Fix Wikidata login CSRF issue. Closes #2228.
This commit is contained in:
parent
4edbd40b6a
commit
fe57897e8e
@ -45,7 +45,11 @@ public class LoginCommand extends Command {
|
||||
respondCSRFError(response);
|
||||
return;
|
||||
}
|
||||
respond(request, response);
|
||||
}
|
||||
|
||||
protected void respond(HttpServletRequest request, HttpServletResponse response)
|
||||
throws ServletException, IOException {
|
||||
String username = request.getParameter("wb-username");
|
||||
String password = request.getParameter("wb-password");
|
||||
String remember = request.getParameter("remember-credentials");
|
||||
@ -74,6 +78,6 @@ public class LoginCommand extends Command {
|
||||
@Override
|
||||
public void doGet(HttpServletRequest request, HttpServletResponse response)
|
||||
throws ServletException, IOException {
|
||||
doPost(request, response);
|
||||
respond(request, response);
|
||||
}
|
||||
}
|
||||
|
@ -34,4 +34,10 @@ public class LoginCommandTest extends CommandTest {
|
||||
command.doPost(request, response);
|
||||
TestUtils.assertEqualAsJson("{\"code\":\"error\",\"message\":\"Missing or invalid csrf_token parameter\"}", writer.toString());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testGetNotCsrfProtected() throws ServletException, IOException {
|
||||
command.doGet(request, response);
|
||||
TestUtils.assertEqualAsJson("{\"logged_in\":false,\"username\":null}", writer.toString());
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user