fix: csrf check failed on public share with password

Signed-off-by: Luka Trovic <luka@nextcloud.com>
2024-03-25 21:33:30 +01:00 · 2024-03-25 21:33:30 +01:00 · 945828bf4c
parent c08ab81334
commit 945828bf4c
4 changed files with 19 additions and 33 deletions
--- a/core/js/publicshareauth.js
+++ b/core/js/publicshareauth.js
@ -52,18 +52,3 @@ document.addEventListener('DOMContentLoaded', function() {
 	}

 });
-
-// Fix error "CSRF check failed"
-document.addEventListener('DOMContentLoaded', function() {
-	var form = document.getElementById('password-input-form');
-	if (form) {
-		form.addEventListener('submit', async function(event) {
-			event.preventDefault();
-			var requestToken = document.getElementById('requesttoken');
-			if (requestToken) {
-				requestToken.value = await OC.fetchRequestToken();
-			}
-			form.submit();
-		});
-	}
-});
--- a/core/src/OC/index.js
+++ b/core/src/OC/index.js
@ -70,7 +70,6 @@ import {
 } from './host.js'
 import {
 	getToken as getRequestToken,
-	fetchToken as fetchRequestToken,
 } from './requesttoken.js'
 import {
 	hideMenus,
@ -275,7 +274,6 @@ export default {
 	redirect,
 	reload,
 	requestToken: getRequestToken(),
-	fetchRequestToken,
 	/**
 	 * @deprecated 19.0.0 use `linkTo` from https://www.npmjs.com/package/@nextcloud/router
 	 */
--- a/core/src/OC/requesttoken.js
+++ b/core/src/OC/requesttoken.js
@ -22,8 +22,6 @@
 */

 import { emit } from '@nextcloud/event-bus'
-import { generateUrl } from '@nextcloud/router'
-import $ from 'jquery'

 /**
 * @private
@ -43,15 +41,6 @@ export const manageToken = (global, emit) => {
 				token,
 			})
 		},
-		fetchToken: async () => {
-			const url = generateUrl('/csrftoken')
-			const resp = await $.get(url)
-			token = resp.token
-			emit('csrf-token-update', {
-				token,
-			})
-			return token
-		},
 	}
 }

@ -66,8 +55,3 @@ export const getToken = manageFromDocument.getToken
 * @param {string} newToken new token
 */
 export const setToken = manageFromDocument.setToken
-
-/**
- * @return {Promise<string>}
- */
-export const fetchToken = manageFromDocument.fetchToken
--- a/core/src/main.js
+++ b/core/src/main.js
@ -35,6 +35,8 @@ import './jquery/index.js'
 import { initCore } from './init.js'
 import { registerAppsSlideToggle } from './OC/apps.js'
 import { getRequestToken } from '@nextcloud/auth'
+import { generateUrl } from '@nextcloud/router'
+import Axios from '@nextcloud/axios'

 // eslint-disable-next-line camelcase
 __webpack_nonce__ = btoa(getRequestToken())
@ -50,3 +52,20 @@ window.addEventListener('DOMContentLoaded', function() {
 		window.onhashchange = _.bind(OC.Util.History._onPopState, OC.Util.History)
 	}
 })
+
+// Fix error "CSRF check failed"
+document.addEventListener('DOMContentLoaded', function() {
+	const form = document.getElementById('password-input-form')
+	if (form) {
+		form.addEventListener('submit', async function(event) {
+			event.preventDefault()
+			const requestToken = document.getElementById('requesttoken')
+			if (requestToken) {
+				const url = generateUrl('/csrftoken')
+				const resp = await Axios.get(url)
+				requestToken.value = resp.data.token
+			}
+			form.submit()
+		})
+	}
+})