Allow "GET" API calls and "Restart Station" button.
This commit is contained in:
parent
5a2f1a42e5
commit
888e110c5d
|
@ -51,11 +51,6 @@ class ApiAuth extends AbstractAuth
|
|||
}
|
||||
|
||||
// Fallback to session login if available.
|
||||
$csrfKey = $request->getHeaderLine('X-API-CSRF');
|
||||
if (empty($csrfKey) && !$this->environment->isTesting()) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$auth = new Auth(
|
||||
userRepo: $this->userRepo,
|
||||
session: $request->getAttribute(ServerRequest::ATTR_SESSION),
|
||||
|
@ -63,12 +58,22 @@ class ApiAuth extends AbstractAuth
|
|||
);
|
||||
|
||||
if ($auth->isLoggedIn()) {
|
||||
$user = $auth->getLoggedInUser();
|
||||
if ('GET' === $request->getMethod()) {
|
||||
return $user;
|
||||
}
|
||||
|
||||
$csrfKey = $request->getHeaderLine('X-API-CSRF');
|
||||
if (empty($csrfKey) && !$this->environment->isTesting()) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$csrf = $request->getAttribute(ServerRequest::ATTR_SESSION_CSRF);
|
||||
|
||||
if ($csrf instanceof Csrf) {
|
||||
try {
|
||||
$csrf->verify($csrfKey, self::API_CSRF_NAMESPACE);
|
||||
return $auth->getLoggedInUser();
|
||||
return $user;
|
||||
} catch (CsrfValidationException) {
|
||||
}
|
||||
}
|
||||
|
|
|
@ -127,6 +127,7 @@ class View extends Engine
|
|||
'auth' => $request->getAttribute(ServerRequest::ATTR_AUTH),
|
||||
'acl' => $request->getAttribute(ServerRequest::ATTR_ACL),
|
||||
'customization' => $request->getAttribute(ServerRequest::ATTR_CUSTOMIZATION),
|
||||
'csrf' => $request->getAttribute(ServerRequest::ATTR_SESSION_CSRF),
|
||||
'flash' => $request->getAttribute(ServerRequest::ATTR_SESSION_FLASH),
|
||||
'user' => $request->getAttribute(ServerRequest::ATTR_USER),
|
||||
]
|
||||
|
|
|
@ -24,6 +24,11 @@ $(function () {
|
|||
|
||||
$.ajax({
|
||||
type: 'POST',
|
||||
headers: {
|
||||
"X-API-CSRF": <?=$this->escapeJs(
|
||||
$csrf->generate(\App\Middleware\Auth\ApiAuth::API_CSRF_NAMESPACE)
|
||||
) ?>
|
||||
},
|
||||
url: btn.attr('href'),
|
||||
success: function (data) {
|
||||
// Only restart if the user isn't on a form page
|
||||
|
|
Loading…
Reference in New Issue