Merge remote-tracking branch 'origin/v3.5'

2025-01-26 10:03:50 +03:00 · 2022-05-20 09:08:13 +02:00 · 2022-05-20 09:08:13 +02:00 · f9e2ccb7d3
commit f9e2ccb7d3
parent 8db0e515a5 ceb5fd9bde
3 changed files with 9 additions and 11 deletions
--- a/server/src/uds/core/auths/auth.py
+++ b/server/src/uds/core/auths/auth.py
@ -454,7 +454,7 @@ def webLogout(
        # Success/fail result is now ignored
        exit_url = authenticator.logout(request, username).url or exit_url
        if request.user.id != ROOT_ID:
-            # Try yo invoke logout of auth
+            # Log the event if not root user
            events.addEvent(
                request.user.manager,
                events.ET_LOGOUT,
--- a/server/src/uds/web/util/configjs.py
+++ b/server/src/uds/web/util/configjs.py
@ -35,7 +35,6 @@ import typing

 from django import template
 from django.conf import settings
-from django.middleware import csrf
 from django.utils.translation import gettext, get_language
 from django.urls import reverse
 from django.templatetags.static import static
@ -83,11 +82,6 @@ def udsJs(request: 'ExtendedHttpRequest') -> str:
        'role': role,
    }

-    # Gets csrf token
-    csrf_token = csrf.get_token(request)
-    if csrf_token is not None:
-        csrf_token = str(csrf_token)
-
    tag = request.session.get('tag', None)
    logger.debug('Tag config: %s', tag)
    # Initial list of authenticators (all except disabled ones)
@ -166,8 +160,6 @@ def udsJs(request: 'ExtendedHttpRequest') -> str:
        ],
        'tag': tag,
        'os': request.os['OS'].value[0],
-        'csrf_field': CSRF_FIELD,
-        'csrf': csrf_token,
        'image_size': Image.MAX_IMAGE_SIZE,
        'experimental_features': GlobalConfig.EXPERIMENTAL_FEATURES.getBool(),
        'reload_time': GlobalConfig.RELOAD_TIME.getInt(True),
--- a/server/src/uds/web/views/modern.py
+++ b/server/src/uds/web/views/modern.py
@ -32,6 +32,7 @@ import time
 import logging
 import typing

+from django.middleware import csrf
 from django.shortcuts import render
 from django.http import HttpRequest, HttpResponse, JsonResponse, HttpResponseRedirect
 from django.views.decorators.cache import never_cache
@ -48,11 +49,16 @@ from uds.web.util import configjs

 logger = logging.getLogger(__name__)

+CSRF_FIELD = 'csrfmiddlewaretoken'

@never_cache
 def index(request: HttpRequest) -> HttpResponse:
-    # return errorView(request, 1)
-    response = render(request, 'uds/modern/index.html', {})
+    # Gets csrf token
+    csrf_token = csrf.get_token(request)
+    if csrf_token is not None:
+        csrf_token = str(csrf_token)
+
+    response = render(request, 'uds/modern/index.html', {'csrf_field': CSRF_FIELD, 'csfr_token': csrf_token})

    # Ensure UDS cookie is present
    auth.getUDSCookie(request, response)