christoph/lecture-professional-software-development
1
Fork 0
Code Activity

fix forms to automatically generate csrf tokens

Browse Source 
Co-authored-by: Christoph <tobi@urpost.de>
This commit is contained in:
Christoph
2020-03-26 18:21:52 +01:00
parent 832a03c82f
commit 853a5bcb03
9 changed files with 40 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/main/java/mops/gruppen2/security/SecurityConfig.java
View File

@ -64,11 +64,7 @@ class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
.antMatchers("/actuator/**") .antMatchers("/actuator/**")
.hasRole("monitoring") .hasRole("monitoring")
.anyRequest() .anyRequest()
.permitAll() .permitAll();
.and()
.csrf()
.ignoringAntMatchers("/gruppen2/createOrga")
.ignoringAntMatchers("/gruppen2/details/members/addUsersFromCsv");
} }
/** /**

2
src/main/resources/templates/changeMetadata.html
View File

@ -40,7 +40,7 @@
<div class="row"> <div class="row">
<div class="col-10"> <div class="col-10">
<h1>Metadaten ändern</h1> <h1>Metadaten ändern</h1>
<form action="/gruppen2/details/changeMetadata" method="post"> <form method="post" th:action="@{/gruppen2/details/changeMetadata}">
<div class="shadow-sm p-2" <div class="shadow-sm p-2"
style=" border: 10px solid aliceblue; background: aliceblue"> style=" border: 10px solid aliceblue; background: aliceblue">
<div class="form-group"> <div class="form-group">

3
src/main/resources/templates/createOrga.html
View File

@ -38,7 +38,8 @@
<div class="row"> <div class="row">
<div class="col-10"> <div class="col-10">
<h1>Gruppenerstellung</h1> <h1>Gruppenerstellung</h1>
<form method="post" action="/gruppen2/createOrga" enctype="multipart/form-data"> <form enctype="multipart/form-data" method="post"
th:action="@{/gruppen2/createOrga}">
<div class="shadow-sm p-2" <div class="shadow-sm p-2"
style=" border: 10px solid aliceblue; background: aliceblue"> style=" border: 10px solid aliceblue; background: aliceblue">
<div class="form-group"> <div class="form-group">

5
src/main/resources/templates/createStudent.html
View File

@ -37,8 +37,9 @@
<div class="row"> <div class="row">
<div class="col-10"> <div class="col-10">
<h1>Gruppenerstellung</h1> <h1>Gruppenerstellung</h1>
<form method="post" action="/gruppen2/createStudent"> <form method="post" th:action="@{/gruppen2/createStudent}">
<div class="shadow-sm p-2" style=" border: 10px solid aliceblue; border-radius: 5px; background: aliceblue"> <div class="shadow-sm p-2"
style=" border: 10px solid aliceblue; border-radius: 5px; background: aliceblue">
<div class="form-group"> <div class="form-group">
<label for="titel">Titel</label> <label for="titel">Titel</label>

9
src/main/resources/templates/detailsMember.html
View File

@ -83,15 +83,16 @@
style="background: #52a1eb; border: none; margin: 5px"> style="background: #52a1eb; border: none; margin: 5px">
<a style="color: white" th:href="@{/gruppen2}">Zurück</a> <a style="color: white" th:href="@{/gruppen2}">Zurück</a>
</button> </button>
<form action="/gruppen2/leaveGroup" method="post"> <form method="post" th:action="@{/gruppen2/leaveGroup}">
<button class="btn btn-danger" style="border-style: none; margin: 5px" <button class="btn btn-danger" style="border-style: none; margin: 5px"
th:name="group_id" th:value="${group.getId()}" th:name="group_id" th:value="${group.getId()}"
type="submit">Gruppe verlassen type="submit">Gruppe verlassen
</button> </button>
</form> </form>
<form action="/gruppen2/deleteGroup" method="post"> <form method="post" th:action="@{/gruppen2/deleteGroup}">
<button class="btn btn-danger" style="border-style: none; margin: 5px" <button class="btn btn-danger" style="border-style: none; margin: 5px"
th:name="group_id" th:value="${group.getId()}" th:if="${group.getRoles().get(user.getId()) == admin}" th:name="group_id" th:value="${group.getId()}"
th:if="${group.getRoles().get(user.getId()) == admin}"
type="submit">Gruppe löschen type="submit">Gruppe löschen
</button> </button>
</form> </form>
@ -132,7 +133,7 @@
</div> </div>
<script> <script>
function copyLink() { function copyLink() {
var copyText = document.getElementById("groupLink"); const copyText = document.getElementById("groupLink");
copyText.select(); copyText.select();
copyText.setSelectionRange(0, 99999); copyText.setSelectionRange(0, 99999);

2
src/main/resources/templates/detailsNoMember.html
View File

@ -50,7 +50,7 @@
</div> </div>
<div class="form-group mt-2"> <div class="form-group mt-2">
<div class="text-right"> <div class="text-right">
<form method="post" action="/gruppen2/detailsBeitreten"> <form method="post" th:action="@{/gruppen2/detailsBeitreten}">
<button class="btn btn-primary" <button class="btn btn-primary"
style="background: #52a1eb; border-style: none;" style="background: #52a1eb; border-style: none;"
th:href="@{/gruppen2/detailsBeitreten}" th:href="@{/gruppen2/detailsBeitreten}"

37
src/main/resources/templates/editMembers.html
View File

@ -48,16 +48,19 @@
</div> </div>
<div class="shadow p-2" style="border: 10px solid aliceblue; background: aliceblue"> <div class="shadow p-2" style="border: 10px solid aliceblue; background: aliceblue">
<div class="form-group pt-4" th:if="${account.getRoles().contains('orga')}"> <div class="form-group pt-4" th:if="${account.getRoles().contains('orga')}">
<form action="/gruppen2/details/members/addUsersFromCsv" <form th:action="@{/gruppen2/details/members/addUsersFromCsv}"
enctype="multipart/form-data" enctype="multipart/form-data"
method="post"> method="post">
<div class="input-group mb-3"> <div class="input-group mb-3">
<div class="custom-file"> <div class="custom-file">
<input class="custom-file-input" id="file" th:name="file" type="file"> <input class="custom-file-input" id="file" th:name="file"
<label class="custom-file-label" for="file">CSV Datei von Mitgliedern hochladen</label> type="file">
<label class="custom-file-label" for="file">CSV Datei von
Mitgliedern hochladen</label>
</div> </div>
<div class="input-group-append"> <div class="input-group-append">
<button class="btn btn-outline-secondary" style="background: #52a1eb; border-style: none" <button class="btn btn-outline-secondary"
style="background: #52a1eb; border-style: none"
th:name="group_id" th:value="${group.getId()}" th:name="group_id" th:value="${group.getId()}"
type="submit"> type="submit">
<a style="color: white">Hinzufügen</a> <a style="color: white">Hinzufügen</a>
@ -67,12 +70,16 @@
</form> </form>
</div> </div>
<div class="form-group pt-4"> <div class="form-group pt-4">
<form action="/gruppen2/details/members/changeMaximum" method="post"> <form method="post" th:action="@{/gruppen2/details/members/changeMaximum}">
<div class="input-group mb-3" id="userMaximum"> <div class="input-group mb-3" id="userMaximum">
<input class="form-control" placeholder="Maximale Teilnehmerzahl ändern..." th:name="maximum" <input class="form-control"
type="number" th:min="${group.getMembers().size()}" max="10000"> placeholder="Maximale Teilnehmerzahl ändern..."
th:name="maximum"
type="number" th:min="${group.getMembers().size()}"
max="10000">
<div class="input-group-append"> <div class="input-group-append">
<button class="btn btn-outline-secondary" style="background: #52a1eb; border-style: none" <button class="btn btn-outline-secondary"
style="background: #52a1eb; border-style: none"
th:name="group_id" th:value="${group.getId()}" th:name="group_id" th:value="${group.getId()}"
type="submit"> type="submit">
<a style="color: white">Speichern</a> <a style="color: white">Speichern</a>
@ -99,21 +106,27 @@
</td> </td>
<td> <td>
<div class="text-right btn-toolbar" style="float: right;" role="toolbar"> <div class="text-right btn-toolbar" style="float: right;" role="toolbar">
<form action="/gruppen2/details/members/changeRole" method="post"> <form method="post"
th:action="@{/gruppen2/details/members/changeRole}">
<input th:name="group_id" th:value="${group.getId()}" <input th:name="group_id" th:value="${group.getId()}"
type="hidden"> type="hidden">
<input th:name="user_id" th:value="${member.getId()}" <input th:name="user_id" th:value="${member.getId()}"
type="hidden"> type="hidden">
<button class="btn btn-warning btn-sm" type="submit" style="margin: 5px">Rolle <button class="btn btn-warning btn-sm" type="submit"
style="margin: 5px">Rolle
ändern ändern
</button> </button>
</form> </form>
<form action="/gruppen2/details/members/deleteUser" method="post"> <form method="post"
th:action="@{/gruppen2/details/members/deleteUser}">
<input th:name="group_id" th:value="${group.getId()}" <input th:name="group_id" th:value="${group.getId()}"
type="hidden"> type="hidden">
<input th:name="user_id" th:value="${member.getId()}" <input th:name="user_id" th:value="${member.getId()}"
type="hidden"> type="hidden">
<button class="btn btn-danger btn-sm" style="margin: 5px" th:if='!${account.getName().equals(member.getId())}'>Mitglied entfernen</button> <button class="btn btn-danger btn-sm" style="margin: 5px"
th:if='!${account.getName().equals(member.getId())}'>
Mitglied entfernen
</button>
</form> </form>
</div> </div>
</td> </td>

2
src/main/resources/templates/index.html
View File

@ -33,7 +33,7 @@
<div class="row"> <div class="row">
<div class="col-10"> <div class="col-10">
<h1>Meine Gruppen</h1> <h1>Meine Gruppen</h1>
<form action="/" method="get"> <form method="get" th:action="@{/}">
<h3 style="color: dodgerblue; font-weight: bold; font-optical-sizing: auto"> <h3 style="color: dodgerblue; font-weight: bold; font-optical-sizing: auto">
<small style="font-weight: normal; color: black">Mitglied in </small> <small style="font-weight: normal; color: black">Mitglied in </small>
<small style="font-weight: bold; color: black" <small style="font-weight: bold; color: black"

2
src/main/resources/templates/search.html
View File

@ -35,7 +35,7 @@
<h1>Gruppensuche</h1> <h1>Gruppensuche</h1>
<div class="shadow-sm p-2" <div class="shadow-sm p-2"
style="border: 10px solid aliceblue; border-radius: 5px; background: aliceblue"> style="border: 10px solid aliceblue; border-radius: 5px; background: aliceblue">
<form action="/gruppen2/findGroup" method="get"> <form method="get" th:action="@{/gruppen2/findGroup}">
<div class="form-group"> <div class="form-group">
<label for="suchleiste">Suchbegriff:</label> <label for="suchleiste">Suchbegriff:</label>
<input class="form-control" id="suchleiste" <input class="form-control" id="suchleiste"