FIX: CSRF token retrieval bug

2024-11-26 02:40:53 -06:00 · 2013-12-03 15:30:33 -05:00 · 2013-12-03 15:30:33 -05:00 · c4394688de
commit c4394688de
parent 50fe117d7c
2 changed files with 53 additions and 50 deletions
--- a/app/assets/javascripts/discourse/controllers/login_controller.js
+++ b/app/assets/javascripts/discourse/controllers/login_controller.js
@ -31,41 +31,62 @@ Discourse.LoginController = Discourse.Controller.extend(Discourse.ModalFunctiona
    return this.get('loggingIn') || this.blank('loginName') || this.blank('loginPassword');
  }.property('loginName', 'loginPassword', 'loggingIn'),

-  login: function() {
-    this.set('loggingIn', true);

-    var loginController = this;
-    Discourse.ajax("/session", {
-      data: { login: this.get('loginName'), password: this.get('loginPassword') },
-      type: 'POST'
-    }).then(function (result) {
-      // Successful login
-      if (result.error) {
-        loginController.set('loggingIn', false);
-        if( result.reason === 'not_activated' ) {
-          loginController.send('showNotActivated', {
-            username: loginController.get('loginName'),
-            sentTo: result.sent_to_email,
-            currentEmail: result.current_email
-          });
+  actions: {
+    login: function() {
+      this.set('loggingIn', true);
+
+      var loginController = this;
+      Discourse.ajax("/session", {
+        data: { login: this.get('loginName'), password: this.get('loginPassword') },
+        type: 'POST'
+      }).then(function (result) {
+        // Successful login
+        if (result.error) {
+          loginController.set('loggingIn', false);
+          if( result.reason === 'not_activated' ) {
+            loginController.send('showNotActivated', {
+              username: loginController.get('loginName'),
+              sentTo: result.sent_to_email,
+              currentEmail: result.current_email
+            });
+          }
+          loginController.flash(result.error, 'error');
+        } else {
+          // Trigger the browser's password manager using the hidden static login form:
+          var $hidden_login_form = $('#hidden-login-form');
+          $hidden_login_form.find('input[name=username]').val(loginController.get('loginName'));
+          $hidden_login_form.find('input[name=password]').val(loginController.get('loginPassword'));
+          $hidden_login_form.find('input[name=redirect]').val(window.location.href);
+          $hidden_login_form.submit();
        }
-        loginController.flash(result.error, 'error');
+
+      }, function(result) {
+        // Failed to login
+        loginController.flash(I18n.t('login.error'), 'error');
+        loginController.set('loggingIn', false);
+      });
+
+      return false;
+    },
+
+    externalLogin: function(loginMethod){
+      var name = loginMethod.get("name");
+      var customLogin = loginMethod.get("customLogin");
+
+      if(customLogin){
+        customLogin();
      } else {
-        // Trigger the browser's password manager using the hidden static login form:
-        var $hidden_login_form = $('#hidden-login-form');
-        $hidden_login_form.find('input[name=username]').val(loginController.get('loginName'));
-        $hidden_login_form.find('input[name=password]').val(loginController.get('loginPassword'));
-        $hidden_login_form.find('input[name=redirect]').val(window.location.href);
-        $hidden_login_form.submit();
+        this.set('authenticate', name);
+        var left = this.get('lastX') - 400;
+        var top = this.get('lastY') - 200;
+
+        var height = loginMethod.get("frameHeight") || 400;
+        var width = loginMethod.get("frameWidth") || 800;
+        window.open(Discourse.getURL("/auth/" + name), "_blank",
+            "menubar=no,status=no,height=" + height + ",width=" + width +  ",left=" + left + ",top=" + top);
      }
-
-    }, function(result) {
-      // Failed to login
-      loginController.flash(I18n.t('login.error'), 'error');
-      loginController.set('loggingIn', false);
-    });
-
-    return false;
+    }
  },

  authMessage: (function() {
@ -76,24 +97,6 @@ Discourse.LoginController = Discourse.Controller.extend(Discourse.ModalFunctiona
    }
  }).property('authenticate'),

-  externalLogin: function(loginMethod){
-    var name = loginMethod.get("name");
-    var customLogin = loginMethod.get("customLogin");
-
-    if(customLogin){
-      customLogin();
-    } else {
-      this.set('authenticate', name);
-      var left = this.get('lastX') - 400;
-      var top = this.get('lastY') - 200;
-
-      var height = loginMethod.get("frameHeight") || 400;
-      var width = loginMethod.get("frameWidth") || 800;
-      window.open(Discourse.getURL("/auth/" + name), "_blank",
-          "menubar=no,status=no,height=" + height + ",width=" + width +  ",left=" + left + ",top=" + top);
-    }
-  },
-
  authenticationComplete: function(options) {
    if (options.requires_invite) {
      this.flash(I18n.t('login.requires_invite'), 'success');
--- a/app/assets/javascripts/discourse/mixins/ajax.js
+++ b/app/assets/javascripts/discourse/mixins/ajax.js
@ -83,7 +83,7 @@ Discourse.Ajax = Em.Mixin.create({
      return Ember.Deferred.promise(function(promise){
        $.ajax(Discourse.getURL('/session/csrf'))
           .success(function(result){
-              Discourse.csrfToken = result.csrf;
+              Discourse.Session.currentProp('csrfToken', result.csrf);
              performAjax(promise);
           });
      });