mirror of
https://github.com/bitwarden/server.git
synced 2024-12-23 17:07:42 +01:00
CRSF protection on deletes
This commit is contained in:
parent
e920c8e9d2
commit
ab370b6ca4
@ -80,6 +80,8 @@ namespace Bit.Admin.Controllers
|
||||
return RedirectToAction("Edit", new { id });
|
||||
}
|
||||
|
||||
[HttpPost]
|
||||
[ValidateAntiForgeryToken]
|
||||
public async Task<IActionResult> Delete(Guid id)
|
||||
{
|
||||
var organization = await _organizationRepository.GetByIdAsync(id);
|
||||
|
@ -77,6 +77,8 @@ namespace Bit.Admin.Controllers
|
||||
return RedirectToAction("Edit", new { id });
|
||||
}
|
||||
|
||||
[HttpPost]
|
||||
[ValidateAntiForgeryToken]
|
||||
public async Task<IActionResult> Delete(Guid id)
|
||||
{
|
||||
var user = await _userRepository.GetByIdAsync(id);
|
||||
|
@ -93,7 +93,7 @@
|
||||
<dt class="col-sm-2">Modified</dt>
|
||||
<dd class="col-sm-10">@Model.Organization.RevisionDate.ToString()</dd>
|
||||
</dl>
|
||||
<form method="post">
|
||||
<form method="post" id="edit-form">
|
||||
<h2>General</h2>
|
||||
<div class="row">
|
||||
<div class="col-sm">
|
||||
@ -526,16 +526,16 @@
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="d-flex mt-4">
|
||||
<button type="submit" class="btn btn-primary">Save</button>
|
||||
<div class="ml-auto d-flex">
|
||||
<button class="btn btn-secondary mr-2" type="button" id="enterprise-trial">
|
||||
Enterprise Trial
|
||||
</button>
|
||||
<a class="btn btn-danger" asp-action="Delete" asp-route-id="@Model.Organization.Id"
|
||||
onclick="return confirm('Are you sure you want to delete this organization (@Model.Organization.Name)?')">
|
||||
Delete
|
||||
</a>
|
||||
</div>
|
||||
</div>
|
||||
</form>
|
||||
<div class="d-flex mt-4">
|
||||
<button type="submit" class="btn btn-primary" form="edit-form">Save</button>
|
||||
<div class="ml-auto d-flex">
|
||||
<button class="btn btn-secondary mr-2" type="button" id="enterprise-trial">
|
||||
Enterprise Trial
|
||||
</button>
|
||||
<form asp-action="Delete" asp-route-id="@Model.Organization.Id"
|
||||
onsubmit="return confirm('Are you sure you want to delete this organization (@Model.Organization.Name)?')">
|
||||
<button class="btn btn-danger" type="submit">Delete</button>
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
|
@ -73,7 +73,7 @@
|
||||
<dt class="col-sm-2">Account Modified</dt>
|
||||
<dd class="col-sm-10">@Model.User.AccountRevisionDate.ToString()</dd>
|
||||
</dl>
|
||||
<form method="post">
|
||||
<form method="post" id="edit-form">
|
||||
<h2>General</h2>
|
||||
<div class="row">
|
||||
<div class="col-sm">
|
||||
@ -161,16 +161,16 @@
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="d-flex mt-4">
|
||||
<button type="submit" class="btn btn-primary">Save</button>
|
||||
<div class="ml-auto d-flex">
|
||||
<button class="btn btn-secondary mr-2" type="button" id="upgrade-premium">
|
||||
Upgrade Premium
|
||||
</button>
|
||||
<a class="btn btn-danger ml-auto" asp-action="Delete" asp-route-id="@Model.User.Id"
|
||||
onclick="return confirm('Are you sure you want to delete this user (@Model.User.Email)?')">
|
||||
Delete
|
||||
</a>
|
||||
</div>
|
||||
</div>
|
||||
</form>
|
||||
<div class="d-flex mt-4">
|
||||
<button type="submit" class="btn btn-primary" form="edit-form">Save</button>
|
||||
<div class="ml-auto d-flex">
|
||||
<button class="btn btn-secondary mr-2" type="button" id="upgrade-premium">
|
||||
Upgrade Premium
|
||||
</button>
|
||||
<form asp-action="Delete" asp-route-id="@Model.User.Id"
|
||||
onsubmit="return confirm('Are you sure you want to delete this user (@Model.User.Email)?')">
|
||||
<button class="btn btn-danger" type="submit">Delete</button>
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
|
Loading…
Reference in New Issue
Block a user