Rework authenticity_token to use simpler helper, #2422

2022-11-09 13:52:34 -05:00 · 2015-07-06 15:52:41 -07:00 · 2015-07-06 15:52:41 -07:00 · 5adbc24cbe
commit 5adbc24cbe
parent 6a14ea6c50
10 changed files with 16 additions and 16 deletions
--- a/lib/sidekiq/web_helpers.rb
+++ b/lib/sidekiq/web_helpers.rb
@ -173,8 +173,8 @@ module Sidekiq
      end.join(", ")
    end

-    def tkn
-      session[:csrf]
+    def csrf_tag
+      "<input type='hidden' name='authenticity_token' value='#{session[:csrf]}'/>"
    end

    def to_display(arg)
--- a/web/views/busy.erb
+++ b/web/views/busy.erb
@ -4,7 +4,7 @@
  </div>
  <div class="col-sm-4 pull-right">
    <form method="POST" style="margin-top: 20px; margin-bottom: 10px;">
-      <input type="hidden" name="authenticity_token" value="<%= tkn %>"/>
+      <%= csrf_tag %>
      <div class="btn-group pull-right">
        <button class="btn btn-warn" type="submit" name="quiet" value="1"><%= t('QuietAll') %></button>
        <button class="btn btn-danger" type="submit" name="stop" value="1"><%= t('StopAll') %></button>
@ -41,7 +41,7 @@
        <td>
          <div class="btn-group pull-right">
            <form method="POST">
-              <input type="hidden" name="authenticity_token" value="<%= tkn %>"/>
+              <%= csrf_tag %>
              <input type="hidden" name="identity" value="<%= process['identity'] %>"/>
              <button class="btn btn-warn" type="submit" name="quiet" value="1"><%= t('Quiet') %></button>
              <button class="btn btn-danger" type="submit" name="stop" value="1"><%= t('Stop') %></button>
--- a/web/views/dead.erb
+++ b/web/views/dead.erb
@ -27,7 +27,7 @@
 </div>

 <form class="form-horizontal" action="<%= root_path %>morgue/<%= job_params(@dead, @dead.score) %>" method="post">
-  <input type="hidden" name="authenticity_token" value="<%= tkn %>"/>
+  <%= csrf_tag %>
  <a class="btn btn-default" href="<%= root_path %>morgue"><%= t('GoBack') %></a>
  <input class="btn btn-primary" type="submit" name="retry" value="<%= t('RetryNow') %>" />
  <input class="btn btn-danger" type="submit" name="delete" value="<%= t('Delete') %>" />
--- a/web/views/morgue.erb
+++ b/web/views/morgue.erb
@ -12,7 +12,7 @@

 <% if @dead.size > 0 %>
  <form action="<%= root_path %>morgue" method="post">
-    <input type="hidden" name="authenticity_token" value="<%= tkn %>"/>
+    <%= csrf_tag %>
    <div class="table_container">
      <table class="table table-striped table-bordered table-white">
        <thead>
@ -58,11 +58,11 @@
  </form>

  <form action="<%= root_path %>morgue/all/delete" method="post">
-    <input type="hidden" name="authenticity_token" value="<%= tkn %>"/>
+    <%= csrf_tag %>
    <input class="btn btn-danger btn-xs pull-right" type="submit" name="delete" value="<%= t('DeleteAll') %>" data-confirm="<%= t('AreYouSure') %>" />
  </form>
  <form action="<%= root_path %>morgue/all/retry" method="post">
-    <input type="hidden" name="authenticity_token" value="<%= tkn %>"/>
+    <%= csrf_tag %>
    <input class="btn btn-danger btn-xs pull-right" type="submit" name="retry" value="<%= t('RetryAll') %>" data-confirm="<%= t('AreYouSure') %>" />
  </form>

--- a/web/views/queue.erb
+++ b/web/views/queue.erb
@ -33,7 +33,7 @@
        </td>
        <td>
          <form action="<%= root_path %>queues/<%= @name %>/delete" method="post">
-            <input type="hidden" name="authenticity_token" value="<%= tkn %>"/>
+            <%= csrf_tag %>
            <input name="key_val" value="<%= h Sidekiq.dump_json(msg.item) %>" type="hidden" />
            <input class="btn btn-danger btn-xs" type="submit" name="delete" value="<%= t('Delete') %>" data-confirm="<%= t('AreYouSure') %>" />
          </form>
--- a/web/views/queues.erb
+++ b/web/views/queues.erb
@ -18,7 +18,7 @@
        <td><%= number_with_delimiter(queue.size) %> </td>
        <td width="20%">
          <form action="<%=root_path %>queues/<%= queue.name %>" method="post">
-            <input type="hidden" name="authenticity_token" value="<%= tkn %>"/>
+            <%= csrf_tag %>
            <input class="btn btn-danger btn-xs" type="submit" name="delete" value="<%= t('Delete') %>" data-confirm="<%= t('AreYouSureDeleteQueue', :queue => h(queue.name)) %>" />
          </form>
        </td>
--- a/web/views/retries.erb
+++ b/web/views/retries.erb
@ -12,7 +12,7 @@

 <% if @retries.size > 0 %>
  <form action="<%= root_path %>retries" method="post">
-    <input type="hidden" name="authenticity_token" value="<%= tkn %>"/>
+    <%= csrf_tag %>
    <div class="table_container">
      <table class="table table-striped table-bordered table-white">
        <thead>
@ -61,11 +61,11 @@
  </form>

  <form action="<%= root_path %>retries/all/delete" method="post">
-    <input type="hidden" name="authenticity_token" value="<%= tkn %>"/>
+    <%= csrf_tag %>
    <input class="btn btn-danger btn-xs pull-right" type="submit" name="delete" value="<%= t('DeleteAll') %>" data-confirm="<%= t('AreYouSure') %>" />
  </form>
  <form action="<%= root_path %>retries/all/retry" method="post">
-    <input type="hidden" name="authenticity_token" value="<%= tkn %>"/>
+    <%= csrf_tag %>
    <input class="btn btn-danger btn-xs pull-right" type="submit" name="retry" value="<%= t('RetryAll') %>" data-confirm="<%= t('AreYouSure') %>" />
  </form>

--- a/web/views/retry.erb
+++ b/web/views/retry.erb
@ -27,7 +27,7 @@
 </div>

 <form class="form-horizontal" action="<%= root_path %>retries/<%= job_params(@retry, @retry.score) %>" method="post">
-  <input type="hidden" name="authenticity_token" value="<%= tkn %>"/>
+  <%= csrf_tag %>
  <a class="btn btn-default" href="<%= root_path %>retries"><%= t('GoBack') %></a>
  <input class="btn btn-primary" type="submit" name="retry" value="<%= t('RetryNow') %>" />
  <input class="btn btn-danger" type="submit" name="delete" value="<%= t('Delete') %>" />
--- a/web/views/scheduled.erb
+++ b/web/views/scheduled.erb
@ -13,7 +13,7 @@
 <% if @scheduled.size > 0 %>

  <form action="<%= root_path %>scheduled" method="post">
-    <input type="hidden" name="authenticity_token" value="<%= tkn %>"/>
+    <%= csrf_tag %>
    <div class="table_container">
      <table class="table table-striped table-bordered table-white">
        <thead>
--- a/web/views/scheduled_job_info.erb
+++ b/web/views/scheduled_job_info.erb
@ -1,7 +1,7 @@
 <%= erb :_job_info, :locals => {:job => @job, :type => :scheduled} %>

 <form class="form-horizontal" action="<%= root_path %>scheduled/<%= job_params(@job, @job.score) %>" method="post">
-  <input type="hidden" name="authenticity_token" value="<%= tkn %>"/>
+  <%= csrf_tag %>
  <a class="btn btn-default" href="<%= root_path %>scheduled"><%= t('GoBack') %></a>
  <input class="btn btn-primary" type="submit" name="add_to_queue" value="<%= t('AddToQueue') %>" />
  <input class="btn btn-danger" type="submit" name="delete" value="<%= t('Delete') %>" />