Fix Axios CSRF token update (#17404)

Fix Axios CSRF token update
2026-06-10 17:23:59 -04:00 · 2019-10-05 23:37:10 +02:00 · 2019-10-05 23:37:10 +02:00 · 5c21d11207
commit 5c21d11207
parent 62399c76e8 81613d2246
55 changed files with 1441 additions and 2155 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -30,13 +30,11 @@ steps:
 - name: build
  image: nextcloudci/node:node-4
  commands:
-    - cd /drone/src
    - npm ci
    - npm run build
 - name: changes
  image: nextcloudci/node:node-4
  commands:
-    - cd /drone/src
    - git status
    - bash -c "[[ ! \"`git status --porcelain `\" ]] || ( echo 'Uncommited changes in webpack build' && exit 1 )"

--- a/apps/accessibility/js/accessibility.js
+++ b/apps/accessibility/js/accessibility.js
--- a/apps/accessibility/js/accessibility.js.map
+++ b/apps/accessibility/js/accessibility.js.map
--- a/apps/accessibility/src/Accessibility.vue
+++ b/apps/accessibility/src/Accessibility.vue
@ -25,7 +25,7 @@

 <script>
 import ItemPreview from './components/ItemPreview'
-import axios from 'nextcloud-axios'
+import axios from '@nextcloud/axios'

 export default {
 	name: 'Accessibility',
--- a/apps/files_sharing/js/dist/additionalScripts.js
+++ b/apps/files_sharing/js/dist/additionalScripts.js
--- a/apps/files_sharing/js/dist/additionalScripts.js.map
+++ b/apps/files_sharing/js/dist/additionalScripts.js.map
--- a/apps/files_sharing/js/dist/files_sharing.3.js
+++ b/apps/files_sharing/js/dist/files_sharing.3.js
--- a/apps/files_sharing/js/dist/files_sharing.3.js.map
+++ b/apps/files_sharing/js/dist/files_sharing.3.js.map
--- a/apps/files_sharing/js/dist/files_sharing.4.js
+++ b/apps/files_sharing/js/dist/files_sharing.4.js
@ -21,4 +21,4 @@
 *
 */
 n.default.prototype.t=t,r.Tooltip.options.defaultHtml=!1,n.default.component("PopoverMenu",r.PopoverMenu),n.default.directive("ClickOutside",s.a),n.default.directive("Tooltip",r.Tooltip),n.default.use(l.a)}}]);
-//# sourceMappingURL=files_sharing.4.js.map?v=4e4a795c94e467758967
+//# sourceMappingURL=files_sharing.4.js.map?v=a741e282fee1abd436e6
--- a/apps/files_sharing/js/dist/files_sharing.4.js.map
+++ b/apps/files_sharing/js/dist/files_sharing.4.js.map
--- a/apps/files_versions/js/files_versions.js
+++ b/apps/files_versions/js/files_versions.js
--- a/apps/files_versions/js/files_versions.js.map
+++ b/apps/files_versions/js/files_versions.js.map
--- a/apps/oauth2/js/oauth2.js
+++ b/apps/oauth2/js/oauth2.js
--- a/apps/oauth2/js/oauth2.js.map
+++ b/apps/oauth2/js/oauth2.js.map
--- a/apps/oauth2/src/App.vue
+++ b/apps/oauth2/src/App.vue
@ -73,7 +73,7 @@
 </template>

 <script>
-import axios from 'nextcloud-axios'
+import axios from '@nextcloud/axios'
 import OAuthItem from './components/OAuthItem'
 import { generateUrl } from '@nextcloud/router'

--- a/apps/settings/js/vue-0.js
+++ b/apps/settings/js/vue-0.js
--- a/apps/settings/js/vue-0.js.map
+++ b/apps/settings/js/vue-0.js.map
--- a/apps/settings/js/vue-4.js
+++ b/apps/settings/js/vue-4.js
--- a/apps/settings/js/vue-4.js.map
+++ b/apps/settings/js/vue-4.js.map
--- a/apps/settings/js/vue-5.js
+++ b/apps/settings/js/vue-5.js
--- a/apps/settings/js/vue-5.js.map
+++ b/apps/settings/js/vue-5.js.map
--- a/apps/settings/js/vue-6.js
+++ b/apps/settings/js/vue-6.js
--- a/apps/settings/js/vue-6.js.map
+++ b/apps/settings/js/vue-6.js.map
--- a/apps/settings/js/vue-settings-admin-security.js
+++ b/apps/settings/js/vue-settings-admin-security.js
--- a/apps/settings/js/vue-settings-admin-security.js.map
+++ b/apps/settings/js/vue-settings-admin-security.js.map
--- a/apps/settings/js/vue-settings-apps-users-management.js
+++ b/apps/settings/js/vue-settings-apps-users-management.js
--- a/apps/settings/js/vue-settings-apps-users-management.js.map
+++ b/apps/settings/js/vue-settings-apps-users-management.js.map
--- a/apps/settings/js/vue-settings-personal-security.js
+++ b/apps/settings/js/vue-settings-personal-security.js
--- a/apps/settings/js/vue-settings-personal-security.js.map
+++ b/apps/settings/js/vue-settings-personal-security.js.map
--- a/apps/settings/src/components/AdminTwoFactor.vue
+++ b/apps/settings/src/components/AdminTwoFactor.vue
@ -66,7 +66,7 @@
 </template>

 <script>
-import axios from 'nextcloud-axios'
+import axios from '@nextcloud/axios'
 import { Multiselect } from 'nextcloud-vue'
 import _ from 'lodash'

--- a/apps/settings/src/components/AuthTokenSection.vue
+++ b/apps/settings/src/components/AuthTokenSection.vue
@ -35,7 +35,7 @@
 </template>

 <script>
-import axios from 'nextcloud-axios'
+import axios from '@nextcloud/axios'
 import confirmPassword from 'nextcloud-password-confirmation'

 import AuthTokenList from './AuthTokenList'
--- a/apps/settings/src/store/api.js
+++ b/apps/settings/src/store/api.js
@ -20,7 +20,7 @@
 *
 */

-import axios from 'nextcloud-axios'
+import axios from '@nextcloud/axios'
 import confirmPassword from 'nextcloud-password-confirmation'

 const sanitize = function(url) {
--- a/apps/twofactor_backupcodes/js/settings.js
+++ b/apps/twofactor_backupcodes/js/settings.js
--- a/apps/twofactor_backupcodes/js/settings.js.map
+++ b/apps/twofactor_backupcodes/js/settings.js.map
--- a/apps/twofactor_backupcodes/src/service/BackupCodesService.js
+++ b/apps/twofactor_backupcodes/src/service/BackupCodesService.js
@ -1,4 +1,4 @@
-import Axios from 'nextcloud-axios'
+import Axios from '@nextcloud/axios'

 export function generateCodes() {
 	const url = OC.generateUrl('/apps/twofactor_backupcodes/settings/create')
--- a/apps/updatenotification/js/updatenotification.js
+++ b/apps/updatenotification/js/updatenotification.js
--- a/apps/updatenotification/js/updatenotification.js.map
+++ b/apps/updatenotification/js/updatenotification.js.map
--- a/apps/workflowengine/js/workflowengine.js
+++ b/apps/workflowengine/js/workflowengine.js
--- a/apps/workflowengine/js/workflowengine.js.map
+++ b/apps/workflowengine/js/workflowengine.js.map
--- a/apps/workflowengine/src/components/Checks/MultiselectTag/api.js
+++ b/apps/workflowengine/src/components/Checks/MultiselectTag/api.js
@ -20,7 +20,7 @@
 *
 */

-import axios from 'nextcloud-axios'
+import axios from '@nextcloud/axios'
 import { generateRemoteUrl } from 'nextcloud-router'

 const xmlToJson = (xml) => {
--- a/apps/workflowengine/src/components/Checks/RequestUserGroup.vue
+++ b/apps/workflowengine/src/components/Checks/RequestUserGroup.vue
@ -35,7 +35,7 @@
 <script>
 import { Multiselect } from 'nextcloud-vue/dist/Components/Multiselect'
 import valueMixin from '../../mixins/valueMixin'
-import axios from 'nextcloud-axios'
+import axios from '@nextcloud/axios'
 export default {
 	name: 'RequestUserGroup',
 	components: {
--- a/apps/workflowengine/src/store.js
+++ b/apps/workflowengine/src/store.js
@ -22,7 +22,7 @@

 import Vue from 'vue'
 import Vuex from 'vuex'
-import axios from 'nextcloud-axios'
+import axios from '@nextcloud/axios'
 import { getApiUrl } from './helpers/api'
 import confirmPassword from 'nextcloud-password-confirmation'

--- a/core/js/dist/login.js
+++ b/core/js/dist/login.js
--- a/core/js/dist/login.js.map
+++ b/core/js/dist/login.js.map
--- a/core/js/dist/main.js
+++ b/core/js/dist/main.js
--- a/core/js/dist/main.js.map
+++ b/core/js/dist/main.js.map
--- a/core/js/dist/maintenance.js
+++ b/core/js/dist/maintenance.js
--- a/core/js/dist/maintenance.js.map
+++ b/core/js/dist/maintenance.js.map
--- a/core/src/OC/index.js
+++ b/core/src/OC/index.js
@ -19,6 +19,8 @@
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

+import { subscribe } from '@nextcloud/event-bus'
+
 import { addScript, addStyle } from './legacy-loader'
 import {
 	ajaxConnectionLostHandler,
@ -67,8 +69,7 @@ import {
 	getProtocol
 } from './host'
 import {
-	getToken as getRequestToken,
-	subscribe as subscribeToRequestTokenChange
+	getToken as getRequestToken
 } from './requesttoken'
 import {
 	hideMenus,
@ -258,4 +259,9 @@ export default {
 }

 // Keep the request token prop in sync
-subscribeToRequestTokenChange(token => { OC.requestToken = token })
+subscribe('csrf-token-update', e => {
+	OC.requestToken = e.token
+
+	// Logging might help debug (Sentry) issues
+	console.info('OC.requestToken changed', e.token)
+})
--- a/core/src/OC/requesttoken.js
+++ b/core/src/OC/requesttoken.js
@ -19,24 +19,22 @@
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

+import { emit } from '@nextcloud/event-bus'
+
 let token = document.getElementsByTagName('head')[0].getAttribute('data-requesttoken')
-const observers = []

 /**
 * @returns {string}
 */
 export const getToken = () => token

-/**
- * @param {Function} observer observer
- * @returns {number}
- */
-export const subscribe = observer => observers.push(observer)
-
 /**
 * @param {String} newToken new token
 */
 export const setToken = newToken => {
 	token = newToken
-	observers.forEach(o => o(token))
+
+	emit('csrf-token-update', {
+		token
+	})
 }
--- a/core/src/components/login/ResetPassword.vue
+++ b/core/src/components/login/ResetPassword.vue
@ -73,7 +73,7 @@
 </template>

 <script>
-import axios from 'nextcloud-axios'
+import axios from '@nextcloud/axios'

 import { generateUrl } from '../../OC/routing'

--- a/core/src/components/login/UpdatePassword.vue
+++ b/core/src/components/login/UpdatePassword.vue
@ -67,7 +67,7 @@
 </template>

 <script>
-import Axios from 'nextcloud-axios'
+import Axios from '@nextcloud/axios'

 export default {
 	name: 'UpdatePassword',
--- a/core/src/maintenance.js
+++ b/core/src/maintenance.js
@ -19,7 +19,7 @@
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

-import Axios from 'nextcloud-axios'
+import Axios from '@nextcloud/axios'

 import OC from './OC/index'

--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@ -25,6 +25,8 @@
  "dependencies": {
    "@babel/polyfill": "^7.6.0",
    "@chenfengyuan/vue-qrcode": "^1.0.1",
+    "@nextcloud/axios": "^0.4.1",
+    "@nextcloud/event-bus": "^0.2.0",
    "@nextcloud/router": "^0.1.0",
    "autosize": "^4.0.2",
    "backbone": "^1.4.0",
@ -45,7 +47,6 @@
    "marked": "^0.7.0",
    "moment": "^2.24.0",
    "moment-timezone": "^0.5.26",
-    "nextcloud-axios": "^0.2.1",
    "nextcloud-initial-state": "0.0.3",
    "nextcloud-password-confirmation": "^0.4.2",
    "nextcloud-router": "0.0.9",