fix settings page csrf
This commit is contained in:
@@ -75,12 +75,12 @@
|
||||
|
||||
<!-- Company Info Tab -->
|
||||
<div class="tab-pane fade {% if active_tab == 'general' %}show active{% endif %}" id="general" role="tabpanel" aria-labelledby="general-tab">
|
||||
{{ company_info_tab(site_settings, form) }}
|
||||
{{ company_info_tab(site_settings, form, csrf_token) }}
|
||||
</div>
|
||||
|
||||
<!-- Email Templates Tab -->
|
||||
<div class="tab-pane fade {% if active_tab == 'email_templates' %}show active{% endif %}" id="email-templates" role="tabpanel" aria-labelledby="email-templates-tab">
|
||||
{{ email_templates_tab(email_templates) }}
|
||||
{{ email_templates_tab(email_templates, csrf_token) }}
|
||||
</div>
|
||||
|
||||
<!-- Mails Tab -->
|
||||
|
||||
@@ -1,11 +1,11 @@
|
||||
{% macro company_info_tab(site_settings, form) %}
|
||||
{% macro company_info_tab(site_settings, form, csrf_token) %}
|
||||
<div class="row">
|
||||
<div class="col-12">
|
||||
<!-- Company Settings Section -->
|
||||
<div class="card mb-4">
|
||||
<div class="card-body">
|
||||
<form id="companyInfoForm" method="POST" action="{{ url_for('main.update_company_settings') }}" enctype="multipart/form-data">
|
||||
{{ form.csrf_token }}
|
||||
<input type="hidden" name="csrf_token" value="{{ csrf_token }}">
|
||||
|
||||
<div class="row">
|
||||
<!-- Basic Information -->
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
{% macro email_templates_tab(templates) %}
|
||||
{% macro email_templates_tab(templates, csrf_token) %}
|
||||
<div class="row">
|
||||
<div class="col-12">
|
||||
<div class="card">
|
||||
@@ -33,24 +33,27 @@
|
||||
</div>
|
||||
|
||||
<!-- Template Editor -->
|
||||
<div class="card">
|
||||
<div class="card mb-4" id="templateEditor" style="display: none;">
|
||||
<div class="card-header bg-light">
|
||||
<h6 class="mb-0">Template Editor</h6>
|
||||
</div>
|
||||
<div class="card-body">
|
||||
<div class="mb-3">
|
||||
<label for="templateSubject" class="form-label">Subject</label>
|
||||
<input type="text" class="form-control" id="templateSubject" placeholder="Enter email subject">
|
||||
</div>
|
||||
<div class="mb-3">
|
||||
<label for="templateBody" class="form-label">Body</label>
|
||||
<textarea id="templateBody" class="form-control"></textarea>
|
||||
</div>
|
||||
<div class="text-end">
|
||||
<button type="button" class="btn btn-primary" id="saveTemplate">
|
||||
<i class="fas fa-save me-2"></i>Save Template
|
||||
</button>
|
||||
</div>
|
||||
<form id="templateForm">
|
||||
<input type="hidden" name="csrf_token" value="{{ csrf_token }}">
|
||||
<div class="mb-3">
|
||||
<label for="templateSubject" class="form-label">Subject</label>
|
||||
<input type="text" class="form-control" id="templateSubject" name="subject" required>
|
||||
</div>
|
||||
<div class="mb-3">
|
||||
<label for="templateBody" class="form-label">Body</label>
|
||||
<textarea class="form-control" id="templateBody" name="body" rows="10" required></textarea>
|
||||
</div>
|
||||
<div class="d-flex justify-content-end">
|
||||
<button type="submit" class="btn btn-primary">
|
||||
<i class="fas fa-save me-1"></i> Save Template
|
||||
</button>
|
||||
</div>
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
@@ -241,7 +244,8 @@ document.addEventListener('DOMContentLoaded', function() {
|
||||
}
|
||||
|
||||
// Handle template save
|
||||
$('#saveTemplate').on('click', function() {
|
||||
$('#templateForm').on('submit', function(event) {
|
||||
event.preventDefault();
|
||||
const templateId = $('#templateSelect').val();
|
||||
const subject = $('#templateSubject').val();
|
||||
const body = $('#templateBody').summernote('code');
|
||||
@@ -252,7 +256,7 @@ document.addEventListener('DOMContentLoaded', function() {
|
||||
}
|
||||
|
||||
// Show loading state
|
||||
const saveButton = this;
|
||||
const saveButton = this.querySelector('button[type="submit"]');
|
||||
const originalText = saveButton.innerHTML;
|
||||
saveButton.disabled = true;
|
||||
saveButton.innerHTML = '<i class="fas fa-spinner fa-spin me-2"></i>Saving...';
|
||||
|
||||
@@ -196,140 +196,6 @@
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<script>
|
||||
document.addEventListener('DOMContentLoaded', function() {
|
||||
const eventTypeFilter = document.getElementById('eventTypeFilter');
|
||||
const dateRangeFilter = document.getElementById('dateRangeFilter');
|
||||
const userFilter = document.getElementById('userFilter');
|
||||
const clearFiltersBtn = document.getElementById('clearFilters');
|
||||
const eventsTableBody = document.getElementById('eventsTableBody');
|
||||
const currentPageSpan = document.getElementById('currentPage');
|
||||
const totalPagesSpan = document.getElementById('totalPages');
|
||||
const prevPageBtn = document.getElementById('prevPage');
|
||||
const nextPageBtn = document.getElementById('nextPage');
|
||||
|
||||
let currentPage = 1;
|
||||
let totalPages = parseInt(totalPagesSpan.textContent);
|
||||
let isFetching = false;
|
||||
|
||||
// Function to update the URL with filter parameters
|
||||
function updateURL() {
|
||||
const params = new URLSearchParams(window.location.search);
|
||||
params.set('event_type', eventTypeFilter.value);
|
||||
params.set('date_range', dateRangeFilter.value);
|
||||
params.set('user_id', userFilter.value);
|
||||
params.set('page', currentPage);
|
||||
window.history.replaceState({}, '', `${window.location.pathname}?${params.toString()}`);
|
||||
}
|
||||
|
||||
// Function to fetch filtered events
|
||||
function fetchEvents() {
|
||||
if (isFetching) return;
|
||||
isFetching = true;
|
||||
|
||||
const params = new URLSearchParams({
|
||||
event_type: eventTypeFilter.value,
|
||||
date_range: dateRangeFilter.value,
|
||||
user_id: userFilter.value,
|
||||
page: currentPage,
|
||||
ajax: 'true' // Add this to indicate it's an AJAX request
|
||||
});
|
||||
|
||||
fetch(`${window.location.pathname}?${params.toString()}`, {
|
||||
headers: {
|
||||
'X-Requested-With': 'XMLHttpRequest'
|
||||
}
|
||||
})
|
||||
.then(response => {
|
||||
if (!response.ok) {
|
||||
throw new Error('Network response was not ok');
|
||||
}
|
||||
return response.text();
|
||||
})
|
||||
.then(html => {
|
||||
const parser = new DOMParser();
|
||||
const doc = parser.parseFromString(html, 'text/html');
|
||||
const newTableBody = doc.getElementById('eventsTableBody');
|
||||
|
||||
if (newTableBody) {
|
||||
eventsTableBody.innerHTML = newTableBody.innerHTML;
|
||||
|
||||
// Update pagination
|
||||
const newCurrentPage = parseInt(doc.getElementById('currentPage').textContent);
|
||||
const newTotalPages = parseInt(doc.getElementById('totalPages').textContent);
|
||||
currentPage = newCurrentPage;
|
||||
totalPages = newTotalPages;
|
||||
currentPageSpan.textContent = currentPage;
|
||||
totalPagesSpan.textContent = totalPages;
|
||||
|
||||
// Update pagination buttons
|
||||
prevPageBtn.disabled = currentPage === 1;
|
||||
nextPageBtn.disabled = currentPage === totalPages;
|
||||
|
||||
// Update URL
|
||||
updateURL();
|
||||
} else {
|
||||
console.error('Could not find events table in response');
|
||||
}
|
||||
})
|
||||
.catch(error => {
|
||||
console.error('Error fetching events:', error);
|
||||
// Optionally show an error message to the user
|
||||
})
|
||||
.finally(() => {
|
||||
isFetching = false;
|
||||
});
|
||||
}
|
||||
|
||||
// Add event listeners for filters with debounce
|
||||
let filterTimeout;
|
||||
function debouncedFetch() {
|
||||
clearTimeout(filterTimeout);
|
||||
filterTimeout = setTimeout(fetchEvents, 300);
|
||||
}
|
||||
|
||||
eventTypeFilter.addEventListener('change', debouncedFetch);
|
||||
dateRangeFilter.addEventListener('change', debouncedFetch);
|
||||
userFilter.addEventListener('change', debouncedFetch);
|
||||
|
||||
// Add event listeners for pagination
|
||||
prevPageBtn.addEventListener('click', () => {
|
||||
if (currentPage > 1) {
|
||||
currentPage--;
|
||||
fetchEvents();
|
||||
}
|
||||
});
|
||||
|
||||
nextPageBtn.addEventListener('click', () => {
|
||||
if (currentPage < totalPages) {
|
||||
currentPage++;
|
||||
fetchEvents();
|
||||
}
|
||||
});
|
||||
|
||||
// Add event listener for clear filters
|
||||
clearFiltersBtn.addEventListener('click', () => {
|
||||
eventTypeFilter.value = '';
|
||||
dateRangeFilter.value = '24h';
|
||||
userFilter.value = '';
|
||||
currentPage = 1;
|
||||
fetchEvents();
|
||||
});
|
||||
|
||||
// Initialize filters from URL parameters
|
||||
const params = new URLSearchParams(window.location.search);
|
||||
eventTypeFilter.value = params.get('event_type') || '';
|
||||
dateRangeFilter.value = params.get('date_range') || '24h';
|
||||
userFilter.value = params.get('user_id') || '';
|
||||
currentPage = parseInt(params.get('page')) || 1;
|
||||
|
||||
// Initial fetch if filters are set
|
||||
if (eventTypeFilter.value || dateRangeFilter.value !== '24h' || userFilter.value) {
|
||||
fetchEvents();
|
||||
}
|
||||
});
|
||||
</script>
|
||||
{% endmacro %}
|
||||
|
||||
{% block content %}
|
||||
|
||||
@@ -173,7 +173,12 @@
|
||||
|
||||
<script>
|
||||
function viewMailDetails(mailId) {
|
||||
fetch(`/settings/mails/${mailId}`)
|
||||
const csrfToken = document.querySelector('meta[name="csrf-token"]').content;
|
||||
fetch(`/settings/mails/${mailId}`, {
|
||||
headers: {
|
||||
'X-CSRF-Token': csrfToken
|
||||
}
|
||||
})
|
||||
.then(response => response.json())
|
||||
.then(mail => {
|
||||
document.getElementById('modalSubject').textContent = mail.subject;
|
||||
|
||||
Reference in New Issue
Block a user