Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2024-11-25 12:45:18 +01:00
Code Issues Projects Releases Wiki Activity

add missing csrf token validation to admin (#1696)

Browse Source
This commit is contained in:
Kyle Spearrin 2021-11-09 11:22:08 -05:00 committed by GitHub
parent 9582e94232
commit fcc1a4e10c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/Admin/Controllers/ProvidersController.cs
View File

@ -70,6 +70,7 @@ namespace Bit.Admin.Controllers
}
[HttpPost]
[ValidateAntiForgeryToken]
public async Task<IActionResult> Create(CreateProviderModel model)
{
if (!ModelState.IsValid)

18
src/Admin/Controllers/ToolsController.cs
View File

@ -60,6 +60,7 @@ namespace Bit.Admin.Controllers
}
[HttpPost]
[ValidateAntiForgeryToken]
public async Task<IActionResult> ChargeBraintree(ChargeBraintreeModel model)
{
if (!ModelState.IsValid)
@ -121,6 +122,7 @@ namespace Bit.Admin.Controllers
}
[HttpPost]
[ValidateAntiForgeryToken]
public async Task<IActionResult> CreateTransaction(CreateUpdateTransactionModel model)
{
if (!ModelState.IsValid)
@ -150,6 +152,7 @@ namespace Bit.Admin.Controllers
}
[HttpPost]
[ValidateAntiForgeryToken]
public async Task<IActionResult> EditTransaction(Guid id, CreateUpdateTransactionModel model)
{
if (!ModelState.IsValid)
@ -173,6 +176,7 @@ namespace Bit.Admin.Controllers
}
[HttpPost]
[ValidateAntiForgeryToken]
public async Task<IActionResult> PromoteAdmin(PromoteAdminModel model)
{
if (!ModelState.IsValid)
@ -208,6 +212,7 @@ namespace Bit.Admin.Controllers
}
[HttpPost]
[ValidateAntiForgeryToken]
public async Task<IActionResult> GenerateLicense(LicenseModel model)
{
if (!ModelState.IsValid)
@ -316,6 +321,7 @@ namespace Bit.Admin.Controllers
return View(model);
}
[ValidateAntiForgeryToken]
public async Task<IActionResult> TaxRateUpload(IFormFile file)
{
if (file == null || file.Length == 0)
@ -382,6 +388,7 @@ namespace Bit.Admin.Controllers
}
[HttpPost]
[ValidateAntiForgeryToken]
public async Task<IActionResult> TaxRateAddEdit(TaxRateAddEditModel model)
{
var existingRateCheck = await _taxRateRepository.GetByLocationAsync(new TaxRate() { Country = model.Country, PostalCode = model.PostalCode });
@ -416,17 +423,6 @@ namespace Bit.Admin.Controllers
return RedirectToAction("TaxRate");
}
[HttpPost]
public async Task<IActionResult> TaxRateUpdate(TaxRate model)
{
if (!string.IsNullOrWhiteSpace(model.Id))
{
await _paymentService.UpdateTaxRateAsync(model);
}
return RedirectToAction("TaxRate");
}
public async Task<IActionResult> TaxRateArchive(string stripeTaxRateId)
{
if (!string.IsNullOrWhiteSpace(stripeTaxRateId))