updated csrf info

server/src/uds/core/auths/auth.py

@@ -415,7 +415,7 @@ def webLogout(
     by django in regular basis.
     """
     if exit_url is None:
-        exit_url = request.build_absolute_uri(reverse('page.logout'))
+        exit_url = request.build_absolute_uri(reverse('page.login'))
         # exit_url = GlobalConfig.LOGIN_URL.get()
         # if GlobalConfig.REDIRECT_TO_HTTPS.getBool() is True:
         #     exit_url = exit_url.replace('http://', 'https://')
@@ -425,7 +425,7 @@ def webLogout(
         username = request.user.name
         exit_url = authenticator.logout(username) or exit_url
         if request.user.id != ROOT_ID:
-            # Try yo invoke logout of auth
+            # Log the event if not root user
             events.addEvent(
                 request.user.manager,
                 events.ET_LOGOUT,

server/src/uds/templates/uds/modern/index.html

@@ -77,6 +77,7 @@
         return s;
       }
     };
+    var csrf = {  csrfToken: '{{ csrf_token }}',  csrfField: '{{ csrf_field }}' };
 
     if (window.top !== window.self) {
       window.location.href = 'https://www.udsenterprise.com';

server/src/uds/web/util/configjs.py

@@ -35,7 +35,6 @@ import typing
 
 from django import template
 from django.conf import settings
-from django.middleware import csrf
 from django.utils.translation import gettext, get_language
 from django.urls import reverse
 from django.templatetags.static import static
@@ -84,11 +83,6 @@ def udsJs(request: 'ExtendedHttpRequest') -> str:
         'role': role,
     }
 
-    # Gets csrf token
-    csrf_token = csrf.get_token(request)
-    if csrf_token is not None:
-        csrf_token = str(csrf_token)
-
     tag = request.session.get('tag', None)
     logger.debug('Tag config: %s', tag)
     if GlobalConfig.DISALLOW_GLOBAL_LOGIN.getBool():
@@ -152,8 +146,6 @@ def udsJs(request: 'ExtendedHttpRequest') -> str:
         ],
         'tag': tag,
         'os': request.os['OS'].value[0],
-        'csrf_field': CSRF_FIELD,
-        'csrf': csrf_token,
         'image_size': Image.MAX_IMAGE_SIZE,
         'experimental_features': GlobalConfig.EXPERIMENTAL_FEATURES.getBool(),
         'reload_time': GlobalConfig.RELOAD_TIME.getInt(True),

server/src/uds/web/views/modern.py

@@ -32,12 +32,13 @@ import time
 import logging
 import typing
 
+from django.middleware import csrf
 from django.shortcuts import render
 from django.http import HttpRequest, HttpResponse, JsonResponse, HttpResponseRedirect
 from django.urls import reverse
+
 from uds.core.util.request import ExtendedHttpRequest, ExtendedHttpRequestWithUser
 from uds.core.auths import auth, exceptions
-
 from uds.web.util import errors
 from uds.web.forms.LoginForm import LoginForm
 from uds.web.util.authentication import checkLogin
@@ -47,10 +48,16 @@ from uds.web.util import configjs
 
 logger = logging.getLogger(__name__)
 
+CSRF_FIELD = 'csrfmiddlewaretoken'
+
 
 def index(request: HttpRequest) -> HttpResponse:
-    # return errorView(request, 1)
-    response = render(request, 'uds/modern/index.html', {})
+    # Gets csrf token
+    csrf_token = csrf.get_token(request)
+    if csrf_token is not None:
+        csrf_token = str(csrf_token)
+
+    response = render(request, 'uds/modern/index.html', {'csrf_field': CSRF_FIELD, 'csfr_token': csrf_token})
 
     # Ensure UDS cookie is present
     auth.getUDSCookie(request, response)