From b88e2f01780c171c77aa5928297778d092dc1923 Mon Sep 17 00:00:00 2001 From: Allan Lasser Date: Tue, 16 Jan 2024 10:53:27 -0500 Subject: [PATCH] Removes CSRF check from `getMe` API call --- src/api/orgAndUser.js | 14 +++----------- .../dialog/stories/RevisionsDialog.stories.svelte | 10 ++++++---- 2 files changed, 9 insertions(+), 15 deletions(-) diff --git a/src/api/orgAndUser.js b/src/api/orgAndUser.js index edfe92318..ab3ab8f67 100644 --- a/src/api/orgAndUser.js +++ b/src/api/orgAndUser.js @@ -1,22 +1,14 @@ -import session, { cookiesEnabled } from "./session.js"; +import session from "./session.js"; import { USER_EXPAND, ORG_EXPAND, DEFAULT_EXPAND } from "./common.js"; import { queryBuilder } from "@/util/url.js"; import { grabAllPages } from "@/util/paginate.js"; import { apiUrl } from "./base.js"; -const hasCsrfToken = /(^|;\s*)csrftoken=[a-zA-Z0-9]+/; - export async function getMe(expand = DEFAULT_EXPAND) { - // Check that the user is logged in via cookies - if (cookiesEnabled) { - if (!hasCsrfToken.test(document.cookie)) { - return null; - } - } - // Check that the user is logged in via network request - const { data } = await session.get( + const { status, data } = await session.get( queryBuilder(apiUrl(`users/me/`), { expand }), ); + if (status !== 200) return null; return data; } diff --git a/src/common/dialog/stories/RevisionsDialog.stories.svelte b/src/common/dialog/stories/RevisionsDialog.stories.svelte index db3fefc1f..b093f183f 100644 --- a/src/common/dialog/stories/RevisionsDialog.stories.svelte +++ b/src/common/dialog/stories/RevisionsDialog.stories.svelte @@ -61,15 +61,17 @@ await step("Display document revisions", async () => { await canvas.findByText("3 total"); }); + await step("Download revisions", async () => { + const downloadButtons = await canvas.getAllByText("Download"); + await expect(downloadButtons[0]).toHaveAttribute("target", "download"); + }); await step("Toggle revisions", async () => { await canvas.findByText("Revision Control"); const checkbox = await canvas.getByRole("checkbox"); await userEvent.click(checkbox); await expect(checkbox).not.toBeChecked(); - }); - await step("Download revisions", async () => { - const downloadButtons = await canvas.getAllByText("Download"); - await expect(downloadButtons[0]).toHaveAttribute("target", "download"); + await userEvent.click(checkbox); + await expect(checkbox).toBeChecked(); }); }} parameters={{