stable
Clone or download
Read-only
Closes story #31175 delete a registered passkey To avoid csrf attack on DELETE /webauthn/key/{key_id}. Change endpoint to POST /webauthn/key/delete and add a csrf token in the request body. The key_id is also now in the body. *Testing:* Try call the route without the csrf token (or with a wrong one) you will receive a 400 Bad Request. Else deletion is performed and you receive 200 OK. Change-Id: Ib2fd06a0cb2f557af08e9271321cc884b07ed7a0
Modified Files
| Name | ||||
|---|---|---|---|---|
| M | plugins/webauthn/include/WebAuthn/Controllers/AccountController.php | +2 | −1 | Go to diff View file |
| M | plugins/webauthn/include/WebAuthn/Controllers/AccountPresenter.php | +1 | −0 | Go to diff View file |
| M | plugins/webauthn/scripts/account/src/account.ts | +7 | −1 | Go to diff View file |
| M | plugins/webauthn/scripts/account/src/delete.ts | +10 | −3 | Go to diff View file |
| M | plugins/webauthn/templates/remove-modal.mustache | +3 | −0 | Go to diff View file |
| M | site-content/fr_FR/LC_MESSAGES/tuleap-core.po | +3 | −0 | Go to diff View file |
| M | site-content/pt_BR/LC_MESSAGES/tuleap-core.po | +3 | −0 | Go to diff View file |
| M | src/common/Request/RouteCollector.php | +2 | −1 | Go to diff View file |
| M | src/common/WebAuthn/Controllers/DeleteSourceController.php | +32 | −1 | Go to diff View file |
| M | tests/unit/common/WebAuthn/Controllers/DeleteSourceControllerTest.php | +80 | −9 | Go to diff View file |
| M | tests/unit/common/WebAuthn/Controllers/PostRegistrationControllerTest.php | +26 | −0 | Go to diff View file |