extern/2FAuth
1
0
Fork 0
mirror of https://github.com/Bubka/2FAuth.git synced 2025-06-03 00:35:49 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add CSRF token refresh on Login view to prevent CSRF token mismatch

Browse Source
This commit is contained in:
Bubka 2022-07-14 17:07:28 +02:00
parent f966e506d7
commit 27a091630c
2 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
resources/js/views/auth/Login.vue
View File

@ -51,6 +51,7 @@
}), }),
isBusy: false, isBusy: false,
showWebauthn: this.$root.appSettings.useWebauthnAsDefault || this.$root.appSettings.useWebauthnOnly, showWebauthn: this.$root.appSettings.useWebauthnAsDefault || this.$root.appSettings.useWebauthnOnly,
csrfRefresher: null,
} }
}, },
@ -60,6 +61,10 @@
} }
}, },
mounted: function() {
this.csrfRefresher = setInterval(this.refreshToken, 300000); // 5 min
},
methods : { methods : {
/** /**
* Sign in using the login/password form * Sign in using the login/password form
@ -128,6 +133,10 @@
this.isBusy = false this.isBusy = false
}, },
refreshToken(){
this.axios.get('/refresh-csrf')
}
}, },
beforeRouteEnter (to, from, next) { beforeRouteEnter (to, from, next) {
@ -159,7 +168,7 @@
this.$notify({ this.$notify({
clean: true clean: true
}) })
clearInterval(this.csrfRefresher);
next() next()
} }
} }

4
routes/web.php
View File

@ -55,6 +55,10 @@ Route::group(['middleware' => ['behind-auth', 'rejectIfReverseProxy']], function
Route::delete('webauthn/credentials/{credential}', [WebAuthnManageController::class, 'delete'])->name('webauthn.credentials.delete'); Route::delete('webauthn/credentials/{credential}', [WebAuthnManageController::class, 'delete'])->name('webauthn.credentials.delete');
}); });
Route::get('refresh-csrf', function(){
return csrf_token();
});
/** /**
* Route for the main landing view * Route for the main landing view
*/ */