Merge pull request #2182 from BEXIS2/rc

Test Pull Request for code scanner

Author: DavidBlaa

Components/App/BExIS.App.Bootstrap/Attributes/ValidateAntiForgeryTokenOnPost.cs

@@ -0,0 +1,31 @@
+using BExIS.Security.Entities.Requests;
+using System.Web.Helpers;
+using System.Web.Mvc;
+
+namespace BExIS.App.Bootstrap.Attributes
+{
+    public class ValidateAntiForgeryTokenOnPost: ActionFilterAttribute
+    {
+        public void OnAuthorization(AuthorizationContext filterContext)
+        {
+            var request = filterContext.HttpContext.Request;
+
+            if (filterContext.HttpContext.Request.HttpMethod == "POST")
+            {
+                var cookieToken = request.Cookies[AntiForgeryConfig.CookieName]?.Value;
+
+                // check for token in form data
+                var formToken = request.Form["__RequestVerificationToken"];
+
+                // check header for post from javascript
+                if (formToken==null)
+                {
+                    formToken = request.Headers["__RequestVerificationToken"];
+                }
+
+                AntiForgery.Validate(cookieToken, formToken);
+                //AntiForgery.Validate();
+            }
+        }
+    }
+}

Components/App/BExIS.App.Bootstrap/BExIS.App.Bootstrap.csproj

@@ -112,6 +112,7 @@
     <Compile Include="Attributes\MinCapacityAttribute.cs" />
     <Compile Include="Attributes\NoNullOrEmptyItemsAttribute.cs" />
     <Compile Include="Attributes\ThrottlingFilterAttribute.cs" />
+    <Compile Include="Attributes\ValidateAntiForgeryTokenOnPost.cs" />
     <Compile Include="Extensions\AuthorizationContextExtensions.cs" />
     <Compile Include="Helpers\BExISAuthorizeHelper.cs" />
     <Compile Include="Helpers\JwtHelper.cs" />

Console/BExIS.Web.Shell.Svelte/package-lock.json

@@ -52,7 +52,7 @@
 	},
 	"type": "module",
 	"dependencies": {
-		"@bexis2/bexis2-core-ui": "0.4.47",
+		"@bexis2/bexis2-core-ui": "0.4.49",
 		"@sveltejs/adapter-static": "3.0.2",
 		"buffer": "6.0.3",
 		"gray-matter": "4.0.3",

Console/BExIS.Web.Shell.Svelte/package.json

@@ -50,7 +50,7 @@
 	},
 	"type": "module",
 	"dependencies": {
-		"@bexis2/bexis2-core-ui": "0.4.47",
+		"@bexis2/bexis2-core-ui": "0.4.49",
 		"@bexis2/bexis2-rpm-ui": "0.2.11",
 		"@floating-ui/dom": "1.6.8",
 		"@fortawesome/free-solid-svg-icons": "6.6.0",

Console/BExIS.Web.Shell/Areas/DCM/BExIS.Modules.Dcm.UI.Svelte/package-lock.json

@@ -72,8 +72,6 @@
     <Compile Include="Controllers\Legacy\ImportMetadataStructureSetParametersController.cs" />
     <Compile Include="Controllers\Legacy\ImportMetadataStructureSummaryController.cs" />
     <Compile Include="Controllers\Legacy\ManageMetadataStructureController.cs" />
-    <Compile Include="Controllers\Legacy\PushController.cs" />
-    <Compile Include="Controllers\Legacy\OldSubmitController.cs" />
     <Compile Include="Controllers\Hooks\MetadataController.cs" />
     <Compile Include="Controllers\API\LinkController.cs" />
     <Compile Include="Controllers\Views\MessagesController.cs" />

Console/BExIS.Web.Shell/Areas/DCM/BExIS.Modules.Dcm.UI.Svelte/package.json

@@ -244,6 +244,7 @@ public JsonResult Get(long id)
 
         [JsonNetFilter]
         [HttpPost]
+        [ValidateAntiForgeryTokenOnPost]
         public JsonResult Create(CreateModel data)
         {
             if (data == null) return Json(false);

Console/BExIS.Web.Shell/Areas/DCM/BExIS.Modules.Dcm.UI/BExIS.Modules.Dcm.UI.csproj

@@ -77,6 +77,7 @@ public JsonResult Delete(long id)
 
         [JsonNetFilter]
         [HttpPost]
+        [ValidateAntiForgeryTokenOnPost]
         public JsonResult Update(EntityTemplateModel entityTemplate)
         {
             using (var entityTemplateManager = new EntityTemplateManager())

Console/BExIS.Web.Shell/Areas/DCM/BExIS.Modules.Dcm.UI/Controllers/CreateController.cs

@@ -2764,6 +2764,7 @@ private string storeGeneratedFilePathToContentDiscriptor(long datasetId, Dataset
         /// Is called when the user write a letter in Autocomplete User Component
         /// </summary>
         [HttpPost]
+        [ValidateAntiForgeryTokenOnPost]
         public ActionResult _AutoCompleteAjaxLoading(string text, long id, string type)
         {
             // if mapping with etities exits
@@ -3238,6 +3239,7 @@ private void validationAgainstJsonSchema()
 
         //XX number of index des values nötig
         [HttpPost]
+        [ValidateAntiForgeryTokenOnPost]
         public ActionResult ValidateMetadataAttributeUsage(string value, int id, int parentid, string parentname, int number, int parentModelNumber, int parentStepId, long entityId)
         {
             //delete all white spaces from start and end
@@ -3327,6 +3329,7 @@ public ActionResult ValidateMetadataAttributeUsage(string value, int id, int par
         }
 
         [HttpPost]
+        [ValidateAntiForgeryTokenOnPost]
         public ActionResult ValidateMetadataParameterUsage(string value, int id, long attrUsageId, int number, int parentModelNumber, int parentStepId, long entityId)
         {
             //delete all white spaces from start and end