shaba/one
1
0
Fork 0
mirror of https://github.com/OpenNebula/one.git synced 2025-01-14 19:24:10 +03:00
Code Releases Wiki Activity

cosmetic improvements for the csrftoken ajax fix

Browse Source 
(cherry picked from commit 7e539e03a26c476ecb7b9a91d8e4195bf5d6d37e)
This commit is contained in:
Jaime Melis 2014-06-06 16:38:00 +02:00
parent 99f4c60e2c
commit 2ec2563ed7
1 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/sunstone/sunstone-server.rb
View File

@ -142,17 +142,19 @@ helpers do
def valid_csrftoken?
csrftoken = nil
if !params[:csrftoken].nil?
if params[:csrftoken]
csrftoken = params[:csrftoken]
else
csrftoken = JSON.parse(params.keys.first)["csrftoken"] rescue nil
body = request.body.read
csrftoken = JSON.parse(body)["csrftoken"] rescue nil
request.body.rewind
end
!session[:csrftoken].nil? && session[:csrftoken] == csrftoken
session[:csrftoken] && session[:csrftoken] == csrftoken
end
def authorized?
session[:ip] && session[:ip]==request.ip
session[:ip] && session[:ip] == request.ip
end
def build_session
@ -185,8 +187,7 @@ helpers do
session[:remember] = params[:remember]
session[:display_name] = user[DISPLAY_NAME_XPATH] || user['NAME']
csrftoken_plain = session[:display_name] + session[:user_id] \
+ Time.now.to_f.to_s + SecureRandom.base64
csrftoken_plain = Time.now.to_f.to_s + SecureRandom.base64
session[:csrftoken] = Digest::MD5.hexdigest(csrftoken_plain)
#User IU options initialization