[LiveComponent] Update CSRF token after component request

tijnema · smnandre · commit 52ca1c9eeb41 · 2024-09-12T19:41:53.000+02:00
diff --git a/src/LiveComponent/assets/dist/Backend/Backend.d.ts b/src/LiveComponent/assets/dist/Backend/Backend.d.ts
@@ -13,6 +13,7 @@ export interface BackendInterface {
     }, files: {
         [key: string]: FileList;
     }): BackendRequest;
+    updateCsrfToken(csrfToken: string): void;
 }
 export interface BackendAction {
     name: string;
@@ -28,4 +29,5 @@ export default class implements BackendInterface {
     }, files: {
         [key: string]: FileList;
     }): BackendRequest;
+    updateCsrfToken(csrfToken: string): void;
 }
diff --git a/src/LiveComponent/assets/dist/Backend/RequestBuilder.d.ts b/src/LiveComponent/assets/dist/Backend/RequestBuilder.d.ts
@@ -2,7 +2,7 @@ import type { BackendAction, ChildrenFingerprints } from './Backend';
 export default class {
     private url;
     private method;
-    private readonly csrfToken;
+    private csrfToken;
     constructor(url: string, method?: 'get' | 'post', csrfToken?: string | null);
     buildRequest(props: any, actions: BackendAction[], updated: {
         [key: string]: any;
@@ -15,4 +15,5 @@ export default class {
         fetchOptions: RequestInit;
     };
     private willDataFitInUrl;
+    updateCsrfToken(csrfToken: string): void;
 }
diff --git a/src/LiveComponent/assets/dist/live_controller.js b/src/LiveComponent/assets/dist/live_controller.js
@@ -2052,6 +2052,9 @@ class Component {
                 return response;
             }
             this.processRerender(html, backendResponse);
+            if (this.element.dataset.liveCsrfValue) {
+                this.backend.updateCsrfToken(this.element.dataset.liveCsrfValue);
+            }
             this.backendRequest = null;
             thisPromiseResolve(backendResponse);
             if (this.isRequestPending) {
@@ -2325,6 +2328,9 @@ class RequestBuilder {
         const urlEncodedJsonData = new URLSearchParams(propsJson + updatedJson + childrenJson + propsFromParentJson).toString();
         return (urlEncodedJsonData + params.toString()).length < 1500;
     }
+    updateCsrfToken(csrfToken) {
+        this.csrfToken = csrfToken;
+    }
 }
 
 class Backend {
@@ -2335,6 +2341,9 @@ class Backend {
         const { url, fetchOptions } = this.requestBuilder.buildRequest(props, actions, updated, children, updatedPropsFromParent, files);
         return new BackendRequest(fetch(url, fetchOptions), actions.map((backendAction) => backendAction.name), Object.keys(updated));
     }
+    updateCsrfToken(csrfToken) {
+        this.requestBuilder.updateCsrfToken(csrfToken);
+    }
 }
 
 class StimulusElementDriver {
diff --git a/src/LiveComponent/assets/src/Backend/Backend.ts b/src/LiveComponent/assets/src/Backend/Backend.ts
@@ -15,6 +15,7 @@ export interface BackendInterface {
         updatedPropsFromParent: { [key: string]: any },
         files: { [key: string]: FileList }
     ): BackendRequest;
+    updateCsrfToken(csrfToken: string): void;
 }
 
 export interface BackendAction {
@@ -52,4 +53,8 @@ export default class implements BackendInterface {
             Object.keys(updated)
         );
     }
+
+    updateCsrfToken(csrfToken: string) {
+        this.requestBuilder.updateCsrfToken(csrfToken);
+    }
 }
diff --git a/src/LiveComponent/assets/src/Backend/RequestBuilder.ts b/src/LiveComponent/assets/src/Backend/RequestBuilder.ts
@@ -3,7 +3,7 @@ import type { BackendAction, ChildrenFingerprints } from './Backend';
 export default class {
     private url: string;
     private method: 'get' | 'post';
-    private readonly csrfToken: string | null;
+    private csrfToken: string | null;
 
     constructor(url: string, method: 'get' | 'post' = 'post', csrfToken: string | null = null) {
         this.url = url;
@@ -117,4 +117,8 @@ export default class {
         // if the URL gets remotely close to 2000 chars, it may not fit
         return (urlEncodedJsonData + params.toString()).length < 1500;
     }
+
+    updateCsrfToken(csrfToken: string) {
+        this.csrfToken = csrfToken;
+    }
 }
diff --git a/src/LiveComponent/assets/src/Component/index.ts b/src/LiveComponent/assets/src/Component/index.ts
@@ -329,6 +329,11 @@ export default class Component {
 
             this.processRerender(html, backendResponse);
 
+            // Store updated csrf token
+            if (this.element.dataset.liveCsrfValue) {
+                this.backend.updateCsrfToken(this.element.dataset.liveCsrfValue);
+            }
+
             // finally resolve this promise
             this.backendRequest = null;
             thisPromiseResolve(backendResponse);
diff --git a/src/LiveComponent/assets/test/controller/render.test.ts b/src/LiveComponent/assets/test/controller/render.test.ts
@@ -630,4 +630,23 @@ describe('LiveController rendering Tests', () => {
         // verify the selectedIndex of the select option 2 is 0
         expect(selectOption2.selectedIndex).toBe(0);
     });
+
+    it('backend will have a new csrf token', async () => {
+        const test = await createTest(
+            {},
+            (data: any) => `
+            <div ${initComponent(data)} data-live-csrf-value="${data.csrf}">
+            </div>
+        `
+        );
+
+        test.expectsAjaxCall().serverWillChangeProps((data: any) => {
+            // change csrf token
+            data.csrf = 'Hello';
+        });
+
+        await test.component.render();
+
+        expect(test.mockedBackend.csrfToken).toEqual('Hello');
+    });
 });
diff --git a/src/LiveComponent/assets/test/tools.ts b/src/LiveComponent/assets/test/tools.ts
@@ -98,6 +98,8 @@ class FunctionalTest {
 class MockedBackend implements BackendInterface {
     private expectedMockedAjaxCalls: Array<MockedAjaxCall> = [];
 
+    public csrfToken: string | null = null;
+
     addMockedAjaxCall(mock: MockedAjaxCall) {
         this.expectedMockedAjaxCalls.push(mock);
     }
@@ -139,6 +141,10 @@ class MockedBackend implements BackendInterface {
         return matchedMock.createBackendRequest();
     }
 
+    updateCsrfToken(csrfToken: string) {
+        this.csrfToken = csrfToken;
+    }
+
     getExpectedMockedAjaxCalls(): Array<MockedAjaxCall> {
         return this.expectedMockedAjaxCalls;
     }

Original file line number	Diff line number	Diff line change
`@@ -13,6 +13,7 @@ export interface BackendInterface {`
`13`	`13`	`}, files: {`
`14`	`14`	`[key: string]: FileList;`
`15`	`15`	`}): BackendRequest;`
	`16`	`+ updateCsrfToken(csrfToken: string): void;`
`16`	`17`	`}`
`17`	`18`	`export interface BackendAction {`
`18`	`19`	`name: string;`
`@@ -28,4 +29,5 @@ export default class implements BackendInterface {`
`28`	`29`	`}, files: {`
`29`	`30`	`[key: string]: FileList;`
`30`	`31`	`}): BackendRequest;`
	`32`	`+ updateCsrfToken(csrfToken: string): void;`
`31`	`33`	`}`
Original file line number	Diff line number	Diff line change
`@@ -2052,6 +2052,9 @@ class Component {`
`2052`	`2052`	`return response;`
`2053`	`2053`	`}`
`2054`	`2054`	`this.processRerender(html, backendResponse);`
	`2055`	`+ if (this.element.dataset.liveCsrfValue) {`
	`2056`	`+ this.backend.updateCsrfToken(this.element.dataset.liveCsrfValue);`
	`2057`	`+ }`
`2055`	`2058`	`this.backendRequest = null;`
`2056`	`2059`	`thisPromiseResolve(backendResponse);`
`2057`	`2060`	`if (this.isRequestPending) {`
`@@ -2325,6 +2328,9 @@ class RequestBuilder {`
`2325`	`2328`	`const urlEncodedJsonData = new URLSearchParams(propsJson + updatedJson + childrenJson + propsFromParentJson).toString();`
`2326`	`2329`	`return (urlEncodedJsonData + params.toString()).length < 1500;`
`2327`	`2330`	`}`
	`2331`	`+ updateCsrfToken(csrfToken) {`
	`2332`	`+ this.csrfToken = csrfToken;`
	`2333`	`+ }`
`2328`	`2334`	`}`
`2329`	`2335`
`2330`	`2336`	`class Backend {`
`@@ -2335,6 +2341,9 @@ class Backend {`
`2335`	`2341`	`const { url, fetchOptions } = this.requestBuilder.buildRequest(props, actions, updated, children, updatedPropsFromParent, files);`
`2336`	`2342`	`return new BackendRequest(fetch(url, fetchOptions), actions.map((backendAction) => backendAction.name), Object.keys(updated));`
`2337`	`2343`	`}`
	`2344`	`+ updateCsrfToken(csrfToken) {`
	`2345`	`+ this.requestBuilder.updateCsrfToken(csrfToken);`
	`2346`	`+ }`
`2338`	`2347`	`}`
`2339`	`2348`
`2340`	`2349`	`class StimulusElementDriver {`
Original file line number	Diff line number	Diff line change
`@@ -15,6 +15,7 @@ export interface BackendInterface {`
`15`	`15`	`updatedPropsFromParent: { [key: string]: any },`
`16`	`16`	`files: { [key: string]: FileList }`
`17`	`17`	`): BackendRequest;`
	`18`	`+ updateCsrfToken(csrfToken: string): void;`
`18`	`19`	`}`
`19`	`20`
`20`	`21`	`export interface BackendAction {`
`@@ -52,4 +53,8 @@ export default class implements BackendInterface {`
`52`	`53`	`Object.keys(updated)`
`53`	`54`	`);`
`54`	`55`	`}`
	`56`	`+`
	`57`	`+ updateCsrfToken(csrfToken: string) {`
	`58`	`+ this.requestBuilder.updateCsrfToken(csrfToken);`
	`59`	`+ }`
`55`	`60`	`}`
Original file line number	Diff line number	Diff line change
`@@ -98,6 +98,8 @@ class FunctionalTest {`
`98`	`98`	`class MockedBackend implements BackendInterface {`
`99`	`99`	`private expectedMockedAjaxCalls: Array<MockedAjaxCall> = [];`
`100`	`100`
	`101`	`+ public csrfToken: string \| null = null;`
	`102`	`+`
`101`	`103`	`addMockedAjaxCall(mock: MockedAjaxCall) {`
`102`	`104`	`this.expectedMockedAjaxCalls.push(mock);`
`103`	`105`	`}`
`@@ -139,6 +141,10 @@ class MockedBackend implements BackendInterface {`
`139`	`141`	`return matchedMock.createBackendRequest();`
`140`	`142`	`}`
`141`	`143`
	`144`	`+ updateCsrfToken(csrfToken: string) {`
	`145`	`+ this.csrfToken = csrfToken;`
	`146`	`+ }`
	`147`	`+`
`142`	`148`	`getExpectedMockedAjaxCalls(): Array<MockedAjaxCall> {`
`143`	`149`	`return this.expectedMockedAjaxCalls;`
`144`	`150`	`}`