From 7d8360cb1caa7bf1ae5a99bcaf7db9ad1ddce765 Mon Sep 17 00:00:00 2001 From: Yevhenii Voevodin Date: Mon, 22 May 2017 16:20:28 +0300 Subject: [PATCH] csrf init (#5120) --- .../org/eclipse/che/ide/api/app/AppContext.java | 13 ++++++++++++- .../eclipse/che/ide/context/AppContextImpl.java | 11 +++++++++++ .../che/ide/rest/AsyncRequestFactory.java | 16 +++++++++++++++- .../ssh/client/upload/UploadSshKeyPresenter.java | 12 +++++++++++- .../key/client/upload/UploadSshKeyPresenter.java | 12 +++++++++++- 5 files changed, 60 insertions(+), 4 deletions(-) diff --git a/ide/che-core-ide-api/src/main/java/org/eclipse/che/ide/api/app/AppContext.java b/ide/che-core-ide-api/src/main/java/org/eclipse/che/ide/api/app/AppContext.java index 9f14995a1b..b384c87805 100644 --- a/ide/che-core-ide-api/src/main/java/org/eclipse/che/ide/api/app/AppContext.java +++ b/ide/che-core-ide-api/src/main/java/org/eclipse/che/ide/api/app/AppContext.java @@ -24,6 +24,7 @@ import org.eclipse.che.ide.api.resources.Resource; import org.eclipse.che.ide.resource.Path; import java.util.List; +import java.util.Map; /** * Represents current context of the IDE application. @@ -31,6 +32,7 @@ import java.util.List; * @author Vitaly Parfonov * @author Artem Zatsarynnyi * @author Vlad Zhukovskyi + * @author Yevhenii Voevodin */ public interface AppContext { @@ -185,7 +187,7 @@ public interface AppContext { FactoryDto getFactory(); void setFactory(FactoryDto factory); - + String getWorkspaceId(); /** @@ -218,4 +220,13 @@ public interface AppContext { * @return identifier */ String getAppId(); + + /** + * Returns context properties, key-value storage that allows to store + * data in the context for plugins and extensions. + * + * @return a modifiable properties map + * @since 5.11.0 + */ + Map getProperties(); } diff --git a/ide/che-core-ide-app/src/main/java/org/eclipse/che/ide/context/AppContextImpl.java b/ide/che-core-ide-app/src/main/java/org/eclipse/che/ide/context/AppContextImpl.java index 500ababa68..d2ec7306f5 100644 --- a/ide/che-core-ide-app/src/main/java/org/eclipse/che/ide/context/AppContextImpl.java +++ b/ide/che-core-ide-app/src/main/java/org/eclipse/che/ide/context/AppContextImpl.java @@ -50,7 +50,9 @@ import org.eclipse.che.ide.resources.impl.ResourceManager; import org.eclipse.che.ide.statepersistance.AppStateManager; import java.util.ArrayList; +import java.util.HashMap; import java.util.List; +import java.util.Map; import static com.google.common.base.Preconditions.checkState; import static com.google.common.collect.Lists.newArrayList; @@ -95,6 +97,7 @@ public class AppContextImpl implements AppContext, private Path projectsRoot; private ActiveRuntime runtime; private ResourceManager resourceManager; + private Map properties; /** * List of actions with parameters which comes from startup URL. @@ -463,4 +466,12 @@ public class AppContextImpl implements AppContext, public ActiveRuntime getActiveRuntime() { return runtime; } + + @Override + public Map getProperties() { + if (properties == null) { + properties = new HashMap<>(); + } + return properties; + } } diff --git a/ide/commons-gwt/src/main/java/org/eclipse/che/ide/rest/AsyncRequestFactory.java b/ide/commons-gwt/src/main/java/org/eclipse/che/ide/rest/AsyncRequestFactory.java index e3602d4f22..3bbe39591c 100644 --- a/ide/commons-gwt/src/main/java/org/eclipse/che/ide/rest/AsyncRequestFactory.java +++ b/ide/commons-gwt/src/main/java/org/eclipse/che/ide/rest/AsyncRequestFactory.java @@ -213,7 +213,7 @@ public class AsyncRequestFactory { protected AsyncRequest doCreateRequest(RequestBuilder.Method method, String url, Object dtoBody, boolean async) { Preconditions.checkNotNull(method, "Request method should not be a null"); - AsyncRequest asyncRequest = new AsyncRequest(method, url, async); + AsyncRequest asyncRequest = newAsyncRequest(method, url, async); if (dtoBody != null) { if (dtoBody instanceof List) { asyncRequest.data(dtoFactory.toJson((List)dtoBody)); @@ -239,6 +239,20 @@ public class AsyncRequestFactory { return asyncRequest; } + /** + * A factory method which creates a new instance of {@link AsyncRequest}. + * + * @param method + * the request method + * @param url + * the url to go to + * @param async + * whether this request is asynchronous in terms of Everrest polling strategy + */ + protected AsyncRequest newAsyncRequest(RequestBuilder.Method method, String url, boolean async) { + return new AsyncRequest(method, url, async); + } + /** * Creates new GET request to the specified {@code url}. * diff --git a/plugins/plugin-machine/che-plugin-machine-ssh-client/src/main/java/org/eclipse/che/ide/ext/ssh/client/upload/UploadSshKeyPresenter.java b/plugins/plugin-machine/che-plugin-machine-ssh-client/src/main/java/org/eclipse/che/ide/ext/ssh/client/upload/UploadSshKeyPresenter.java index 445f917fd1..8d14af5333 100644 --- a/plugins/plugin-machine/che-plugin-machine-ssh-client/src/main/java/org/eclipse/che/ide/ext/ssh/client/upload/UploadSshKeyPresenter.java +++ b/plugins/plugin-machine/che-plugin-machine-ssh-client/src/main/java/org/eclipse/che/ide/ext/ssh/client/upload/UploadSshKeyPresenter.java @@ -36,6 +36,7 @@ public class UploadSshKeyPresenter implements UploadSshKeyView.ActionDelegate { private String restContext; private NotificationManager notificationManager; private AsyncCallback callback; + private AppContext appContext; @Inject public UploadSshKeyPresenter(UploadSshKeyView view, @@ -47,6 +48,7 @@ public class UploadSshKeyPresenter implements UploadSshKeyView.ActionDelegate { this.constant = constant; this.restContext = appContext.getMasterEndpoint(); this.notificationManager = notificationManager; + this.appContext = appContext; } /** Show dialog. */ @@ -71,7 +73,15 @@ public class UploadSshKeyPresenter implements UploadSshKeyView.ActionDelegate { return; } view.setEncoding(FormPanel.ENCODING_MULTIPART); - view.setAction(restContext + "/ssh"); + + String action = restContext + "/ssh"; + + String csrfToken = appContext.getProperties().get("X-CSRF-Token"); + if (csrfToken != null) { + action += "?X-CSRF-Token=" + csrfToken; + } + + view.setAction(action); view.submit(); } diff --git a/wsagent/che-core-ssh-key-ide/src/main/java/org/eclipse/che/plugin/ssh/key/client/upload/UploadSshKeyPresenter.java b/wsagent/che-core-ssh-key-ide/src/main/java/org/eclipse/che/plugin/ssh/key/client/upload/UploadSshKeyPresenter.java index d5c8bbbba8..9db2ae0d9d 100644 --- a/wsagent/che-core-ssh-key-ide/src/main/java/org/eclipse/che/plugin/ssh/key/client/upload/UploadSshKeyPresenter.java +++ b/wsagent/che-core-ssh-key-ide/src/main/java/org/eclipse/che/plugin/ssh/key/client/upload/UploadSshKeyPresenter.java @@ -36,6 +36,7 @@ public class UploadSshKeyPresenter implements UploadSshKeyView.ActionDelegate { private String restContext; private NotificationManager notificationManager; private AsyncCallback callback; + private AppContext appContext; @Inject public UploadSshKeyPresenter(UploadSshKeyView view, @@ -47,6 +48,7 @@ public class UploadSshKeyPresenter implements UploadSshKeyView.ActionDelegate { this.constant = constant; this.restContext = appContext.getMasterEndpoint(); this.notificationManager = notificationManager; + this.appContext = appContext; } /** Show dialog. */ @@ -73,7 +75,15 @@ public class UploadSshKeyPresenter implements UploadSshKeyView.ActionDelegate { return; } view.setEncoding(FormPanel.ENCODING_MULTIPART); - view.setAction(restContext + "/ssh"); + + String action = restContext + "/ssh"; + + String csrfToken = appContext.getProperties().get("X-CSRF-Token"); + if (csrfToken != null) { + action += "?X-CSRF-Token=" + csrfToken; + } + + view.setAction(action); view.submit(); }