diff --git a/lib/Controller/DaemonConfigController.php b/lib/Controller/DaemonConfigController.php index 36561bb1..2ea1a904 100644 --- a/lib/Controller/DaemonConfigController.php +++ b/lib/Controller/DaemonConfigController.php @@ -13,7 +13,7 @@ use OCA\AppAPI\Service\ExAppService; use OCP\AppFramework\ApiController; use OCP\AppFramework\Http; -use OCP\AppFramework\Http\Attribute\NoCSRFRequired; +use OCP\AppFramework\Http\Attribute\PasswordConfirmationRequired; use OCP\AppFramework\Http\JSONResponse; use OCP\AppFramework\Http\Response; use OCP\IConfig; @@ -37,7 +37,6 @@ public function __construct( parent::__construct(Application::APP_ID, $request); } - #[NoCSRFRequired] public function getAllDaemonConfigs(): Response { return new JSONResponse([ 'daemons' => $this->daemonConfigService->getDaemonConfigsWithAppsCount(), @@ -45,7 +44,7 @@ public function getAllDaemonConfigs(): Response { ]); } - #[NoCSRFRequired] + #[PasswordConfirmationRequired] public function registerDaemonConfig(array $daemonConfigParams, bool $defaultDaemon = false): Response { $daemonConfig = $this->daemonConfigService->registerDaemonConfig($daemonConfigParams); if ($daemonConfig !== null && $defaultDaemon) { @@ -57,7 +56,7 @@ public function registerDaemonConfig(array $daemonConfigParams, bool $defaultDae ]); } - #[NoCSRFRequired] + #[PasswordConfirmationRequired] public function updateDaemonConfig(string $name, array $daemonConfigParams): Response { $daemonConfig = $this->daemonConfigService->getDaemonConfigByName($name); $updatedDaemonConfig = new DaemonConfig($daemonConfigParams); @@ -69,7 +68,7 @@ public function updateDaemonConfig(string $name, array $daemonConfigParams): Res ]); } - #[NoCSRFRequired] + #[PasswordConfirmationRequired] public function unregisterDaemonConfig(string $name): Response { $daemonConfig = $this->daemonConfigService->getDaemonConfigByName($name); $defaultDaemonConfig = $this->config->getAppValue(Application::APP_ID, 'default_daemon_config', ''); @@ -84,7 +83,6 @@ public function unregisterDaemonConfig(string $name): Response { ]); } - #[NoCSRFRequired] public function verifyDaemonConnection(string $name): Response { $daemonConfig = $this->daemonConfigService->getDaemonConfigByName($name); if ($daemonConfig->getAcceptsDeployId() !== $this->dockerActions->getAcceptsDeployId()) { @@ -99,7 +97,6 @@ public function verifyDaemonConnection(string $name): Response { ]); } - #[NoCSRFRequired] public function checkDaemonConnection(array $daemonParams): Response { $daemonConfig = new DaemonConfig([ 'name' => $daemonParams['name'], @@ -121,7 +118,6 @@ public function checkDaemonConnection(array $daemonParams): Response { ]); } - #[NoCSRFRequired] public function startTestDeploy(string $name): Response { $daemonConfig = $this->daemonConfigService->getDaemonConfigByName($name); if (!$daemonConfig) { @@ -151,7 +147,6 @@ public function startTestDeploy(string $name): Response { ]); } - #[NoCSRFRequired] public function stopTestDeploy(string $name): Response { $exApp = $this->exAppService->getExApp(Application::TEST_DEPLOY_APPID); if ($exApp !== null) { diff --git a/src/components/DaemonConfig/DaemonConfig.vue b/src/components/DaemonConfig/DaemonConfig.vue index 9a153327..49760c0e 100644 --- a/src/components/DaemonConfig/DaemonConfig.vue +++ b/src/components/DaemonConfig/DaemonConfig.vue @@ -69,6 +69,7 @@ import axios from '@nextcloud/axios' import { generateUrl } from '@nextcloud/router' import { showError } from '@nextcloud/dialogs' +import { confirmPassword } from '@nextcloud/password-confirmation' import NcListItem from '@nextcloud/vue/dist/Components/NcListItem.js' import NcActionButton from '@nextcloud/vue/dist/Components/NcActionButton.js' @@ -163,19 +164,25 @@ export default { }, _deleteDaemonConfig(daemon) { this.deleting = true - return axios.delete(generateUrl(`/apps/app_api/daemons/${daemon.name}?removeExApps=${this.removeExAppsOnDaemonDelete}`)) - .then(res => { - if (res.data.success) { - this.getAllDaemons() - } - this.deleting = false - this.showDetailsModal = false - }) - .catch(err => { - console.debug(err) - this.deleting = false - this.showDetailsModal = false - }) + return confirmPassword().then(() => { + return axios.delete(generateUrl(`/apps/app_api/daemons/${daemon.name}?removeExApps=${this.removeExAppsOnDaemonDelete}`)) + .then(res => { + if (res.data.success) { + this.getAllDaemons() + } + this.deleting = false + this.showDetailsModal = false + }) + .catch(err => { + console.debug(err) + this.deleting = false + this.showDetailsModal = false + }) + }).catch(() => { + this.deleting = false + this.showDeleteDialog = false + showError(t('app_api', 'Password confirmation failed')) + }) }, showTestDeployModal() { this.showTestDeployDialog = true diff --git a/src/components/DaemonConfig/ManageDaemonConfigModal.vue b/src/components/DaemonConfig/ManageDaemonConfigModal.vue index 3928c1f0..d080ee10 100644 --- a/src/components/DaemonConfig/ManageDaemonConfigModal.vue +++ b/src/components/DaemonConfig/ManageDaemonConfigModal.vue @@ -234,6 +234,7 @@ import axios from '@nextcloud/axios' import { showSuccess, showError } from '@nextcloud/dialogs' import { generateUrl } from '@nextcloud/router' +import { confirmPassword } from '@nextcloud/password-confirmation' import NcModal from '@nextcloud/vue/dist/Components/NcModal.js' import NcInputField from '@nextcloud/vue/dist/Components/NcInputField.js' @@ -444,25 +445,30 @@ export default { registerDaemon() { this.registeringDaemon = true - axios.post(generateUrl('/apps/app_api/daemons'), { - daemonConfigParams: this._buildDaemonParams(), - defaultDaemon: this.acceptsDeployId === 'docker-install' ? this.defaultDaemon : false, - }) - .then(res => { - this.registeringDaemon = false - if (res.data.success) { - showSuccess(t('app_api', 'DaemonConfig successfully registered')) - this.closeModal() - this.getAllDaemons() - } else { - showError(t('app_api', 'Failed to register DaemonConfig. Check the logs')) - } - }) - .catch(err => { - this.registeringDaemon = false - console.debug(err) - showError(t('app_api', 'Failed to register DaemonConfig. Check the logs')) + confirmPassword().then(() => { + axios.post(generateUrl('/apps/app_api/daemons'), { + daemonConfigParams: this._buildDaemonParams(), + defaultDaemon: this.acceptsDeployId === 'docker-install' ? this.defaultDaemon : false, }) + .then(res => { + this.registeringDaemon = false + if (res.data.success) { + showSuccess(t('app_api', 'DaemonConfig successfully registered')) + this.closeModal() + this.getAllDaemons() + } else { + showError(t('app_api', 'Failed to register DaemonConfig. Check the logs')) + } + }) + .catch(err => { + this.registeringDaemon = false + console.debug(err) + showError(t('app_api', 'Failed to register DaemonConfig. Check the logs')) + }) + }).catch(() => { + this.registeringDaemon = false + showError(t('app_api', 'Password confirmation failed')) + }) }, updateDaemon() { if (this.isEdit) { @@ -471,24 +477,29 @@ export default { this.registeringDaemon = true - axios.put(generateUrl(`/apps/app_api/daemons/${this.daemon.name}`), { - daemonConfigParams: this._buildDaemonParams(), - }) - .then(res => { - this.registeringDaemon = false - if (res.data.success) { - showSuccess(t('app_api', 'DaemonConfig successfully updated')) - this.closeModal() - this.getAllDaemons() - } else { - showError(t('app_api', 'Failed to update DaemonConfig. Check the logs')) - } - }) - .catch(err => { - this.registeringDaemon = false - console.debug(err) - showError(t('app_api', 'Failed to update DaemonConfig. Check the logs')) + confirmPassword().then(() => { + axios.put(generateUrl(`/apps/app_api/daemons/${this.daemon.name}`), { + daemonConfigParams: this._buildDaemonParams(), }) + .then(res => { + this.registeringDaemon = false + if (res.data.success) { + showSuccess(t('app_api', 'DaemonConfig successfully updated')) + this.closeModal() + this.getAllDaemons() + } else { + showError(t('app_api', 'Failed to update DaemonConfig. Check the logs')) + } + }) + .catch(err => { + this.registeringDaemon = false + console.debug(err) + showError(t('app_api', 'Failed to update DaemonConfig. Check the logs')) + }) + }).catch(() => { + this.registeringDaemon = false + showError(t('app_api', 'Password confirmation failed')) + }) }, verifyDaemonConnection() { this.verifyingDaemonConnection = true