OF-777 Error message for CSRF failure

8686ad88 · Dave Cridland · Guus der Kinderen · baf3ce2a · 8686ad88 · 8686ad88
Commit 8686ad88 authored Dec 18, 2016 by Dave Cridland Committed by Guus der Kinderen Dec 19, 2016
4 changed files
--- a/src/i18n/openfire_i18n_en.properties
+++ b/src/i18n/openfire_i18n_en.properties
@@ -832,6 +832,7 @@ global.no=No
 global.unlimited=Unlimited
 global.test=Test
 global.click_test=Click to test...
+global.csrf.failed=CSRF Error: No changes made, you'll need to retry.
 # Group Chat Service Properties Page

--- a/src/plugins/clientControl/src/web/client-features.jsp
+++ b/src/plugins/clientControl/src/web/client-features.jsp
@@ -40,9 +40,11 @@
    Cookie csrfCookie = CookieUtils.getCookie(request, "csrf");
    String csrfParam = ParamUtils.getParameter(request, "csrf");
+    boolean csrfStatus = true;
    if (csrfCookie == null || csrfParam == null || !csrfCookie.getValue().equals(csrfParam)) {
        submit = false;
+        csrfStatus = false;
    }
    csrfParam = StringUtils.randomString(16);
    CookieUtils.setCookie(request, response, "csrf", csrfParam, -1);
@@ -157,6 +159,19 @@
 </div>
 <br>
 <% }%>
+<% if (csrfStatus == false) { %>
+    <div class="jive-error">
+    <table cellpadding="0" cellspacing="0" border="0">
+    <tbody>
+        <tr><td class="jive-icon"><img src="images/error-16x16.gif" width="16" height="16" border="0" alt=""></td>
+        <td class="jive-icon-label">
+        <fmt:message key="global.csrf.failed" />
+        </td></tr>
+    </tbody>
+    </table>
+    </div><br>
+<% } %>
 <p>
    <fmt:message key="client.features.info"/>
 </p>

--- a/src/plugins/clientControl/src/web/permitted-clients.jsp
+++ b/src/plugins/clientControl/src/web/permitted-clients.jsp
@@ -78,12 +78,14 @@
    boolean remove = request.getParameter("removeClient") != null;
    Cookie csrfCookie = CookieUtils.getCookie(request, "csrf");
    String csrfParam = ParamUtils.getParameter(request, "csrf");
+    boolean csrfStatus = true;
    if (submit || addOther || remove) {
        if (csrfCookie == null || csrfParam == null || !csrfCookie.getValue().equals(csrfParam)) {
            submit = false;
            addOther = false;
            remove = false;
+            csrfStatus = false;
        }
    }
    csrfParam = StringUtils.randomString(16);
@@ -252,6 +254,19 @@
 </div>
 <br>
 <% }%>
+<% if (csrfStatus == false) { %>
+    <div class="jive-error">
+    <table cellpadding="0" cellspacing="0" border="0">
+    <tbody>
+        <tr><td class="jive-icon"><img src="images/error-16x16.gif" width="16" height="16" border="0" alt=""></td>
+        <td class="jive-icon-label">
+        <fmt:message key="global.csrf.failed" />
+        </td></tr>
+    </tbody>
+    </table>
+    </div><br>
+<% } %>

--- a/src/web/audit-policy.jsp
+++ b/src/web/audit-policy.jsp
@@ -63,11 +63,13 @@
    Map<String,String> errors = new HashMap<String,String>();
    Cookie csrfCookie = CookieUtils.getCookie(request, "csrf");
    String csrfParam = ParamUtils.getParameter(request, "csrf");
+    boolean csrfStatus = true;
    if (update) {
        if (csrfCookie == null || csrfParam == null || !csrfCookie.getValue().equals(csrfParam)) {
            update = false;
-            errors.put("csrf", "CSRF Failure!");
+            errors.put("csrf", "csrf");
+            csrfStatus = false;
        }
    }
    csrfParam = StringUtils.randomString(16);
@@ -163,6 +165,22 @@
        </td></tr>
    </tbody>
    </table>
+    </div><br>
+        <%
+        }
+        else if (csrfStatus == false) {
+        %>
+    <div class="jive-error">
+    <table cellpadding="0" cellspacing="0" border="0">
+    <tbody>
+        <tr><td class="jive-icon"><img src="images/error-16x16.gif" width="16" height="16" border="0" alt=""></td>
+        <td class="jive-icon-label">
+        <fmt:message key="global.csrf.failed" />
+        </td></tr>
+    </tbody>
+    </table>
    </div><br>
        <%