jonathan/hostr
jonathan/hostr
1
0
Fork 0
Code Issues Pull requests 4 Projects Releases Packages 1 Wiki Activity Actions

Remove csrf middleware for wno

Browse source
This commit is contained in:
Jonathan Cremin 2015-08-10 12:32:05 +01:00
parent dd99b690d1
commit 05a6f5ca06
2 changed files with 0 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

2
web/app.js
View file

@ -37,8 +37,6 @@ const redisUrl = process.env.REDIS_URL || process.env.REDISTOGO_URL || 'redis://
const app = koa(); const app = koa();
csrf(app);
let statsdOpts = {prefix: 'hostr-web', host: process.env.STATSD_HOST || 'localhost'}; let statsdOpts = {prefix: 'hostr-web', host: process.env.STATSD_HOST || 'localhost'};
let statsd = new StatsD(statsdOpts); let statsd = new StatsD(statsdOpts);
app.use(function*(next) { app.use(function*(next) {

5
web/routes/user.js
View file

@ -5,7 +5,6 @@ export function* signin() {
return yield this.render('signin', {csrf: this.csrf}); return yield this.render('signin', {csrf: this.csrf});
} }
this.statsd.incr('auth.attempt', 1); this.statsd.incr('auth.attempt', 1);
this.assertCsrf(this.request.body._csrf);
const user = yield authenticate(this, this.request.body.email, this.request.body.password); const user = yield authenticate(this, this.request.body.email, this.request.body.password);
if(!user) { if(!user) {
@ -26,8 +25,6 @@ export function* signup() {
return yield this.render('signup', {csrf: this.csrf}); return yield this.render('signup', {csrf: this.csrf});
} }
this.assertCsrf(this.request.body._csrf);
if (this.request.body.email !== this.request.body.confirm_email) { if (this.request.body.email !== this.request.body.confirm_email) {
return yield this.render('signup', {error: 'Emails do not match.', csrf: this.csrf}); return yield this.render('signup', {error: 'Emails do not match.', csrf: this.csrf});
} else if (this.request.body.email && !this.request.body.terms) { } else if (this.request.body.email && !this.request.body.terms) {
@ -52,7 +49,6 @@ export function* forgot(token) {
const Reset = this.db.Reset; const Reset = this.db.Reset;
const Users = this.db.Users; const Users = this.db.Users;
if (this.request.body.email) { if (this.request.body.email) {
this.assertCsrf(this.request.body._csrf);
var email = this.request.body.email; var email = this.request.body.email;
yield sendResetToken(this, email); yield sendResetToken(this, email);
this.statsd.incr('auth.reset.request', 1); this.statsd.incr('auth.reset.request', 1);
@ -61,7 +57,6 @@ export function* forgot(token) {
if (this.request.body.password.length < 7) { if (this.request.body.password.length < 7) {
return yield this.render('forgot', {error: 'Password needs to be at least 7 characters long.', token: token, csrf: this.csrf}); return yield this.render('forgot', {error: 'Password needs to be at least 7 characters long.', token: token, csrf: this.csrf});
} }
this.assertCsrf(this.request.body._csrf);
const tokenUser = yield validateResetToken(this, token); const tokenUser = yield validateResetToken(this, token);
var userId = tokenUser._id; var userId = tokenUser._id;
yield updatePassword(this, userId, this.request.body.password); yield updatePassword(this, userId, this.request.body.password);