add security to all admin endpoints

2019-05-29 23:48:16 +01:00
parent 71e5830d6c
commit 73433586b6
24 changed files with 264 additions and 230 deletions
--- a/interface/src/authentication/Authentication.js
+++ b/interface/src/authentication/Authentication.js
@ -47,7 +47,7 @@ export function redirectingAuthorizedFetch(url, params) {
  return new Promise(function (resolve, reject) {
    authorizedFetch(url, params).then(response => {
      if (response.status === 401) {
-        history.go("/");        
+        history.push("/");        
      } else {
        resolve(response);
      }
--- a/interface/src/components/RestComponent.js
+++ b/interface/src/components/RestComponent.js
@ -1,6 +1,6 @@
 import React from 'react';
-import {withNotifier} from '../components/SnackbarNotification';
-
+import { withNotifier } from '../components/SnackbarNotification';
+import { redirectingAuthorizedFetch } from '../authentication/Authentication';
 /*
 * It is unlikely this application will grow complex enough to require redux.
 *
@ -16,11 +16,11 @@ export const restComponent = (endpointUrl, FormComponent) => {
      constructor(props) {
        super(props);

-        this.state={
-                 data:null,
-                 fetched: false,
-                 errorMessage:null
-               };
+        this.state = {
+          data: null,
+          fetched: false,
+          errorMessage: null
+        };

        this.setState = this.setState.bind(this);
        this.loadData = this.loadData.bind(this);
@ -30,78 +30,78 @@ export const restComponent = (endpointUrl, FormComponent) => {

      setData(data) {
        this.setState({
-                 data:data,
-                 fetched: true,
-                 errorMessage:null
-               });
+          data: data,
+          fetched: true,
+          errorMessage: null
+        });
      }

      loadData() {
        this.setState({
-                 data:null,
-                 fetched: false,
-                 errorMessage:null
-               });
-        fetch(endpointUrl)
+          data: null,
+          fetched: false,
+          errorMessage: null
+        });
+        redirectingAuthorizedFetch(endpointUrl)
          .then(response => {
            if (response.status === 200) {
              return response.json();
            }
            throw Error("Invalid status code: " + response.status);
          })
-          .then(json => {this.setState({data: json, fetched:true})})
-          .catch(error =>{
+          .then(json => { this.setState({ data: json, fetched: true }) })
+          .catch(error => {
            this.props.raiseNotification("Problem fetching: " + error.message);
-            this.setState({data: null, fetched:true, errorMessage:error.message});
+            this.setState({ data: null, fetched: true, errorMessage: error.message });
          });
      }

      saveData(e) {
-        this.setState({fetched: false});
-        fetch(endpointUrl, {
+        this.setState({ fetched: false });
+        redirectingAuthorizedFetch(endpointUrl, {
          method: 'POST',
          body: JSON.stringify(this.state.data),
          headers: new Headers({
            'Content-Type': 'application/json'
          })
        })
-        .then(response => {
-          if (response.status === 200) {
-            return response.json();
-          }
-          throw Error("Invalid status code: " + response.status);
-        })
-        .then(json => {
-          this.props.raiseNotification("Changes successfully applied.");
-          this.setState({data: json, fetched:true});
-        }).catch(error => {
-          this.props.raiseNotification("Problem saving: " + error.message);
-          this.setState({data: null, fetched:true, errorMessage:error.message});
-        });
+          .then(response => {
+            if (response.status === 200) {
+              return response.json();
+            }
+            throw Error("Invalid status code: " + response.status);
+          })
+          .then(json => {
+            this.props.raiseNotification("Changes successfully applied.");
+            this.setState({ data: json, fetched: true });
+          }).catch(error => {
+            this.props.raiseNotification("Problem saving: " + error.message);
+            this.setState({ data: null, fetched: true, errorMessage: error.message });
+          });
      }

      handleValueChange = name => event => {
        const { data } = this.state;
        data[name] = event.target.value;
-        this.setState({data});
+        this.setState({ data });
      };

      handleCheckboxChange = name => event => {
        const { data } = this.state;
        data[name] = event.target.checked;
-        this.setState({data});
+        this.setState({ data });
      }

      render() {
        return <FormComponent
-                  handleValueChange={this.handleValueChange}
-                  handleCheckboxChange={this.handleCheckboxChange}
-                  setData={this.setData}
-                  saveData={this.saveData}
-                  loadData={this.loadData}
-                  {...this.state}
-                  {...this.props}
-                />;
+          handleValueChange={this.handleValueChange}
+          handleCheckboxChange={this.handleCheckboxChange}
+          setData={this.setData}
+          saveData={this.saveData}
+          loadData={this.loadData}
+          {...this.state}
+          {...this.props}
+        />;
      }

    }
--- a/interface/src/containers/WiFiNetworkScanner.js
+++ b/interface/src/containers/WiFiNetworkScanner.js
@ -5,6 +5,7 @@ import { SCAN_NETWORKS_ENDPOINT, LIST_NETWORKS_ENDPOINT }  from  '../constants/E
 import SectionContent from '../components/SectionContent';
 import WiFiNetworkSelector from '../forms/WiFiNetworkSelector';
 import {withNotifier} from '../components/SnackbarNotification';
+import { redirectingAuthorizedFetch } from '../authentication/Authentication';

 const NUM_POLLS = 10
 const POLLING_FREQUENCY = 500
@ -38,7 +39,7 @@ class WiFiNetworkScanner extends Component {
  scanNetworks() {
    this.pollCount = 0;
    this.setState({scanningForNetworks:true, networkList: null, errorMessage:null});
-    fetch(SCAN_NETWORKS_ENDPOINT).then(response => {
+    redirectingAuthorizedFetch(SCAN_NETWORKS_ENDPOINT).then(response => {
      if (response.status === 202) {
        this.schedulePollTimeout();
        return;
@ -70,7 +71,7 @@ class WiFiNetworkScanner extends Component {
  }

  pollNetworkList() {
-    fetch(LIST_NETWORKS_ENDPOINT)
+    redirectingAuthorizedFetch(LIST_NETWORKS_ENDPOINT)
    .then(response => {
      if (response.status === 200) {
        return response.json();