zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-05-16 01:17:14 +02:00
Code Issues Projects Releases Packages Wiki Activity

Add XSRF protection to legacy authentication mechanism

Browse source 
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=148689952
This commit is contained in:
mountford 2017-02-27 13:53:10 -08:00 committed by Ben McIlwain
parent a5932c0fc3
commit c7a62e9b98
12 changed files with 227 additions and 56 deletions
Download patch file Download diff file Expand all files Collapse all files

5
java/google/registry/ui/server/registrar/ConsoleUiAction.java
View file

@ -105,7 +105,10 @@ public final class ConsoleUiAction implements Runnable {
return;
}
Registrar registrar = Registrar.loadByClientId(sessionUtils.getRegistrarClientId(req));
data.put("xsrfToken", xsrfTokenManager.generateToken(EppConsoleAction.XSRF_SCOPE));
data.put(
"xsrfToken",
xsrfTokenManager.generateToken(
EppConsoleAction.XSRF_SCOPE, userService.getCurrentUser().getEmail()));
data.put("clientId", registrar.getClientId());
data.put("showPaymentLink", registrar.getBillingMethod() == Registrar.BillingMethod.BRAINTREE);