fix all csfr token issues

2025-05-30 13:22:51 +02:00
parent fee79c6ec7
commit 9159817947
14 changed files with 39 additions and 44 deletions
--- a/app.py
+++ b/app.py
@@ -35,7 +35,7 @@ def create_app():
    @app.context_processor
    def inject_csrf_token():
-        return dict(csrf_token=lambda: generate_csrf())
+        return dict(csrf_token=generate_csrf())
    @app.context_processor
    def inject_config():
--- a/routes/pycache/main.cpython-313.pyc
+++ b/routes/pycache/main.cpython-313.pyc
--- a/routes/pycache/room_files.cpython-313.pyc
+++ b/routes/pycache/room_files.cpython-313.pyc
--- a/routes/main.py
+++ b/routes/main.py
@@ -2,7 +2,6 @@ from flask import render_template, Blueprint, redirect, url_for, request, flash,
 from flask_login import current_user, login_required
 from models import User, db, Room, RoomFile, RoomMemberPermission, SiteSettings, Event
 from routes.auth import require_password_change
 from utils.event_logger import log_event
 import os
 from werkzeug.utils import secure_filename
 from sqlalchemy import func, case, literal_column, text
@@ -361,10 +360,6 @@ def init_routes(main_bp):
                }
                logger.debug(f"Preparing to create profile update event with details: {event_details}")
                # Create the event
                event = log_event('user_update', event_details, current_user.id)
                logger.debug("Event object created and added to session")
                # Commit all changes
                db.session.commit()
                logger.debug("Profile changes and event committed to database successfully")
--- a/static/js/debugging.js
+++ b/static/js/debugging.js
@@ -22,7 +22,7 @@ document.getElementById('syncFilesBtn').addEventListener('click', async function
            method: 'POST',
            headers: {
                'Content-Type': 'application/json',
-                'X-CSRFToken': document.querySelector('meta[name="csrf-token"]').getAttribute('content')
+                'X-CSRF-Token': document.querySelector('meta[name="csrf-token"]').getAttribute('content')
            }
        });
@@ -81,7 +81,7 @@ document.getElementById('verifyDbBtn').addEventListener('click', async function(
            method: 'GET',
            headers: {
                'Content-Type': 'application/json',
-                'X-CSRFToken': document.querySelector('meta[name="csrf-token"]').getAttribute('content')
+                'X-CSRF-Token': document.querySelector('meta[name="csrf-token"]').getAttribute('content')
            }
        });
@@ -137,7 +137,7 @@ document.getElementById('cleanupOrphanedBtn').addEventListener('click', async fu
            method: 'POST',
            headers: {
                'Content-Type': 'application/json',
-                'X-CSRFToken': document.querySelector('meta[name="csrf-token"]').getAttribute('content')
+                'X-CSRF-Token': document.querySelector('meta[name="csrf-token"]').getAttribute('content')
            }
        });
--- a/static/js/events.js
+++ b/static/js/events.js
@@ -52,12 +52,12 @@ document.addEventListener('DOMContentLoaded', function() {
                // Format the details for display
                const formattedDetails = {
-                    'Event ID': data.id,
+                    // 'Event ID': data.id,
-                    'Event Type': data.event_type,
+                    // 'Event Type': data.event_type,
-                    'Timestamp': new Date(data.timestamp).toLocaleString(),
+                    // 'Timestamp': new Date(data.timestamp).toLocaleString(),
-                    'User': data.user ? `${data.user.username} (${data.user.last_name})` : 'N/A',
+                    // 'User': data.user ? `${data.user.username} (${data.user.last_name})` : 'N/A',
-                    'IP Address': data.ip_address || 'N/A',
+                    // 'IP Address': data.ip_address || 'N/A',
-                    'User Agent': data.user_agent || 'N/A'
+                    // 'User Agent': data.user_agent || 'N/A'
                };
                // Handle details separately
--- a/static/js/file-grid.js
+++ b/static/js/file-grid.js
@@ -80,7 +80,7 @@ function toggleView(view) {
        method: 'POST',
        headers: {
            'Content-Type': 'application/json',
-            'X-CSRFToken': csrfToken
+            'X-CSRF-Token': csrfToken
        },
        body: JSON.stringify({ preferred_view: view })
    })
@@ -344,7 +344,7 @@ function toggleStar(filename, path = '', roomId) {
        method: 'POST',
        headers: {
            'Content-Type': 'application/json',
-            'X-CSRFToken': csrfToken
+            'X-CSRF-Token': csrfToken
        },
        body: JSON.stringify({
            filename: filename,
@@ -384,7 +384,7 @@ function restoreFile(filename, path = '', roomId) {
        method: 'POST',
        headers: {
            'Content-Type': 'application/json',
-            'X-CSRFToken': csrfToken
+            'X-CSRF-Token': csrfToken
        },
        body: JSON.stringify({
            filename: filename,
@@ -438,7 +438,7 @@ function permanentDeleteFile() {
        method: 'POST',
        headers: {
            'Content-Type': 'application/json',
-            'X-CSRFToken': csrfToken
+            'X-CSRF-Token': csrfToken
        },
        body: JSON.stringify({
            filename: filename,
@@ -530,7 +530,7 @@ function emptyTrash() {
                method: 'POST',
                headers: {
                    'Content-Type': 'application/json',
-                    'X-CSRFToken': csrfToken
+                    'X-CSRF-Token': csrfToken
                }
            })
        );
--- a/static/js/rooms/fileManager.js
+++ b/static/js/rooms/fileManager.js
@@ -89,7 +89,7 @@ export class FileManager {
            const response = await fetch(url, {
                method: 'DELETE',
                headers: {
-                    'X-CSRFToken': csrfToken
+                    'X-CSRF-Token': csrfToken
                }
            });
@@ -276,7 +276,7 @@ export class FileManager {
                method: 'POST',
                headers: {
                    'Content-Type': 'application/json',
-                    'X-CSRFToken': csrfToken
+                    'X-CSRF-Token': csrfToken
                },
                body: JSON.stringify({
                    filename: file.name,
@@ -339,7 +339,7 @@ export class FileManager {
                method: 'POST',
                headers: {
                    'Content-Type': 'application/json',
-                    'X-CSRFToken': csrfToken
+                    'X-CSRF-Token': csrfToken
                },
                body: JSON.stringify({
                    filename: filename,
@@ -513,7 +513,7 @@ export class FileManager {
                try {
                    const response = await fetch(url, {
                        method: 'DELETE',
-                        headers: { 'X-CSRFToken': csrfToken }
+                        headers: { 'X-CSRF-Token': csrfToken }
                    });
                    const result = await response.json();
                    if (!result.success) {
@@ -536,7 +536,7 @@ export class FileManager {
        try {
            const response = await fetch(url, {
                method: 'DELETE',
-                headers: { 'X-CSRFToken': csrfToken }
+                headers: { 'X-CSRF-Token': csrfToken }
            });
            const result = await response.json();
            if (result.success) {
--- a/static/js/rooms/modalManager.js
+++ b/static/js/rooms/modalManager.js
@@ -319,7 +319,7 @@ export class ModalManager {
                method: 'POST',
                headers: {
                    'Content-Type': 'application/json',
-                    'X-CSRFToken': csrfToken
+                    'X-CSRF-Token': csrfToken
                },
                body: JSON.stringify({
                    name: folderName,
--- a/static/js/rooms/uploadManager.js
+++ b/static/js/rooms/uploadManager.js
@@ -240,7 +240,7 @@ export class UploadManager {
        const csrfToken = document.querySelector('meta[name="csrf-token"]').getAttribute('content');
        const response = await fetch(`/api/rooms/${this.roomManager.roomId}/files/upload`, {
            method: 'POST',
-            headers: { 'X-CSRFToken': csrfToken },
+            headers: { 'X-CSRF-Token': csrfToken },
            body: formData
        });
--- a/static/js/starred.js
+++ b/static/js/starred.js
@@ -67,7 +67,7 @@ function toggleView(view) {
        method: 'POST',
        headers: {
            'Content-Type': 'application/json',
-            'X-CSRFToken': document.querySelector('meta[name="csrf-token"]').getAttribute('content')
+            'X-CSRF-Token': document.querySelector('meta[name="csrf-token"]').getAttribute('content')
        },
        body: JSON.stringify({ preferred_view: view })
    })
--- a/static/js/trash.js
+++ b/static/js/trash.js
@@ -70,7 +70,7 @@ window.emptyTrash = function() {
                method: 'POST',
                headers: {
                    'Content-Type': 'application/json',
-                    'X-CSRFToken': csrfToken
+                    'X-CSRF-Token': csrfToken
                }
            })
        );
@@ -189,7 +189,7 @@ function toggleView(view) {
        method: 'POST',
        headers: {
            'Content-Type': 'application/json',
-            'X-CSRFToken': document.querySelector('meta[name="csrf-token"]').getAttribute('content')
+            'X-CSRF-Token': document.querySelector('meta[name="csrf-token"]').getAttribute('content')
        },
        body: JSON.stringify({ preferred_view: view })
    })
--- a/templates/rooms/roombefore.html
+++ b/templates/rooms/roombefore.html
@@ -611,7 +611,7 @@ function toggleView(view) {
        method: 'POST',
        headers: {
            'Content-Type': 'application/json',
-            'X-CSRFToken': document.querySelector('meta[name="csrf-token"]').getAttribute('content')
+            'X-CSRF-Token': document.querySelector('meta[name="csrf-token"]').getAttribute('content')
        },
        body: JSON.stringify({ preferred_view: view })
    })
@@ -974,7 +974,7 @@ if (canDownload === true || canDownload === 'true') {
            method: 'POST',
            headers: {
                'Content-Type': 'application/json',
-                'X-CSRFToken': csrfToken
+                'X-CSRF-Token': csrfToken
            },
            body: JSON.stringify({ items: selectedItems })
        })
@@ -1057,7 +1057,7 @@ function deleteFileConfirmed() {
            if (item.path) url += `?path=${encodeURIComponent(item.path)}`;
            fetch(url, {
                method: 'DELETE',
-                headers: { 'X-CSRFToken': csrfToken }
+                headers: { 'X-CSRF-Token': csrfToken }
            })
            .then(r => r.json())
            .then(() => {
@@ -1078,7 +1078,7 @@ function deleteFileConfirmed() {
    fetch(url, {
        method: 'DELETE',
        headers: {
-            'X-CSRFToken': csrfToken
+            'X-CSRF-Token': csrfToken
        }
    })
    .then(r => r.json())
@@ -1140,7 +1140,7 @@ document.getElementById('confirmRenameBtn').addEventListener('click', function()
        method: 'POST',
        headers: {
            'Content-Type': 'application/json',
-            'X-CSRFToken': csrfToken
+            'X-CSRF-Token': csrfToken
        },
        body: JSON.stringify({
            old_name: renameTarget,
@@ -1199,7 +1199,7 @@ function toggleStar(filename, path) {
        method: 'POST',
        headers: {
            'Content-Type': 'application/json',
-            'X-CSRFToken': csrfToken
+            'X-CSRF-Token': csrfToken
        },
        body: JSON.stringify({
            filename: filename,
@@ -1296,7 +1296,7 @@ function moveFileConfirmed() {
        method: 'POST',
        headers: {
            'Content-Type': 'application/json',
-            'X-CSRFToken': csrfToken
+            'X-CSRF-Token': csrfToken
        },
        body: JSON.stringify({
            filename: fileToMove,
@@ -1368,7 +1368,7 @@ document.addEventListener('DOMContentLoaded', function() {
                method: 'POST',
                headers: {
                    'Content-Type': 'application/json',
-                    'X-CSRFToken': csrfToken
+                    'X-CSRF-Token': csrfToken
                },
                body: JSON.stringify({
                    name: folderName,
@@ -1552,7 +1552,7 @@ document.addEventListener('DOMContentLoaded', function() {
                    const response = await fetch(`/api/rooms/${roomId}/files/upload`, {
                        method: 'POST',
-                        headers: { 'X-CSRFToken': csrfToken },
+                        headers: { 'X-CSRF-Token': csrfToken },
                        body: uploadFormData
                    });
@@ -1605,7 +1605,7 @@ document.addEventListener('DOMContentLoaded', function() {
                            uploadFormData.append('overwrite', 'true');
                            const retryResponse = await fetch(`/api/rooms/${roomId}/files/upload`, {
                                method: 'POST',
-                                headers: { 'X-CSRFToken': csrfToken },
+                                headers: { 'X-CSRF-Token': csrfToken },
                                body: uploadFormData
                            });
@@ -1622,7 +1622,7 @@ document.addEventListener('DOMContentLoaded', function() {
                            uploadFormData.append('overwrite', 'true');
                            const retryResponse = await fetch(`/api/rooms/${roomId}/files/upload`, {
                                method: 'POST',
-                                headers: { 'X-CSRFToken': csrfToken },
+                                headers: { 'X-CSRF-Token': csrfToken },
                                body: uploadFormData
                            });
@@ -1658,7 +1658,7 @@ document.addEventListener('DOMContentLoaded', function() {
                            uploadFormData.append('overwrite', 'true');
                            const retryResponse = await fetch(`/api/rooms/${roomId}/files/upload`, {
                                method: 'POST',
-                                headers: { 'X-CSRFToken': csrfToken },
+                                headers: { 'X-CSRF-Token': csrfToken },
                                body: uploadFormData
                            });
@@ -1729,7 +1729,7 @@ if (canRename === true || canRename === 'true') {
            method: 'POST',
            headers: {
                'Content-Type': 'application/json',
-                'X-CSRFToken': csrfToken
+                'X-CSRF-Token': csrfToken
            },
            body: JSON.stringify({
                old_name: renameTarget,
@@ -1771,7 +1771,7 @@ if (canDownload === true || canDownload === 'true') {
            method: 'POST',
            headers: {
                'Content-Type': 'application/json',
-                'X-CSRFToken': csrfToken
+                'X-CSRF-Token': csrfToken
            },
            body: JSON.stringify({ items: selectedItems })
        })
--- a/utils/pycache/init.cpython-313.pyc
+++ b/utils/pycache/init.cpython-313.pyc