Skip to content

Commit

Permalink
HDX-9927 add CSRF tokens
Browse files Browse the repository at this point in the history
  • Loading branch information
@ccataalin
ccataalin committed Jun 29, 2024
1 parent 9c57f6c commit 3e7d444
Show file tree
Hide file tree
Showing 51 changed files with 326 additions and 163 deletions.
1 change: 1 addition & 0 deletions ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/admin/carousel.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@
options.emulateJSON = true; // Important because your sending formdata
options.processData = false;
options.contentType = false;
options.headers = hdxUtil.net.getCsrfTokenAsObject();

return Backbone.Model.prototype.sync.call(this, method, model, options);
// return Backbone.sync.apply(this, arguments);
Expand Down
1 change: 1 addition & 0 deletions ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/admin/package_links.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@
options.emulateJSON = true; // Important because your sending formdata
options.processData = false;
options.contentType = false;
options.headers = hdxUtil.net.getCsrfTokenAsObject();

return Backbone.Model.prototype.sync.call(this, method, model, options);
// return Backbone.sync.apply(this, arguments);
Expand Down
1 change: 1 addition & 0 deletions ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/admin/quick_links.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@
options.emulateJSON = true; // Important because your sending formdata
options.processData = false;
options.contentType = false;
options.headers = hdxUtil.net.getCsrfTokenAsObject();

return Backbone.Model.prototype.sync.call(this, method, model, options);
// return Backbone.sync.apply(this, arguments);
Expand Down
3 changes: 2 additions & 1 deletion ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/contribute_flow/backbone-model-file-upload.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,7 @@
options.data = formData;
options.processData = false;
options.contentType = false;
options.headers = hdxUtil.net.getCsrfTokenAsObject();

// Handle "progress" events
if (!options.xhr) {
Expand Down Expand Up @@ -173,4 +174,4 @@
// Export out to override Backbone Model
Backbone.Model = BackboneModelFileUpload;

}));
}));
63 changes: 37 additions & 26 deletions ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/contribute_flow/contribute_flow_main.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,29 +63,33 @@

formDataArray.push({'name': 'id', 'value': datasetId});

$.post(validateUrl, formDataArray,
function (data, status, xhr) {
data.error_summary = data.error_summary ? data.error_summary : {};

// Resources are not required for metadata-only datasets
if (!data.data.is_requestdata_type && (!resourceDataArray || resourceDataArray.length === 0)) {
data.error_summary['resource-list'] = 'Please add at least 1 resource to the dataset';

}

// Tags are required for metadata-only datasets
if (data.data.is_requestdata_type && data.data.tag_string.length === 0) {
data.errors.tag_string = ['Missing value'];
}

contributeGlobal.updateValidationUi(data, status, xhr);
// contributeGlobal._managePrivateField();
deferred.resolve(contributeGlobal.validateSucceeded(data, status));
moduleLog('Validation finished');
$.ajax({
url: validateUrl,
type: 'POST',
data: formDataArray,
headers: hdxUtil.net.getCsrfTokenAsObject(),
success: function (data, status, xhr) {
data.error_summary = data.error_summary ? data.error_summary : {};

// Resources are not required for metadata-only datasets
if (!data.data.is_requestdata_type && (!resourceDataArray || resourceDataArray.length === 0)) {
data.error_summary['resource-list'] = 'Please add at least 1 resource to the dataset';
}

// Tags are required for metadata-only datasets
if (data.data.is_requestdata_type && data.data.tag_string.length === 0) {
data.errors.tag_string = ['Missing value'];
}
).fail(contributeGlobal.recoverFromServerError);

contributeGlobal.updateValidationUi(data, status, xhr);
// contributeGlobal._managePrivateField();
deferred.resolve(contributeGlobal.validateSucceeded(data, status));
moduleLog('Validation finished');
},
error: function (xhr, status, error) {
contributeGlobal.recoverFromServerError();
}
});
}.bind(this)
);

Expand Down Expand Up @@ -156,12 +160,19 @@
contributeGlobal.controlUserWaitingWidget(true, 'Saving dataset form...');

$.when(analyticsPromise).done(function () {
$.post(requestUrl, formDataArray,
function (data, status, xhr) {
contributeGlobal.updateInnerState(data, status);
deferred.resolve(data, status, xhr);
}
).fail(contributeGlobal.recoverFromServerError);
$.ajax({
url: requestUrl,
type: 'POST',
data: formDataArray,
headers: hdxUtil.net.getCsrfTokenAsObject(),
success: function (data, status, xhr) {
contributeGlobal.updateInnerState(data, status);
deferred.resolve(data, status, xhr);
},
error: function (xhr, status, error) {
contributeGlobal.recoverFromServerError();
}
});
});
}
}
Expand Down
2 changes: 2 additions & 0 deletions ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/country/custom/country-custom.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -141,6 +141,7 @@ function autoGraph() {
type: 'POST',
dataType: 'json',
url: '/api/3/action/datastore_search_sql',
headers: hdxUtil.net.getCsrfTokenAsObject(),
data: urldata,
index: sIdx,
success: function (data) {
Expand Down Expand Up @@ -436,6 +437,7 @@ function loadMapData(map, confJson, layers){
type: 'POST',
dataType: 'json',
url: '/api/3/action/datastore_search_sql',
headers: hdxUtil.net.getCsrfTokenAsObject(),
data: urldata,
success: function(result){
values = processMapValues(result.result.records, confJson, pcodeColumnName, valueColumnName, descriptionColumnName);
Expand Down
29 changes: 15 additions & 14 deletions ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/crisis/ebola/ebola_crisis_page_graph.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ $.ajax({
type: 'POST',
dataType: 'json',
url: '/api/3/action/datastore_search_sql',
headers: hdxUtil.net.getCsrfTokenAsObject(),
data: data,
success: function(data) {
var processedData = processData(data.result.records);
Expand Down Expand Up @@ -55,7 +56,7 @@ function processData(dataIn){
data[data.length-1]['cases'][e['Country']]=e['value'];
} else {
data[data.length-1]['cases']['other']+=e['value'];
}
}
}
});
return data;
Expand All @@ -65,9 +66,9 @@ function generateLineChart(id,data){
data.forEach(function(e){
e.date = new Date(e.date);
});

var varNames = d3.keys(data[0].deaths).filter(function (key) { return key !== 'total';});;

var seriesDeathArr = [], series = {};
varNames.forEach(function (name) {
series[name] = {name: name, values:[]};
Expand All @@ -78,7 +79,7 @@ function generateLineChart(id,data){
series[name].values.push({label: d.date, value: +d.deaths[name]});
});
});

var seriesDeathArr = [], series = {};
varNames.forEach(function (name) {
series[name] = {name: name, values:[]};
Expand All @@ -88,12 +89,12 @@ function generateLineChart(id,data){
varNames.map(function (name) {
series[name].values.push({label: d.date, value: +d.deaths[name]});
});
});
});

var deathColor = d3.scale.ordinal()
//.range(["#B71C1C","#E53935","#EF9A9A","#FFEBEE"]);
.range(["#f2645a","#F58A83","#F8B1AC","#FBD8D5"]);

var seriesCaseArr = [], series = {};
varNames.forEach(function (name) {
series[name] = {name: name, values:[]};
Expand All @@ -103,7 +104,7 @@ function generateLineChart(id,data){
varNames.map(function (name) {
series[name].values.push({label: d.date, value: +d.cases[name]});
});
});
});

var caseColor = d3.scale.ordinal()
//.range(["#1A237E","#3949AB","#7986CB","#E8EAF6"])
Expand All @@ -118,10 +119,10 @@ function generateLineChart(id,data){

var y = d3.scale.linear()
.range([height, 0]);
x.domain(d3.extent(data, function(d) {

x.domain(d3.extent(data, function(d) {
return d.date; }));
y.domain([0,d3.max(data, function(d) { return d.cases.total; })]);
y.domain([0,d3.max(data, function(d) { return d.cases.total; })]);

var xAxis = d3.svg.axis()
.scale(x)
Expand Down Expand Up @@ -169,7 +170,7 @@ function generateLineChart(id,data){
.x(function (d) { return x(d.label); })
.y0(function (d) { return y(d.y0); })
.y1(function (d) { return y(d.y0 + d.y); });

stack(seriesDeathArr);
stack(seriesCaseArr);
var svg = d3.select(id).append("svg")
Expand Down Expand Up @@ -360,7 +361,7 @@ function generateLineChart(id,data){
d3.selectAll(".deathPath").transition().duration(500).attr("opacity",0);
d3.selectAll(".linelabels").transition().duration(500).attr("opacity",1);
d3.selectAll(".areadeathlabels").transition().duration(500).attr("opacity",0);
});
});

svg.append("path")
.datum(data)
Expand All @@ -379,4 +380,4 @@ function generateLineChart(id,data){
d3.selectAll(".areacaselabels").transition().duration(500).attr("opacity",0);
d3.selectAll(".deathline").transition().duration(500).attr("opacity",1);
});
}
}
59 changes: 40 additions & 19 deletions ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/qa/qa-package.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,17 +15,22 @@ function _updateQuarantine(resource, flag) {
"_csrf_token": csrf_value
};
let promise = new Promise((resolve, reject) => {
$.post('/api/action/hdx_qa_resource_patch', body)
.done((result) => {
if (result.success){
$.ajax({
url: '/api/action/hdx_qa_resource_patch',
type: 'POST',
data: body,
headers: hdxUtil.net.getCsrfTokenAsObject(),
success: function (result) {
if (result.success) {
resolve(result);
} else {
reject(result);
}
})
.fail((result) => {
},
error: function (result) {
reject(result);
});
}
});
});
return promise;
}
Expand All @@ -38,17 +43,22 @@ function _updateBrokenLink(resource, flag) {
"_csrf_token": csrf_value
};
let promise = new Promise((resolve, reject) => {
$.post('/api/action/hdx_mark_broken_link_in_resource', body)
.done((result) => {
if (result.success){
$.ajax({
url: '/api/action/hdx_mark_broken_link_in_resource',
type: 'POST',
data: body,
headers: hdxUtil.net.getCsrfTokenAsObject(),
success: function (result) {
if (result.success) {
resolve(result);
} else {
reject(result);
}
})
.fail((result) => {
},
error: function (result) {
reject(result);
});
}
});
});
return promise;
}
Expand All @@ -63,17 +73,22 @@ function _updateAllResourcesKeyValue(package,key,value) {
};

let promise = new Promise((resolve, reject) => {
$.post('/api/action/hdx_qa_package_revise_resource', body)
.done((result) => {
if (result.success){
$.ajax({
url: '/api/action/hdx_qa_package_revise_resource',
type: 'POST',
data: body,
headers: hdxUtil.net.getCsrfTokenAsObject(),
success: function (result) {
if (result.success) {
resolve(result);
} else {
reject(result);
}
})
.fail((result) => {
},
error: function (result) {
reject(result);
});
}
});
});
return promise;
}
Expand Down Expand Up @@ -187,7 +202,13 @@ function _updateResourceConfirmState(resource, flag, score, piiReportId) {

let promise = new Promise((resolve, reject) => {
const mixpanelPromise = hdxUtil.analytics.sendQADashboardEvent(resource,flag,score,piiReportId);
const patchPromise = $.post('/api/action/hdx_qa_resource_patch', body);
const patchPromise = $.ajax({
url: '/api/action/hdx_qa_resource_patch',
type: 'POST',
data: body,
headers: hdxUtil.net.getCsrfTokenAsObject(),
});

mixpanelPromise.then((mixpanelResults) => {
patchPromise
.done((result) => {
Expand Down
11 changes: 10 additions & 1 deletion ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/requestdata_/modal-form.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,15 @@ ckan.module('hdx-modal-form', function($) {
}
var base_url = ckan.sandbox().client.endpoint;
var url = base_url + '/api/' + api_ver + '/action/' + action;
return $.post(url, JSON.stringify(data), "json");
return $.ajax({
url: url,
type: 'POST',
contentType: 'application/json',
data: JSON.stringify(data),
dataType: 'json',
headers: hdxUtil.net.getCsrfTokenAsObject(),
});

}
};

Expand Down Expand Up @@ -167,6 +175,7 @@ ckan.module('hdx-modal-form', function($) {
data: formData,
processData: false,
contentType: false,
headers: hdxUtil.net.getCsrfTokenAsObject(),
type: 'POST'
})
.done(function(data) {
Expand Down
7 changes: 6 additions & 1 deletion ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/widget/faq/faq.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,12 @@ $(document).ready(function(){
var analyticsPromise =
hdxUtil.analytics.sendMessagingEvent('faq', 'faq',
$this.find('select[name="topic"]').val(), null, false);
var postPromise = $.post('/faq/contact_us', $this.serialize());
var postPromise = $.ajax({
url: '/faq/contact_us',
type: 'POST',
data: $this.serialize(),
headers: hdxUtil.net.getCsrfTokenAsObject(),
});

$.when(postPromise, analyticsPromise).then(
function (postData, analyticsData) {
Expand Down
7 changes: 6 additions & 1 deletion ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/widget/membership/contact-contributor.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,12 @@ $(document).ready(function(){
var analyticsPromise =
hdxUtil.analytics.sendMessagingEvent('dataset', 'contact contributor',
$this.find('select[name="topic"]').val(), null, true);
var postPromise = $.post('/membership/contact_contributor', $this.serialize());
var postPromise = $.ajax({
url: '/membership/contact_contributor',
type: 'POST',
data: $this.serialize(),
headers: hdxUtil.net.getCsrfTokenAsObject(),
});

$.when(postPromise, analyticsPromise).then(
function (postData, analyticsData) {
Expand Down
Loading

0 comments on commit 3e7d444

Please sign in to comment.