.promise();
},

resolvePromiseWithNewKey : function(response){
//get csrf here
var csrf = response.toJSON().csrf;
this.deferred.resolve(csrf);
},

hardenedInterface: {
getCSRF : "getCSRF"
}

});

_.extend(CSRFManager.prototype, Hardened);

return CSRFManager;

});
20 changes: 10 additions & 10 deletions src/js/components/recaptcha_manager.js
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
/*
widgets can attach callbacks to a deferred that waits until
* grecaptcha is loaded from google, and sitekey info is loaded from discovery.vars.js
*
* */
widgets can attach callbacks to a deferred that waits until
* grecaptcha is loaded from google, and sitekey info is loaded from discovery.vars.js
*
* */
define([
'backbone',
'js/components/generic_module',
Expand Down Expand Up @@ -53,14 +53,14 @@ define([
},

renderRecaptcha : function(view, siteKey, undefined){
grecaptcha.render(view.$(".g-recaptcha")[0],
{
sitekey: siteKey, callback: function (response) {
view.model.set("g-recaptcha-response", response);
}
grecaptcha.render(view.$(".g-recaptcha")[0],
{
sitekey: siteKey, callback: function (response) {
view.model.set("g-recaptcha-response", response);
}
});

},
},

hardenedInterface: {
activateRecaptcha : "activateRecaptcha"
Expand Down
129 changes: 73 additions & 56 deletions src/js/components/session.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,8 +73,7 @@ define([

login: function (data) {

var csrfToken = this.getBeeHive().getObject("AppStorage").get("csrf");

this.sendRequestWithNewCSRF(function(csrfToken){
var request = new ApiRequest({
target : ApiTargets.USER,
query: new ApiQuery({}),
Expand All @@ -90,25 +89,38 @@ define([
}
}
});
return this.getBeeHive().getService("Api").request(request);
return this.getBeeHive().getService("Api").request(request);

});
},

/*
* every time a csrf token is required, csrf manager will request a new token,
* and it allows you to attach callbacks to the promise it returns
* */
sendRequestWithNewCSRF : function(callback){
callback = _.bind(callback, this);
this.getBeeHive().getObject("CSRFManager").getCSRF().done(callback);
},

logout: function () {

var csrfToken = this.getBeeHive().getObject("AppStorage").get("csrf");
this.sendRequestWithNewCSRF(function(csrfToken){

var request = new ApiRequest({
target : ApiTargets.LOGOUT,
query : new ApiQuery({}),
options : {
context : this,
type : "GET",
headers : {'X-CSRFToken' : csrfToken },
contentType : "application/json",
done : this.logoutSuccess
}
});
return this.getBeeHive().getService("Api").request(request);

var request = new ApiRequest({
target : ApiTargets.LOGOUT,
query : new ApiQuery({}),
options : {
context : this,
type : "GET",
headers : {'X-CSRFToken' : csrfToken },
contentType : "application/json",
done : this.logoutSuccess
}
});
return this.getBeeHive().getService("Api").request(request);
},

register: function (data) {
Expand All @@ -123,22 +135,23 @@ define([
}
_.extend(data, {verify_url : base_url + "/#user/account/verify/register" });

var csrfToken = this.getBeeHive().getObject("AppStorage").get("csrf");
this.sendRequestWithNewCSRF(function(csrfToken) {

var request = new ApiRequest({
target: ApiTargets.REGISTER,
query: new ApiQuery({}),
options: {
type: "POST",
data: JSON.stringify(data),
contentType: "application/json",
headers: {'X-CSRFToken': csrfToken },
done: this.registerSuccess,
fail: this.registerFail
}
});
return this.getBeeHive().getService("Api").request(request);

var request = new ApiRequest({
target : ApiTargets.REGISTER,
query : new ApiQuery({}),
options : {
type : "POST",
data : JSON.stringify(data),
contentType : "application/json",
headers : {'X-CSRFToken' : csrfToken },
done : this.registerSuccess,
fail : this.registerFail
}
});
return this.getBeeHive().getService("Api").request(request);

},

resetPassword1: function(data){
Expand All @@ -154,39 +167,43 @@ define([

var email = data.email;
var data = _.omit(data, "email");
var csrfToken = this.getBeeHive().getObject("AppStorage").get("csrf");

var request = new ApiRequest({
target : ApiTargets.RESET_PASSWORD + "/" + email,
query : new ApiQuery({}),
options : {
type : "POST",
data : JSON.stringify(data),
headers : {'X-CSRFToken' : csrfToken },
contentType : "application/json",
done : this.resetPassword1Success,
fail : this.resetPassword1Fail
}
});
return this.getBeeHive().getService("Api").request(request);
this.sendRequestWithNewCSRF(function(csrfToken){
var request = new ApiRequest({
target : ApiTargets.RESET_PASSWORD + "/" + email,
query : new ApiQuery({}),
options : {
type : "POST",
data : JSON.stringify(data),
headers : {'X-CSRFToken' : csrfToken },
contentType : "application/json",
done : this.resetPassword1Success,
fail : this.resetPassword1Fail
}
});
return this.getBeeHive().getService("Api").request(request);
});

},

resetPassword2: function(data){
var csrfToken = this.getBeeHive().getObject("AppStorage").get("csrf");

var request = new ApiRequest({
target : ApiTargets.RESET_PASSWORD + "/" + this.model.get("resetPasswordToken"),
query : new ApiQuery({}),
options : {
type : "PUT",
data : JSON.stringify(data),
contentType : "application/json",
headers : {'X-CSRFToken' : csrfToken },
done : this.resetPassword2Success,
fail : this.resetPassword2Fail
}
this.sendRequestWithNewCSRF(function(csrfToken){
var request = new ApiRequest({
target : ApiTargets.RESET_PASSWORD + "/" + this.model.get("resetPasswordToken"),
query : new ApiQuery({}),
options : {
type : "PUT",
data : JSON.stringify(data),
contentType : "application/json",
headers : {'X-CSRFToken' : csrfToken },
done : this.resetPassword2Success,
fail : this.resetPassword2Fail
}
});
return this.getBeeHive().getService("Api").request(request);
});
return this.getBeeHive().getService("Api").request(request);

},

setChangeToken : function(token){
Expand Down
Loading

0 comments on commit a29cc04

Please sign in to comment.