Homec4science
Diffusion invenio-infoscience 729701ada450

WebSession: CSRF tokens in account settings forms
729701ada450
Actions

Authored by Tibor Simko <tibor.simko@cern.ch> on Aug 25 2014, 14:02.

Description

WebSession: CSRF tokens in account settings forms

  • Improves internal account settings edit page (/youraccount/edit) by generating unique CSRF tokens valid five minutes. (closes #1855)
  • Accepts only POST requests and verifies CSRF token expiry when performing desired settings change (/youraccount/change).

Reported-by: Bessem Amira <bessem.amira@cnudst.rnrt.tn>
Signed-off-by: Tibor Simko <tibor.simko@cern.ch>
Reviewed-by: Samuele Kaplun <samuele.kaplun@cern.ch>

Details

Committed
Tibor Simko <tibor.simko@cern.ch>Aug 26 2014, 13:15
Parents
R3600:a1f3e33170ed: BibDocFile: duplicate docname fix
Branches
Unknown
Tags
Unknown

Event Timeline

Tibor Simko <tibor.simko@cern.ch> committed R3600:729701ada450: WebSession: CSRF tokens in account settings forms (authored by Tibor Simko <tibor.simko@cern.ch>).Aug 26 2014, 13:15

Changes (5)

Path
Mmodules/websession/lib/webaccount.py
Mmodules/websession/lib/websession_regression_tests.py
Mmodules/websession/lib/websession_templates.py
Mmodules/websession/lib/websession_webinterface.py
Mmodules/websession/lib/webuser.py

R3600:729701ada450

View Options

modules/websession/lib/webaccount.py

Loading...
View Options

modules/websession/lib/websession_regression_tests.py

Loading...
View Options

modules/websession/lib/websession_templates.py

Loading...
View Options

modules/websession/lib/websession_webinterface.py

Loading...
View Options

modules/websession/lib/webuser.py

Loading...
c4science ยท Help