Merge pull request #9 from tv2regionerne/fix/csrf-expiry

Update CSRF before checking lock status

resources/dist/build/manifest.json

@@ -1,6 +1,6 @@
 {
   "resources/js/addon.js": {
-    "file": "assets/addon-2cff5337.js",
+    "file": "assets/addon-ec9db2e5.js",
     "isEntry": true,
     "src": "resources/js/addon.js"
   }

resources/js/components/modals/LockModal.vue

@@ -83,19 +83,21 @@ export default {
         },
 
         checkLockStatus() {
-            this.$axios.post(cp_url('statamic-locks/locks'), {
-                item_id: this.itemId,
-                item_type: this.itemType,
-            }).then(response => {
-                if (response.data.error) {
-                    this.show = true;
+            this.updateCsrfToken().then(() => {
+                this.$axios.post(cp_url('statamic-locks/locks'), {
+                    item_id: this.itemId,
+                    item_type: this.itemType,
+                }).then(response => {
+                    if (response.data.error) {
+                        this.show = true;
+                        this.status = response.data;
+                        return;
+                    }
+
+                    this.show = false;
                     this.status = response.data;
-                    return;
-                }
-
-                this.show = false;
-                this.status = response.data;
-            }).catch(e => this.handleAxiosError(e));
+                }).catch(e => this.handleAxiosError(e));
+            });
         },
 
         handleAxiosError(e) {
@@ -104,8 +106,15 @@ export default {
 
         locks() {
             window.location.href = cp_url('statamic-locks/locks');
-        }
+        },
 
+        updateCsrfToken() {
+            return this.$axios.get(cp_url('auth/token')).then(response => {
+                const csrf = response.data;
+                this.$axios.defaults.headers.common['X-CSRF-TOKEN'] = csrf;
+                this.$config.set('csrfToken', csrf);
+            });
+        },
     }
 
 }

src/ServiceProvider.php

@@ -16,6 +16,7 @@ class ServiceProvider extends AddonServiceProvider
     protected $commands = [
         ClearLocks::class,
     ];
+
     protected $listen = [
         Events\AssetSaving::class => [Listeners\LockListener::class],
         Events\EntrySaving::class => [Listeners\LockListener::class],

tests/TestCase.php

@@ -85,7 +85,7 @@ protected function resolveApplicationConfiguration($app)
         foreach ($configs as $config) {
             $app['config']->set(
                 "statamic.$config",
-                require (__DIR__."/../vendor/statamic/cms/config/{$config}.php")
+                require(__DIR__."/../vendor/statamic/cms/config/{$config}.php")
             );
         }
 
@@ -96,7 +96,7 @@ protected function resolveApplicationConfiguration($app)
             'directory' => __DIR__.'/__fixtures__/users',
         ]);
 
-        $app['config']->set('statamic-locks', require (__DIR__.'/../config/statamic-locks.php'));
+        $app['config']->set('statamic-locks', require(__DIR__.'/../config/statamic-locks.php'));
 
         $app['config']->set('app.debug', true);
     }