Ratstail91/kingdombattles
Archived
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed security hole, token now needed to change password

Browse Source
This commit is contained in:
Kayne Ruse
2019-05-08 17:15:17 +10:00
parent 6c15bbc4a3
commit 3a34d78712
4 changed files with 111 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/components/panels/password_change.jsx
+8 -6
View File
@@ -55,12 +55,18 @@ class PasswordChange extends React.Component {
let xhr = new XMLHttpRequest();
formData.append('email', this.props.email);
formData.append('token', this.props.token);
xhr.onreadystatechange = () => {
if (xhr.readyState === 4) {
if (xhr.status === 200) {
let json = JSON.parse(xhr.responseText);
this.props.sessionChange(json.token);
//DEBUGGING
if (this.props.onPasswordChange) {
this.props.onPasswordChange();
}
}
else if (xhr.status === 400) {
@@ -72,11 +78,6 @@ class PasswordChange extends React.Component {
//send the XHR
xhr.open('POST', form.action, true);
xhr.send(formData);
//DEBUGGING
if (this.props.onSubmit) {
this.props.onSubmit();
}
}
validateInput(e) {
@@ -122,7 +123,8 @@ class PasswordChange extends React.Component {
function mapStoreToProps(store) {
return {
email: store.account.email
email: store.account.email,
token: store.account.token
}
}