Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2024-11-29 13:25:17 +01:00
Code Issues Projects Releases Wiki Activity

add missing csrf token validation to admin (#1696)

Browse Source
This commit is contained in:
Kyle Spearrin 2021-11-09 11:22:08 -05:00 committed by GitHub
parent 9582e94232
commit fcc1a4e10c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/Admin/Controllers/ProvidersController.cs
View File

@ -70,6 +70,7 @@ namespace Bit.Admin.Controllers
} }
[HttpPost] [HttpPost]
[ValidateAntiForgeryToken]
public async Task<IActionResult> Create(CreateProviderModel model) public async Task<IActionResult> Create(CreateProviderModel model)
{ {
if (!ModelState.IsValid) if (!ModelState.IsValid)

22
src/Admin/Controllers/ToolsController.cs
View File

@ -60,6 +60,7 @@ namespace Bit.Admin.Controllers
} }
[HttpPost] [HttpPost]
[ValidateAntiForgeryToken]
public async Task<IActionResult> ChargeBraintree(ChargeBraintreeModel model) public async Task<IActionResult> ChargeBraintree(ChargeBraintreeModel model)
{ {
if (!ModelState.IsValid) if (!ModelState.IsValid)
@ -121,6 +122,7 @@ namespace Bit.Admin.Controllers
} }
[HttpPost] [HttpPost]
[ValidateAntiForgeryToken]
public async Task<IActionResult> CreateTransaction(CreateUpdateTransactionModel model) public async Task<IActionResult> CreateTransaction(CreateUpdateTransactionModel model)
{ {
if (!ModelState.IsValid) if (!ModelState.IsValid)
@ -150,6 +152,7 @@ namespace Bit.Admin.Controllers
} }
[HttpPost] [HttpPost]
[ValidateAntiForgeryToken]
public async Task<IActionResult> EditTransaction(Guid id, CreateUpdateTransactionModel model) public async Task<IActionResult> EditTransaction(Guid id, CreateUpdateTransactionModel model)
{ {
if (!ModelState.IsValid) if (!ModelState.IsValid)
@ -173,6 +176,7 @@ namespace Bit.Admin.Controllers
} }
[HttpPost] [HttpPost]
[ValidateAntiForgeryToken]
public async Task<IActionResult> PromoteAdmin(PromoteAdminModel model) public async Task<IActionResult> PromoteAdmin(PromoteAdminModel model)
{ {
if (!ModelState.IsValid) if (!ModelState.IsValid)
@ -208,6 +212,7 @@ namespace Bit.Admin.Controllers
} }
[HttpPost] [HttpPost]
[ValidateAntiForgeryToken]
public async Task<IActionResult> GenerateLicense(LicenseModel model) public async Task<IActionResult> GenerateLicense(LicenseModel model)
{ {
if (!ModelState.IsValid) if (!ModelState.IsValid)
@ -314,8 +319,9 @@ namespace Bit.Admin.Controllers
}; };
return View(model); return View(model);
} }
[ValidateAntiForgeryToken]
public async Task<IActionResult> TaxRateUpload(IFormFile file) public async Task<IActionResult> TaxRateUpload(IFormFile file)
{ {
if (file == null || file.Length == 0) if (file == null || file.Length == 0)
@ -382,6 +388,7 @@ namespace Bit.Admin.Controllers
} }
[HttpPost] [HttpPost]
[ValidateAntiForgeryToken]
public async Task<IActionResult> TaxRateAddEdit(TaxRateAddEditModel model) public async Task<IActionResult> TaxRateAddEdit(TaxRateAddEditModel model)
{ {
var existingRateCheck = await _taxRateRepository.GetByLocationAsync(new TaxRate() { Country = model.Country, PostalCode = model.PostalCode }); var existingRateCheck = await _taxRateRepository.GetByLocationAsync(new TaxRate() { Country = model.Country, PostalCode = model.PostalCode });
@ -416,17 +423,6 @@ namespace Bit.Admin.Controllers
return RedirectToAction("TaxRate"); return RedirectToAction("TaxRate");
} }
[HttpPost]
public async Task<IActionResult> TaxRateUpdate(TaxRate model)
{
if (!string.IsNullOrWhiteSpace(model.Id))
{
await _paymentService.UpdateTaxRateAsync(model);
}
return RedirectToAction("TaxRate");
}
public async Task<IActionResult> TaxRateArchive(string stripeTaxRateId) public async Task<IActionResult> TaxRateArchive(string stripeTaxRateId)
{ {
if (!string.IsNullOrWhiteSpace(stripeTaxRateId)) if (!string.IsNullOrWhiteSpace(stripeTaxRateId))