1
0
mirror of https://github.com/bitwarden/server.git synced 2024-12-23 17:07:42 +01:00

CRSF protection on deletes

This commit is contained in:
Kyle Spearrin 2018-03-22 21:21:57 -04:00
parent e920c8e9d2
commit ab370b6ca4
4 changed files with 30 additions and 26 deletions

View File

@ -80,6 +80,8 @@ namespace Bit.Admin.Controllers
return RedirectToAction("Edit", new { id });
}
[HttpPost]
[ValidateAntiForgeryToken]
public async Task<IActionResult> Delete(Guid id)
{
var organization = await _organizationRepository.GetByIdAsync(id);

View File

@ -77,6 +77,8 @@ namespace Bit.Admin.Controllers
return RedirectToAction("Edit", new { id });
}
[HttpPost]
[ValidateAntiForgeryToken]
public async Task<IActionResult> Delete(Guid id)
{
var user = await _userRepository.GetByIdAsync(id);

View File

@ -93,7 +93,7 @@
<dt class="col-sm-2">Modified</dt>
<dd class="col-sm-10">@Model.Organization.RevisionDate.ToString()</dd>
</dl>
<form method="post">
<form method="post" id="edit-form">
<h2>General</h2>
<div class="row">
<div class="col-sm">
@ -526,16 +526,16 @@
</div>
</div>
</div>
<div class="d-flex mt-4">
<button type="submit" class="btn btn-primary">Save</button>
<div class="ml-auto d-flex">
<button class="btn btn-secondary mr-2" type="button" id="enterprise-trial">
Enterprise Trial
</button>
<a class="btn btn-danger" asp-action="Delete" asp-route-id="@Model.Organization.Id"
onclick="return confirm('Are you sure you want to delete this organization (@Model.Organization.Name)?')">
Delete
</a>
</div>
</div>
</form>
<div class="d-flex mt-4">
<button type="submit" class="btn btn-primary" form="edit-form">Save</button>
<div class="ml-auto d-flex">
<button class="btn btn-secondary mr-2" type="button" id="enterprise-trial">
Enterprise Trial
</button>
<form asp-action="Delete" asp-route-id="@Model.Organization.Id"
onsubmit="return confirm('Are you sure you want to delete this organization (@Model.Organization.Name)?')">
<button class="btn btn-danger" type="submit">Delete</button>
</form>
</div>
</div>

View File

@ -73,7 +73,7 @@
<dt class="col-sm-2">Account Modified</dt>
<dd class="col-sm-10">@Model.User.AccountRevisionDate.ToString()</dd>
</dl>
<form method="post">
<form method="post" id="edit-form">
<h2>General</h2>
<div class="row">
<div class="col-sm">
@ -161,16 +161,16 @@
</div>
</div>
</div>
<div class="d-flex mt-4">
<button type="submit" class="btn btn-primary">Save</button>
<div class="ml-auto d-flex">
<button class="btn btn-secondary mr-2" type="button" id="upgrade-premium">
Upgrade Premium
</button>
<a class="btn btn-danger ml-auto" asp-action="Delete" asp-route-id="@Model.User.Id"
onclick="return confirm('Are you sure you want to delete this user (@Model.User.Email)?')">
Delete
</a>
</div>
</div>
</form>
<div class="d-flex mt-4">
<button type="submit" class="btn btn-primary" form="edit-form">Save</button>
<div class="ml-auto d-flex">
<button class="btn btn-secondary mr-2" type="button" id="upgrade-premium">
Upgrade Premium
</button>
<form asp-action="Delete" asp-route-id="@Model.User.Id"
onsubmit="return confirm('Are you sure you want to delete this user (@Model.User.Email)?')">
<button class="btn btn-danger" type="submit">Delete</button>
</form>
</div>
</div>