diff --git a/ckanext-hdx_org_group/ckanext/hdx_org_group/tests/test_controller/test_member_controller.py b/ckanext-hdx_org_group/ckanext/hdx_org_group/tests/test_controller/test_member_controller.py index 5e58a487f5..e1bfdcdae6 100644 --- a/ckanext-hdx_org_group/ckanext/hdx_org_group/tests/test_controller/test_member_controller.py +++ b/ckanext-hdx_org_group/ckanext/hdx_org_group/tests/test_controller/test_member_controller.py @@ -138,7 +138,6 @@ def test_members(self, render, app): context = {'model': model, 'session': model.Session, 'user': orgadmin} orgadmin_token = factories.APIToken(user='orgadmin', expires_in=2, unit=60 * 60)['token'] auth = {'Authorization': orgadmin_token} - # test_client = self.get_backwards_compatible_test_client() member_with_name_list = _get_action('member_list')(context, { 'id': 'hdx-test-org', @@ -236,16 +235,17 @@ def _populate_member_names(self, members, member_with_name_list): ret = [next(u[4] for u in member_with_name_list if u[0] == member[0]) for member in members] return ret + @pytest.mark.usefixtures('with_request_context') @mock.patch('ckanext.hdx_users.helpers.mailer._mail_recipient_html') - def test_request_membership(self, _mail_recipient_html): + def test_request_membership(self, _mail_recipient_html, app): test_sysadmin = 'testsysadmin' test_username = 'johndoe1' - test_client = self.get_backwards_compatible_test_client() + test_username_token = factories.APIToken(user=test_username, expires_in=2, unit=60 * 60)['token'] context = {'model': model, 'session': model.Session, 'user': test_sysadmin} # removing one member from organization url = h.url_for('hdx_members.member_delete', id='hdx-test-org') - test_client.post(url, params={'user': 'johndoe1'}, extra_environ={"REMOTE_USER": test_sysadmin}) + app.post(url, params={'user': 'johndoe1'}, extra_environ={"REMOTE_USER": test_sysadmin}) member_list = self._get_action('member_list')(context, { 'id': 'hdx-test-org', @@ -262,9 +262,9 @@ def test_request_membership(self, _mail_recipient_html): # send a membership request url = h.url_for('ytp_request.new') - ret_page = test_client.post(url, params={'organization': 'hdx-test-org', 'role': 'member', 'save': 'save', - 'message': 'add me to your organization'}, - extra_environ={"REMOTE_USER": test_username}) + ret_page = app.post(url, params={'organization': 'hdx-test-org', 'role': 'member', 'save': 'save', + 'message': 'add me to your organization'}, + headers={'Authorization': test_username_token}) member_requests = self._get_action('member_request_list')(context, {'group': 'hdx-test-org'}) assert len(member_requests) == 1, 'Exactly one member request should exist for this org' assert member_requests[0].get('user_name') == test_username @@ -280,16 +280,17 @@ def _populate_member_names(self, members, member_with_name_list): ret = [next(u[4] for u in member_with_name_list if u[0] == member[0]) for member in members] return ret + @pytest.mark.usefixtures('with_request_context') @mock.patch('ckanext.hdx_users.helpers.mailer._mail_recipient_html') - def test_request_membership(self, _mail_recipient_html): + def test_request_membership(self, _mail_recipient_html, app): test_sysadmin = 'testsysadmin' test_username = 'johndoe1' - test_client = self.get_backwards_compatible_test_client() + test_username_token = factories.APIToken(user=test_username, expires_in=2, unit=60 * 60)['token'] context = {'model': model, 'session': model.Session, 'user': test_sysadmin} # removing one member from organization url = h.url_for('hdx_members.member_delete', id='hdx-test-org') - test_client.post(url, params={'user': 'johndoe1'}, extra_environ={"REMOTE_USER": test_sysadmin}) + app.post(url, params={'user': 'johndoe1'}, extra_environ={"REMOTE_USER": test_sysadmin}) member_list = self._get_action('member_list')(context, { 'id': 'hdx-test-org', @@ -306,9 +307,9 @@ def test_request_membership(self, _mail_recipient_html): # send a membership request url = h.url_for('ytp_request.new') - ret_page = test_client.post(url, params={'organization': 'hdx-test-org', 'role': 'editor', 'save': 'save', - 'message': 'add me to your organization'}, - extra_environ={"REMOTE_USER": test_username}) + ret_page = app.post(url, params={'organization': 'hdx-test-org', 'role': 'editor', 'save': 'save', + 'message': 'add me to your organization'}, + headers={'Authorization': test_username_token}) member_requests = self._get_action('member_request_list')(context, {'group': 'hdx-test-org'}) assert len(member_requests) == 1, 'Exactly one member request should exist for this org' assert member_requests[0].get('user_name') == test_username diff --git a/ckanext-hdx_pages/ckanext/hdx_pages/tests/test_controller.py b/ckanext-hdx_pages/ckanext/hdx_pages/tests/test_controller.py index 8fb7cabe80..fcee3f0691 100644 --- a/ckanext-hdx_pages/ckanext/hdx_pages/tests/test_controller.py +++ b/ckanext-hdx_pages/ckanext/hdx_pages/tests/test_controller.py @@ -244,7 +244,7 @@ def test_page_delete(self, app): eldeleted_page = _get_action('page_show')(context_sysadmin, {'id': page_eldeleted.get('name')}) try: url = h.url_for(u'hdx_custom_page.delete_page', id=eldeleted_page.get('id')) - page_delete = app.post(url, extra_environ={"REMOTE_USER": USER}) + page_delete = app.post(url, headers={'Authorization': self._get_token_for_user(USER)}) assert 'Page not found' in page_delete.body, 'page doesn\'t exist' assert '404 Not Found'.lower() in page_delete.status.lower() except logic.NotAuthorized: diff --git a/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/admin/carousel.js b/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/admin/carousel.js index 79fc5ac10e..fe18a09512 100644 --- a/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/admin/carousel.js +++ b/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/admin/carousel.js @@ -49,6 +49,7 @@ options.emulateJSON = true; // Important because your sending formdata options.processData = false; options.contentType = false; + options.headers = hdxUtil.net.getCsrfTokenAsObject(); return Backbone.Model.prototype.sync.call(this, method, model, options); // return Backbone.sync.apply(this, arguments); diff --git a/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/admin/package_links.js b/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/admin/package_links.js index 96b0b66ed0..a43b2fa7db 100644 --- a/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/admin/package_links.js +++ b/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/admin/package_links.js @@ -51,6 +51,7 @@ options.emulateJSON = true; // Important because your sending formdata options.processData = false; options.contentType = false; + options.headers = hdxUtil.net.getCsrfTokenAsObject(); return Backbone.Model.prototype.sync.call(this, method, model, options); // return Backbone.sync.apply(this, arguments); diff --git a/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/admin/quick_links.js b/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/admin/quick_links.js index 564dacbffd..f50dc302c9 100644 --- a/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/admin/quick_links.js +++ b/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/admin/quick_links.js @@ -50,6 +50,7 @@ options.emulateJSON = true; // Important because your sending formdata options.processData = false; options.contentType = false; + options.headers = hdxUtil.net.getCsrfTokenAsObject(); return Backbone.Model.prototype.sync.call(this, method, model, options); // return Backbone.sync.apply(this, arguments); diff --git a/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/contribute_flow/backbone-model-file-upload.js b/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/contribute_flow/backbone-model-file-upload.js index a46205f34f..249f93ccf1 100644 --- a/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/contribute_flow/backbone-model-file-upload.js +++ b/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/contribute_flow/backbone-model-file-upload.js @@ -101,6 +101,7 @@ options.data = formData; options.processData = false; options.contentType = false; + options.headers = hdxUtil.net.getCsrfTokenAsObject(); // Handle "progress" events if (!options.xhr) { @@ -173,4 +174,4 @@ // Export out to override Backbone Model Backbone.Model = BackboneModelFileUpload; -})); \ No newline at end of file +})); diff --git a/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/contribute_flow/contribute_flow_main.js b/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/contribute_flow/contribute_flow_main.js index 0c0fadbd1b..164aa43c07 100644 --- a/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/contribute_flow/contribute_flow_main.js +++ b/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/contribute_flow/contribute_flow_main.js @@ -63,29 +63,33 @@ formDataArray.push({'name': 'id', 'value': datasetId}); - $.post(validateUrl, formDataArray, - function (data, status, xhr) { - data.error_summary = data.error_summary ? data.error_summary : {}; - - // Resources are not required for metadata-only datasets - if (!data.data.is_requestdata_type && (!resourceDataArray || resourceDataArray.length === 0)) { - data.error_summary['resource-list'] = 'Please add at least 1 resource to the dataset'; - - } - - // Tags are required for metadata-only datasets - if (data.data.is_requestdata_type && data.data.tag_string.length === 0) { - data.errors.tag_string = ['Missing value']; - } - - contributeGlobal.updateValidationUi(data, status, xhr); - // contributeGlobal._managePrivateField(); - deferred.resolve(contributeGlobal.validateSucceeded(data, status)); - moduleLog('Validation finished'); + $.ajax({ + url: validateUrl, + type: 'POST', + data: formDataArray, + headers: hdxUtil.net.getCsrfTokenAsObject(), + success: function (data, status, xhr) { + data.error_summary = data.error_summary ? data.error_summary : {}; + + // Resources are not required for metadata-only datasets + if (!data.data.is_requestdata_type && (!resourceDataArray || resourceDataArray.length === 0)) { + data.error_summary['resource-list'] = 'Please add at least 1 resource to the dataset'; + } + // Tags are required for metadata-only datasets + if (data.data.is_requestdata_type && data.data.tag_string.length === 0) { + data.errors.tag_string = ['Missing value']; } - ).fail(contributeGlobal.recoverFromServerError); + contributeGlobal.updateValidationUi(data, status, xhr); + // contributeGlobal._managePrivateField(); + deferred.resolve(contributeGlobal.validateSucceeded(data, status)); + moduleLog('Validation finished'); + }, + error: function (xhr, status, error) { + contributeGlobal.recoverFromServerError(); + } + }); }.bind(this) ); @@ -156,12 +160,19 @@ contributeGlobal.controlUserWaitingWidget(true, 'Saving dataset form...'); $.when(analyticsPromise).done(function () { - $.post(requestUrl, formDataArray, - function (data, status, xhr) { - contributeGlobal.updateInnerState(data, status); - deferred.resolve(data, status, xhr); - } - ).fail(contributeGlobal.recoverFromServerError); + $.ajax({ + url: requestUrl, + type: 'POST', + data: formDataArray, + headers: hdxUtil.net.getCsrfTokenAsObject(), + success: function (data, status, xhr) { + contributeGlobal.updateInnerState(data, status); + deferred.resolve(data, status, xhr); + }, + error: function (xhr, status, error) { + contributeGlobal.recoverFromServerError(); + } + }); }); } } diff --git a/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/country/custom/country-custom.js b/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/country/custom/country-custom.js index d3c0ef02bd..b839ce1644 100644 --- a/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/country/custom/country-custom.js +++ b/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/country/custom/country-custom.js @@ -141,6 +141,7 @@ function autoGraph() { type: 'POST', dataType: 'json', url: '/api/3/action/datastore_search_sql', + headers: hdxUtil.net.getCsrfTokenAsObject(), data: urldata, index: sIdx, success: function (data) { @@ -436,6 +437,7 @@ function loadMapData(map, confJson, layers){ type: 'POST', dataType: 'json', url: '/api/3/action/datastore_search_sql', + headers: hdxUtil.net.getCsrfTokenAsObject(), data: urldata, success: function(result){ values = processMapValues(result.result.records, confJson, pcodeColumnName, valueColumnName, descriptionColumnName); diff --git a/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/crisis/ebola/ebola_crisis_page_graph.js b/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/crisis/ebola/ebola_crisis_page_graph.js index 0414eb6a15..f58eef7b40 100644 --- a/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/crisis/ebola/ebola_crisis_page_graph.js +++ b/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/crisis/ebola/ebola_crisis_page_graph.js @@ -11,6 +11,7 @@ $.ajax({ type: 'POST', dataType: 'json', url: '/api/3/action/datastore_search_sql', + headers: hdxUtil.net.getCsrfTokenAsObject(), data: data, success: function(data) { var processedData = processData(data.result.records); @@ -55,7 +56,7 @@ function processData(dataIn){ data[data.length-1]['cases'][e['Country']]=e['value']; } else { data[data.length-1]['cases']['other']+=e['value']; - } + } } }); return data; @@ -65,9 +66,9 @@ function generateLineChart(id,data){ data.forEach(function(e){ e.date = new Date(e.date); }); - + var varNames = d3.keys(data[0].deaths).filter(function (key) { return key !== 'total';});; - + var seriesDeathArr = [], series = {}; varNames.forEach(function (name) { series[name] = {name: name, values:[]}; @@ -78,7 +79,7 @@ function generateLineChart(id,data){ series[name].values.push({label: d.date, value: +d.deaths[name]}); }); }); - + var seriesDeathArr = [], series = {}; varNames.forEach(function (name) { series[name] = {name: name, values:[]}; @@ -88,12 +89,12 @@ function generateLineChart(id,data){ varNames.map(function (name) { series[name].values.push({label: d.date, value: +d.deaths[name]}); }); - }); - + }); + var deathColor = d3.scale.ordinal() //.range(["#B71C1C","#E53935","#EF9A9A","#FFEBEE"]); .range(["#f2645a","#F58A83","#F8B1AC","#FBD8D5"]); - + var seriesCaseArr = [], series = {}; varNames.forEach(function (name) { series[name] = {name: name, values:[]}; @@ -103,7 +104,7 @@ function generateLineChart(id,data){ varNames.map(function (name) { series[name].values.push({label: d.date, value: +d.cases[name]}); }); - }); + }); var caseColor = d3.scale.ordinal() //.range(["#1A237E","#3949AB","#7986CB","#E8EAF6"]) @@ -118,10 +119,10 @@ function generateLineChart(id,data){ var y = d3.scale.linear() .range([height, 0]); - - x.domain(d3.extent(data, function(d) { + + x.domain(d3.extent(data, function(d) { return d.date; })); - y.domain([0,d3.max(data, function(d) { return d.cases.total; })]); + y.domain([0,d3.max(data, function(d) { return d.cases.total; })]); var xAxis = d3.svg.axis() .scale(x) @@ -169,7 +170,7 @@ function generateLineChart(id,data){ .x(function (d) { return x(d.label); }) .y0(function (d) { return y(d.y0); }) .y1(function (d) { return y(d.y0 + d.y); }); - + stack(seriesDeathArr); stack(seriesCaseArr); var svg = d3.select(id).append("svg") @@ -360,7 +361,7 @@ function generateLineChart(id,data){ d3.selectAll(".deathPath").transition().duration(500).attr("opacity",0); d3.selectAll(".linelabels").transition().duration(500).attr("opacity",1); d3.selectAll(".areadeathlabels").transition().duration(500).attr("opacity",0); - }); + }); svg.append("path") .datum(data) @@ -379,4 +380,4 @@ function generateLineChart(id,data){ d3.selectAll(".areacaselabels").transition().duration(500).attr("opacity",0); d3.selectAll(".deathline").transition().duration(500).attr("opacity",1); }); -} \ No newline at end of file +} diff --git a/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/qa/qa-package.js b/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/qa/qa-package.js index b5601b6ee1..5336c02211 100644 --- a/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/qa/qa-package.js +++ b/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/qa/qa-package.js @@ -15,17 +15,22 @@ function _updateQuarantine(resource, flag) { "_csrf_token": csrf_value }; let promise = new Promise((resolve, reject) => { - $.post('/api/action/hdx_qa_resource_patch', body) - .done((result) => { - if (result.success){ + $.ajax({ + url: '/api/action/hdx_qa_resource_patch', + type: 'POST', + data: body, + headers: hdxUtil.net.getCsrfTokenAsObject(), + success: function (result) { + if (result.success) { resolve(result); } else { reject(result); } - }) - .fail((result) => { + }, + error: function (result) { reject(result); - }); + } + }); }); return promise; } @@ -38,17 +43,22 @@ function _updateBrokenLink(resource, flag) { "_csrf_token": csrf_value }; let promise = new Promise((resolve, reject) => { - $.post('/api/action/hdx_mark_broken_link_in_resource', body) - .done((result) => { - if (result.success){ + $.ajax({ + url: '/api/action/hdx_mark_broken_link_in_resource', + type: 'POST', + data: body, + headers: hdxUtil.net.getCsrfTokenAsObject(), + success: function (result) { + if (result.success) { resolve(result); } else { reject(result); } - }) - .fail((result) => { + }, + error: function (result) { reject(result); - }); + } + }); }); return promise; } @@ -63,17 +73,22 @@ function _updateAllResourcesKeyValue(package,key,value) { }; let promise = new Promise((resolve, reject) => { - $.post('/api/action/hdx_qa_package_revise_resource', body) - .done((result) => { - if (result.success){ + $.ajax({ + url: '/api/action/hdx_qa_package_revise_resource', + type: 'POST', + data: body, + headers: hdxUtil.net.getCsrfTokenAsObject(), + success: function (result) { + if (result.success) { resolve(result); } else { reject(result); } - }) - .fail((result) => { + }, + error: function (result) { reject(result); - }); + } + }); }); return promise; } @@ -187,7 +202,13 @@ function _updateResourceConfirmState(resource, flag, score, piiReportId) { let promise = new Promise((resolve, reject) => { const mixpanelPromise = hdxUtil.analytics.sendQADashboardEvent(resource,flag,score,piiReportId); - const patchPromise = $.post('/api/action/hdx_qa_resource_patch', body); + const patchPromise = $.ajax({ + url: '/api/action/hdx_qa_resource_patch', + type: 'POST', + data: body, + headers: hdxUtil.net.getCsrfTokenAsObject(), + }); + mixpanelPromise.then((mixpanelResults) => { patchPromise .done((result) => { diff --git a/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/requestdata_/modal-form.js b/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/requestdata_/modal-form.js index 479f35717f..c46889dd92 100644 --- a/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/requestdata_/modal-form.js +++ b/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/requestdata_/modal-form.js @@ -24,7 +24,15 @@ ckan.module('hdx-modal-form', function($) { } var base_url = ckan.sandbox().client.endpoint; var url = base_url + '/api/' + api_ver + '/action/' + action; - return $.post(url, JSON.stringify(data), "json"); + return $.ajax({ + url: url, + type: 'POST', + contentType: 'application/json', + data: JSON.stringify(data), + dataType: 'json', + headers: hdxUtil.net.getCsrfTokenAsObject(), + }); + } }; @@ -167,6 +175,7 @@ ckan.module('hdx-modal-form', function($) { data: formData, processData: false, contentType: false, + headers: hdxUtil.net.getCsrfTokenAsObject(), type: 'POST' }) .done(function(data) { diff --git a/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/widget/faq/faq.js b/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/widget/faq/faq.js index 4897b8bc78..bdc4f057dd 100644 --- a/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/widget/faq/faq.js +++ b/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/widget/faq/faq.js @@ -79,7 +79,12 @@ $(document).ready(function(){ var analyticsPromise = hdxUtil.analytics.sendMessagingEvent('faq', 'faq', $this.find('select[name="topic"]').val(), null, false); - var postPromise = $.post('/faq/contact_us', $this.serialize()); + var postPromise = $.ajax({ + url: '/faq/contact_us', + type: 'POST', + data: $this.serialize(), + headers: hdxUtil.net.getCsrfTokenAsObject(), + }); $.when(postPromise, analyticsPromise).then( function (postData, analyticsData) { diff --git a/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/widget/membership/contact-contributor.js b/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/widget/membership/contact-contributor.js index bb8bb4da70..f916c2e739 100644 --- a/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/widget/membership/contact-contributor.js +++ b/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/widget/membership/contact-contributor.js @@ -10,7 +10,12 @@ $(document).ready(function(){ var analyticsPromise = hdxUtil.analytics.sendMessagingEvent('dataset', 'contact contributor', $this.find('select[name="topic"]').val(), null, true); - var postPromise = $.post('/membership/contact_contributor', $this.serialize()); + var postPromise = $.ajax({ + url: '/membership/contact_contributor', + type: 'POST', + data: $this.serialize(), + headers: hdxUtil.net.getCsrfTokenAsObject(), + }); $.when(postPromise, analyticsPromise).then( function (postData, analyticsData) { diff --git a/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/widget/membership/group-message.js b/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/widget/membership/group-message.js index cb8b713cf8..9d319beefe 100644 --- a/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/widget/membership/group-message.js +++ b/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/widget/membership/group-message.js @@ -18,7 +18,12 @@ $(document).ready(function(){ var analyticsPromise = hdxUtil.analytics.sendMessagingEvent('dataset', 'group message', null, $this.find('select[name="topic"]').val(), true); - var postPromise = $.post('/membership/contact_members', $this.serialize()); + var postPromise = $.ajax({ + url: '/membership/contact_members', + type: 'POST', + data: $this.serialize(), + headers: hdxUtil.net.getCsrfTokenAsObject(), + }); $.when(postPromise, analyticsPromise).then( function (postData, analyticsData) { diff --git a/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/widget/onboarding/follow.js b/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/widget/onboarding/follow.js index 8379b88890..4dcb6d8695 100644 --- a/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/widget/onboarding/follow.js +++ b/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/widget/onboarding/follow.js @@ -49,13 +49,20 @@ $(document).ready(function(){ $('#follow-form-item-loading').hide(); $('#follow-form').on("submit", function(){ $this = $(this); - $.post('/user/follow_details', $this.serialize(), function(result_data){ + $.ajax({ + url: '/user/follow_details', + type: 'POST', + data: $this.serialize(), + headers: hdxUtil.net.getCsrfTokenAsObject(), + success: function (result_data) { var result = JSON.parse(result_data); - if (result.success){ - closeCurrentWidget($this);showOnboardingWidget('#selectOrgPopup'); + if (result.success) { + closeCurrentWidget($this); + showOnboardingWidget('#selectOrgPopup'); } else { - alert("Can't follow org: " + result.error.message); + alert("Can't follow org: " + result.error.message); } + } }); return false; }); diff --git a/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/widget/onboarding/invite.js b/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/widget/onboarding/invite.js index 5fdc1e6ff1..af6ca57505 100644 --- a/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/widget/onboarding/invite.js +++ b/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/widget/onboarding/invite.js @@ -1,14 +1,22 @@ $(document).ready(function(){ $('#invite-form').on('submit', function(){ $this = $(this); - $.post('/user/invite_friends', $this.serialize(), function(result_data){ - var result = JSON.parse(result_data); - if (result.success){ - closeCurrentWidget($this);showOnboardingWidget('#donePopup'); - } else { - alert("Can't invite friends: " + result.error.message); - } - }); + $.ajax({ + url: '/user/invite_friends', + type: 'POST', + data: $this.serialize(), + headers: hdxUtil.net.getCsrfTokenAsObject(), + success: function (result_data) { + var result = JSON.parse(result_data); + if (result.success) { + closeCurrentWidget($this); + showOnboardingWidget('#donePopup'); + } else { + alert("Can't invite friends: " + result.error.message); + } + } + }); + return false; }); -}); \ No newline at end of file +}); diff --git a/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/widget/onboarding/recover.js b/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/widget/onboarding/recover.js index 393f75589b..a84788cc1f 100644 --- a/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/widget/onboarding/recover.js +++ b/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/widget/onboarding/recover.js @@ -3,16 +3,23 @@ $(document).ready(function(){ $recoverForm.on("submit", function () { $this = $(this); - $.post("/user/reset", $this.serialize(), function (result_data) { + $.ajax({ + url: "/user/reset", + type: 'POST', + data: $this.serialize(), + headers: hdxUtil.net.getCsrfTokenAsObject(), + success: function (result_data) { var result = JSON.parse(result_data); if (result.success) { - closeCurrentWidget($this); showOnboardingWidget('#recoverSuccessPopup'); + closeCurrentWidget($this); + showOnboardingWidget('#recoverSuccessPopup'); } else { - var errMsg = $("#recoverPopup").find(".error-message"); - errMsg.text(result.error.message); - $("#field-recover-id").addClass("error"); - errMsg.show(); + var errMsg = $("#recoverPopup").find(".error-message"); + errMsg.text(result.error.message); + $("#field-recover-id").addClass("error"); + errMsg.show(); } + } }); return false; diff --git a/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/widget/onboarding/register.js b/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/widget/onboarding/register.js index 8b8ca5d846..c44d4bbdee 100644 --- a/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/widget/onboarding/register.js +++ b/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/widget/onboarding/register.js @@ -7,22 +7,28 @@ $(document).ready(function(){ $this = $(this); $iframe = $($(".g-recaptcha").find("iframe:first")); $iframe.css("border", ""); - $.post("/user/register_details", $this.serialize(), function (result_data) { + $.ajax({ + url: "/user/register_details", + type: 'POST', + data: $this.serialize(), + headers: hdxUtil.net.getCsrfTokenAsObject(), + success: function (result_data) { var result = JSON.parse(result_data); if (result.success) { - $this.unbind("submit"); - $this.attr("action", "/user/login?came_from=/dataset"); - hdxUtil.analytics.sendUserRegisteredEvent("user register").then(function(){ - $this.submit(); - }); + $this.unbind("submit"); + $this.attr("action", "/user/login?came_from=/dataset"); + hdxUtil.analytics.sendUserRegisteredEvent("user register").then(function () { + $this.submit(); + }); } else { - if (result.error.message == "Captcha is not valid"){ - $iframe.css("border", "1px solid red"); - } else { - alert("Can't register: " + result.error.message); - // grecaptcha.reset(); - } + if (result.error.message == "Captcha is not valid") { + $iframe.css("border", "1px solid red"); + } else { + alert("Can't register: " + result.error.message); + // grecaptcha.reset(); + } } + } }); return false; diff --git a/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/widget/onboarding/select-organisation.js b/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/widget/onboarding/select-organisation.js index 7cc4d5acce..aea76f5587 100644 --- a/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/widget/onboarding/select-organisation.js +++ b/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/widget/onboarding/select-organisation.js @@ -20,34 +20,45 @@ $(document).ready(function(){ $selectOrgForm.on('submit', function(){ $this = $(this); - $.post('/user/request_membership', $this.serialize(), function(result_data){ + $.ajax({ + url: '/user/request_membership', + type: 'POST', + data: $this.serialize(), + headers: hdxUtil.net.getCsrfTokenAsObject(), + success: function (result_data) { var result = JSON.parse(result_data); $sel = $($("#select-organisation-form .select2-container.mTop20.required").find("a:first")); $sel.css("border", ""); - if (result.success){ - closeCurrentWidget($this); - let skipNext = false; - if ($this.attr('skipNext') === 'true') { - $this.removeAttr('skipNext'); - skipNext = true; - } - if (!skipNext) { - $selectOrgForm[0].reset(); - showOnboardingWidget('#invitePopup'); - } + if (result.success) { + closeCurrentWidget($this); + let skipNext = false; + if ($this.attr('skipNext') === 'true') { + $this.removeAttr('skipNext'); + skipNext = true; + } + if (!skipNext) { + $selectOrgForm[0].reset(); + showOnboardingWidget('#invitePopup'); + } } else { - alert("Can't join org: " + result.error.message); - $sel.css("border", "1px solid red"); + alert("Can't join org: " + result.error.message); + $sel.css("border", "1px solid red"); } + } }); return false; }); $createOrgForm.on('submit', function(){ $this = $(this); - $.post('/user/request_new_organization', $this.serialize(), function(result_data){ + $.ajax({ + url: '/user/request_new_organization', + type: 'POST', + data: $this.serialize(), + headers: hdxUtil.net.getCsrfTokenAsObject(), + success: function (result_data) { var result = JSON.parse(result_data); - if (result.success){ + if (result.success) { let skipNext = false; if ($this.attr('skipNext') === 'true') { $this.removeAttr('skipNext'); @@ -55,12 +66,13 @@ $(document).ready(function(){ } $createOrgForm[0].reset(); closeCurrentWidget($this); - if(!skipNext && $('#user_extra').val() === 'True'){ + if (!skipNext && $('#user_extra').val() === 'True') { showOnboardingWidget('#invitePopup'); } } else { - alert("Can't create org: " + result.error.message); + alert("Can't create org: " + result.error.message); } + } }); return false; }); diff --git a/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/widget/onboarding/signup.js b/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/widget/onboarding/signup.js index 6035c44c4b..27a433730f 100644 --- a/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/widget/onboarding/signup.js +++ b/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/widget/onboarding/signup.js @@ -12,44 +12,50 @@ $(document).ready(function(){ 'g-recaptcha-response': grecaptcha.getResponse() }; - $.post(url, data, function(result_data){ + $.ajax({ + url: url, + type: 'POST', + data: data, + headers: hdxUtil.net.getCsrfTokenAsObject(), + success: function (result_data) { var result = JSON.parse(result_data); console.log(result); - if (result.success){ - hdxUtil.analytics.sendUserRegisteredEvent("submit email register").then(function() { - //check for newsletter - we're moving the registration to the backend - // if ($("#signup-send-updates").is(":checked")){ - // console.log("Attempt to register to newsletter!"); - // $.ajax({ - // url: "//unocha.us2.list-manage.com/subscribe/post-json", - // dataType: "jsonp", - // jsonp: "c", - // data: { - // u: "83487eb1105d72ff2427e4bd7", - // id: "6fd988326c", - // EMAIL: email, - // subscribe: "Subscribe", - // _: Date.now() - // }, - // success: function(result){ - // if (result.result == "success") - // console.log("Registered to the newsletter!"); - // else - // console.log("Error:" + JSON.stringify(result)); - // } - // }); - // } + if (result.success) { + hdxUtil.analytics.sendUserRegisteredEvent("submit email register").then(function () { + //check for newsletter - we're moving the registration to the backend + // if ($("#signup-send-updates").is(":checked")){ + // console.log("Attempt to register to newsletter!"); + // $.ajax({ + // url: "//unocha.us2.list-manage.com/subscribe/post-json", + // dataType: "jsonp", + // jsonp: "c", + // data: { + // u: "83487eb1105d72ff2427e4bd7", + // id: "6fd988326c", + // EMAIL: email, + // subscribe: "Subscribe", + // _: Date.now() + // }, + // success: function(result){ + // if (result.result == "success") + // console.log("Registered to the newsletter!"); + // else + // console.log("Error:" + JSON.stringify(result)); + // } + // }); + // } - $("#verifyPopup").find(".verify-email").html(email); - closeCurrentWidget($(".signup-widget:first")); - showOnboardingWidget('#verifyPopup'); - }); + $("#verifyPopup").find(".verify-email").html(email); + closeCurrentWidget($(".signup-widget:first")); + showOnboardingWidget('#verifyPopup'); + }); } else { - var errMsg = $signupForm.find(".error-message"); - errMsg.text(result.error.message); - $("#field-email").addClass("error"); - errMsg.show(); + var errMsg = $signupForm.find(".error-message"); + errMsg.text(result.error.message); + $("#field-email").addClass("error"); + errMsg.show(); } + } }); } grecaptcha.reset(); diff --git a/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/widget/security/popup-security.js b/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/widget/security/popup-security.js index edb3608833..e260ddd1cc 100644 --- a/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/widget/security/popup-security.js +++ b/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/widget/security/popup-security.js @@ -9,10 +9,15 @@ $(document).ready(function() { msgContainer.removeClass('alert-success'); msgContainer.removeClass('alert-danger'); - $.post(`/user/configure_mfa/${userName}`, body) - .done((response) => { + $.ajax({ + url: `/user/configure_mfa/${userName}`, + type: 'POST', + headers: hdxUtil.net.getCsrfTokenAsObject(), + contentType: 'application/json', + data: JSON.stringify(body), + success: function (response) { const result = JSON.parse(response); - if (result.success == true){ + if (result.success == true) { msgContainer.html('Code is valid, two-step verification is configured correctly!'); msgContainer.addClass('alert-success'); msgContainer.show(); @@ -25,11 +30,12 @@ $(document).ready(function() { msgContainer.addClass('alert-danger'); msgContainer.show(); } - }) - .fail((result) => { + }, + error: function () { msgContainer.html('Error while attempting test!'); msgContainer.addClass('alert-danger'); - }); + } + }); } function toggleTwoStep(on = false) { diff --git a/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/widget/tags/request-tags.js b/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/widget/tags/request-tags.js index 31eac8b8e5..d2521148b1 100644 --- a/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/widget/tags/request-tags.js +++ b/ckanext-hdx_theme/ckanext/hdx_theme/fanstatic/widget/tags/request-tags.js @@ -106,7 +106,12 @@ $(document).ready(function () { } } - var postPromise = $.post('/request_tags/suggest', $this.serialize()); + var postPromise = $.ajax({ + url: '/request_tags/suggest', + type: 'POST', + data: $this.serialize(), + headers: hdxUtil.net.getCsrfTokenAsObject(), + }); $.when(postPromise).then( function (postData) { diff --git a/ckanext-hdx_theme/ckanext/hdx_theme/hdx-styles/src/common/scripts/application.js b/ckanext-hdx_theme/ckanext/hdx_theme/hdx-styles/src/common/scripts/application.js index f2a64bd599..79c8a8cda5 100644 --- a/ckanext-hdx_theme/ckanext/hdx_theme/hdx-styles/src/common/scripts/application.js +++ b/ckanext-hdx_theme/ckanext/hdx_theme/hdx-styles/src/common/scripts/application.js @@ -1173,6 +1173,7 @@ CKAN.Utils = function($, my) { contentType: 'application/json', url: CKAN.SITE_URL + '/api/3/action/related_' + action, data: data ? JSON.stringify(data) : undefined, + headers: hdxUtil.net.getCsrfTokenAsObject(), error: function(err, txt, w) { // This needs to be far more informative. addAlert('Error: Unable to ' + action + ' related item'); @@ -1301,9 +1302,15 @@ CKAN.Utils = function($, my) { $target.addClass('depressed'); raw_markdown=textarea.val(); preview.html(""+CKAN.Strings.loading+""); - $.post(CKAN.SITE_URL + "/api/util/markdown", { q: raw_markdown }, - function(data) { preview.html(data); } - ); + $.ajax({ + url: CKAN.SITE_URL + "/api/util/markdown", + type: 'POST', + data: {q: raw_markdown}, + headers: hdxUtil.net.getCsrfTokenAsObject(), + success: function (data) { + preview.html(data); + } + }); preview.width(textarea.width()); preview.height(textarea.height()); textarea.hide(); @@ -1438,6 +1445,7 @@ CKAN.Utils = function($, my) { dataType: 'json', processData: false, type: 'POST', + headers: hdxUtil.net.getCsrfTokenAsObject(), success: function(data) { button.setAttribute('data-state', nextState); button.innerHTML = nextString; diff --git a/ckanext-hdx_theme/ckanext/hdx_theme/public/scripts/application.js b/ckanext-hdx_theme/ckanext/hdx_theme/public/scripts/application.js index f2a64bd599..63e3d349f8 100644 --- a/ckanext-hdx_theme/ckanext/hdx_theme/public/scripts/application.js +++ b/ckanext-hdx_theme/ckanext/hdx_theme/public/scripts/application.js @@ -1173,6 +1173,7 @@ CKAN.Utils = function($, my) { contentType: 'application/json', url: CKAN.SITE_URL + '/api/3/action/related_' + action, data: data ? JSON.stringify(data) : undefined, + headers: hdxUtil.net.getCsrfTokenAsObject(), error: function(err, txt, w) { // This needs to be far more informative. addAlert('Error: Unable to ' + action + ' related item'); @@ -1301,9 +1302,15 @@ CKAN.Utils = function($, my) { $target.addClass('depressed'); raw_markdown=textarea.val(); preview.html(""+CKAN.Strings.loading+""); - $.post(CKAN.SITE_URL + "/api/util/markdown", { q: raw_markdown }, - function(data) { preview.html(data); } - ); + $.ajax({ + url: CKAN.SITE_URL + "/api/util/markdown", + type: 'POST', + headers: hdxUtil.net.getCsrfTokenAsObject(), + data: {q: raw_markdown}, + success: function (data) { + preview.html(data); + } + }); preview.width(textarea.width()); preview.height(textarea.height()); textarea.hide(); @@ -1438,6 +1445,7 @@ CKAN.Utils = function($, my) { dataType: 'json', processData: false, type: 'POST', + headers: hdxUtil.net.getCsrfTokenAsObject(), success: function(data) { button.setAttribute('data-state', nextState); button.innerHTML = nextString; diff --git a/ckanext-hdx_theme/ckanext/hdx_theme/templates/admin/all_requests_data.html b/ckanext-hdx_theme/ckanext/hdx_theme/templates/admin/all_requests_data.html index abf3ddc2cc..460f65aa0b 100644 --- a/ckanext-hdx_theme/ckanext/hdx_theme/templates/admin/all_requests_data.html +++ b/ckanext-hdx_theme/ckanext/hdx_theme/templates/admin/all_requests_data.html @@ -5,7 +5,7 @@ {{ super() }} {% asset 'requestdata/main-styles' %} {% asset 'hdx_theme/requestdata-styles' %} - {% asset 'hdx_theme/search-styles' %} + {% asset 'hdx_theme/dataset-search-styles' %} {% asset 'vendor/select2-css' %} {% endblock %} diff --git a/ckanext-hdx_theme/ckanext/hdx_theme/templates/ajax_snippets/reject_request_form.html b/ckanext-hdx_theme/ckanext/hdx_theme/templates/ajax_snippets/reject_request_form.html index dd34ce88e3..79ba5591d1 100644 --- a/ckanext-hdx_theme/ckanext/hdx_theme/templates/ajax_snippets/reject_request_form.html +++ b/ckanext-hdx_theme/ckanext/hdx_theme/templates/ajax_snippets/reject_request_form.html @@ -34,6 +34,7 @@ Decline the request
+ {{ h.csrf_input() }}
diff --git a/ckanext-hdx_theme/ckanext/hdx_theme/templates/ajax_snippets/reply_request_form.html b/ckanext-hdx_theme/ckanext/hdx_theme/templates/ajax_snippets/reply_request_form.html index d27020bbc1..6d0bb17572 100644 --- a/ckanext-hdx_theme/ckanext/hdx_theme/templates/ajax_snippets/reply_request_form.html +++ b/ckanext-hdx_theme/ckanext/hdx_theme/templates/ajax_snippets/reply_request_form.html @@ -33,6 +33,7 @@ Reply to this request + {{ h.csrf_input() }}
diff --git a/ckanext-hdx_theme/ckanext/hdx_theme/templates/ajax_snippets/request_contact.html b/ckanext-hdx_theme/ckanext/hdx_theme/templates/ajax_snippets/request_contact.html index 16cad4ba58..a22dcdbccf 100644 --- a/ckanext-hdx_theme/ckanext/hdx_theme/templates/ajax_snippets/request_contact.html +++ b/ckanext-hdx_theme/ckanext/hdx_theme/templates/ajax_snippets/request_contact.html @@ -26,6 +26,7 @@ Dataset {{ package_name }} + {{ h.csrf_input() }} {% if pending_request %}
{{ _('You already have a pending request. Please wait for the reply.') }}
{% else %} diff --git a/ckanext-hdx_theme/ckanext/hdx_theme/templates/contribute_flow/create_edit.html b/ckanext-hdx_theme/ckanext/hdx_theme/templates/contribute_flow/create_edit.html index 9bddfcb749..7ebbaf8dfe 100644 --- a/ckanext-hdx_theme/ckanext/hdx_theme/templates/contribute_flow/create_edit.html +++ b/ckanext-hdx_theme/ckanext/hdx_theme/templates/contribute_flow/create_edit.html @@ -164,6 +164,7 @@ {% endif %} + {{ h.csrf_input() }} {% if data.is_requestdata_type %} {% endif %} diff --git a/ckanext-hdx_theme/ckanext/hdx_theme/templates/group/snippets/history_revisions.html b/ckanext-hdx_theme/ckanext/hdx_theme/templates/group/snippets/history_revisions.html index babb24a121..e48ba59c89 100644 --- a/ckanext-hdx_theme/ckanext/hdx_theme/templates/group/snippets/history_revisions.html +++ b/ckanext-hdx_theme/ckanext/hdx_theme/templates/group/snippets/history_revisions.html @@ -1,6 +1,7 @@ {% import 'macros/form.html' as form %} + {{ h.csrf_input() }} {{ form.errors(error_summary) }} @@ -9,4 +10,4 @@ -
\ No newline at end of file + diff --git a/ckanext-hdx_theme/ckanext/hdx_theme/templates/organization/bulk_process.html b/ckanext-hdx_theme/ckanext/hdx_theme/templates/organization/bulk_process.html index 936ed7d00d..c90bd84fb5 100644 --- a/ckanext-hdx_theme/ckanext/hdx_theme/templates/organization/bulk_process.html +++ b/ckanext-hdx_theme/ckanext/hdx_theme/templates/organization/bulk_process.html @@ -26,6 +26,7 @@

{% block form %} {% if c.page.item_count %}
+ {{ h.csrf_input() }} diff --git a/ckanext-hdx_theme/ckanext/hdx_theme/templates/organization/members.html b/ckanext-hdx_theme/ckanext/hdx_theme/templates/organization/members.html index 1ff3fdd985..b06e661f7b 100644 --- a/ckanext-hdx_theme/ckanext/hdx_theme/templates/organization/members.html +++ b/ckanext-hdx_theme/ckanext/hdx_theme/templates/organization/members.html @@ -198,6 +198,7 @@
+ {{ h.csrf_input() }}
Add / invite colleagues to this organisation
diff --git a/ckanext-hdx_theme/ckanext/hdx_theme/templates/organization/snippets/add_member.html b/ckanext-hdx_theme/ckanext/hdx_theme/templates/organization/snippets/add_member.html index 3cc3240cd8..83a124cf8f 100644 --- a/ckanext-hdx_theme/ckanext/hdx_theme/templates/organization/snippets/add_member.html +++ b/ckanext-hdx_theme/ckanext/hdx_theme/templates/organization/snippets/add_member.html @@ -9,6 +9,7 @@ {% asset 'hdx_theme/hdx-autocomplete' %} + {{ h.csrf_input() }}
@@ -99,6 +100,7 @@

{{ _('Datasets in this showcase') }}

{% if c.showcase_pkgs %} + {{ h.csrf_input() }}
diff --git a/ckanext-hdx_theme/ckanext/hdx_theme/templates/showcase/new_package_form.html b/ckanext-hdx_theme/ckanext/hdx_theme/templates/showcase/new_package_form.html index a404c919af..990bc3f9c6 100644 --- a/ckanext-hdx_theme/ckanext/hdx_theme/templates/showcase/new_package_form.html +++ b/ckanext-hdx_theme/ckanext/hdx_theme/templates/showcase/new_package_form.html @@ -6,6 +6,7 @@ {% set showcase_delete_route = 'showcase_blueprint.delete' %} + {{ h.csrf_input() }} {# pkg_name used in 3 stage edit #} diff --git a/ckanext-hdx_theme/ckanext/hdx_theme/templates/snippets/confirmation_post.html b/ckanext-hdx_theme/ckanext/hdx_theme/templates/snippets/confirmation_post.html index 506ff50f75..2591cb2fb3 100644 --- a/ckanext-hdx_theme/ckanext/hdx_theme/templates/snippets/confirmation_post.html +++ b/ckanext-hdx_theme/ckanext/hdx_theme/templates/snippets/confirmation_post.html @@ -12,6 +12,7 @@