Merge pull request #514 from santhoshb-msft/sb-aft-fixes1

santhoshb-msft · web-flow · commit e16c3989a365 · 2023-05-31T18:41:49.000-07:00
added aft validation
diff --git a/src/AdminSite/Controllers/ApplicationConfigController.cs b/src/AdminSite/Controllers/ApplicationConfigController.cs
@@ -85,6 +85,7 @@ public IActionResult EmailTemplateDetails(string status)
     /// return the modified EmailTemplate.
     /// </returns>
     [HttpPost]
+    [ValidateAntiForgeryToken]
     public IActionResult EmailTemplateDetails(EmailTemplate emailTemplate)
     {
         this.emailTemplateRepository.SaveEmailTemplateByStatus(emailTemplate);
@@ -116,6 +117,7 @@ public IActionResult ApplicationConfigDetails(int Id)
     /// return the changed app config item.
     /// </returns>
     [HttpPost]
+    [ValidateAntiForgeryToken]
     public IActionResult ApplicationConfigDetails(ApplicationConfiguration appConfig)
     {
         this.appConfigService.SaveAppConfig(appConfig);
@@ -132,6 +134,7 @@ public IActionResult ApplicationConfigDetails(ApplicationConfiguration appConfig
     /// <returns>RedirectToAction.</returns>
     [HttpPost("FileUpload")]
     [ServiceFilter(typeof(ExceptionHandlerAttribute))]
+    [ValidateAntiForgeryToken]
     public IActionResult PostUpload(List<IFormFile> files)
     {
         if (!(files?.Any() == true))
diff --git a/src/AdminSite/Controllers/HomeController.cs b/src/AdminSite/Controllers/HomeController.cs
@@ -571,6 +571,7 @@ public IActionResult SubscriptionQuantityDetail(Guid subscriptionId)
     /// <param name="subscriptionData">The subscription data.</param>
     /// <returns> The <see cref="IActionResult" />.</returns>
     [HttpPost]
+    [ValidateAntiForgeryToken]
     public IActionResult ManageSubscriptionUsage(SubscriptionUsageViewModel subscriptionData)
     {
         this.logger.LogInformation("Home Controller / ManageSubscriptionUsage  subscriptionData: {0}", JsonSerializer.Serialize(subscriptionData));
@@ -685,6 +686,7 @@ public IActionResult Error()
     /// <param name="subscriptionDetail">The subscription detail.</param>
     /// <returns> IActionResult.</returns>
     [HttpPost]
+    [ValidateAntiForgeryToken]
     public async Task<IActionResult> ChangeSubscriptionPlan(SubscriptionResult subscriptionDetail)
     {
         this.logger.LogInformation("Home Controller / ChangeSubscriptionPlan  subscriptionDetail:{0}", JsonSerializer.Serialize(subscriptionDetail));
@@ -757,6 +759,7 @@ public async Task<IActionResult> ChangeSubscriptionPlan(SubscriptionResult subsc
     /// <param name="subscriptionDetail">The subscription detail.</param>
     /// <returns>Changes subscription quantity.</returns>
     [HttpPost]
+    [ValidateAntiForgeryToken]
     public async Task<IActionResult> ChangeSubscriptionQuantity(SubscriptionResult subscriptionDetail)
     {
         this.logger.LogInformation("Home Controller / ChangeSubscriptionPlan  subscriptionDetail:{0}", JsonSerializer.Serialize(subscriptionDetail));
@@ -832,6 +835,7 @@ public async Task<IActionResult> ChangeSubscriptionQuantity(SubscriptionResult s
     }
 
     [HttpPost]
+    [ValidateAntiForgeryToken]
     public IActionResult FetchAllSubscriptions()
     {
         var currentUserId = this.userService.GetUserIdFromEmailAddress(this.CurrentUserEmailAddress);
diff --git a/src/AdminSite/Controllers/OffersController.cs b/src/AdminSite/Controllers/OffersController.cs
@@ -146,6 +146,7 @@ public IActionResult OfferDetails(Guid offerGuid)
     /// return All subscription.
     /// </returns>
     [HttpPost]
+    [ValidateAntiForgeryToken]
     public IActionResult OfferDetails(OfferModel offersData)
     {
         this.logger.LogInformation("Offers Controller / OfferDetails:  offerGuid {0}", JsonSerializer.Serialize(offersData));
diff --git a/src/AdminSite/Controllers/PlansController.cs b/src/AdminSite/Controllers/PlansController.cs
@@ -120,6 +120,7 @@ public IActionResult PlanDetails(Guid planGuId)
     /// return All subscription.
     /// </returns>
     [HttpPost]
+    [ValidateAntiForgeryToken]
     public IActionResult PlanDetails(PlansModel plans)
     {
         this.logger.LogInformation("Plans Controller / PlanDetails:  plans {0}", JsonSerializer.Serialize(plans));
diff --git a/src/AdminSite/Views/Home/Subscriptions.cshtml b/src/AdminSite/Views/Home/Subscriptions.cshtml
@@ -217,9 +217,16 @@
                 }
             });
     }
+
+    var t = $("input[name='__RequestVerificationToken']").val();
+
     function fetchAllSubscriptions() {
         $.ajax({
             type: "Post",
+            headers:
+            {
+                "RequestVerificationToken": t
+            },
             url: "FetchAllSubscriptions",
             contentType: "application/json; charset=utf-8",
             datatype: "json",
diff --git a/src/CustomerSite/Controllers/HomeController.cs b/src/CustomerSite/Controllers/HomeController.cs
@@ -522,6 +522,7 @@ public IActionResult SubscriptionDetails(Guid subscriptionId, string planId, str
     /// Subscriptions operation.
     /// </returns>
     [HttpPost]
+    [ValidateAntiForgeryToken]
     public IActionResult SubscriptionOperation(SubscriptionResultExtension subscriptionResultExtension, Guid subscriptionId, string planId, string operation)
     {
         this.logger.LogInformation("Home Controller / SubscriptionOperation subscriptionId:{0} :: planId : {1} :: operation:{2}", JsonSerializer.Serialize(subscriptionId), JsonSerializer.Serialize(planId), JsonSerializer.Serialize(operation));
@@ -632,6 +633,7 @@ public IActionResult SubscriptionOperation(SubscriptionResultExtension subscript
     /// <param name="subscriptionDetail">The subscription detail.</param>
     /// <returns>Changes subscription plan.</returns>
     [HttpPost]
+    [ValidateAntiForgeryToken]
     public async Task<IActionResult> ChangeSubscriptionPlan(SubscriptionResult subscriptionDetail)
     {
         this.logger.LogInformation("Home Controller / ChangeSubscriptionPlan  subscriptionDetail:{0}", JsonSerializer.Serialize(subscriptionDetail));
@@ -709,6 +711,7 @@ public async Task<IActionResult> ChangeSubscriptionPlan(SubscriptionResult subsc
     /// <param name="subscriptionDetail">The subscription detail.</param>
     /// <returns>Changes subscription quantity.</returns>
     [HttpPost]
+    [ValidateAntiForgeryToken]
     public async Task<IActionResult> ChangeSubscriptionQuantity(SubscriptionResult subscriptionDetail)
     {
         this.logger.LogInformation("Home Controller / ChangeSubscriptionPlan  subscriptionDetail:{0}", JsonSerializer.Serialize(subscriptionDetail));

Original file line number	Diff line number	Diff line change
`@@ -571,6 +571,7 @@ public IActionResult SubscriptionQuantityDetail(Guid subscriptionId)`
`571`	`571`	`/// <param name="subscriptionData">The subscription data.</param>`
`572`	`572`	`/// <returns> The <see cref="IActionResult" />.</returns>`
`573`	`573`	`[HttpPost]`
	`574`	`+ [ValidateAntiForgeryToken]`
`574`	`575`	`public IActionResult ManageSubscriptionUsage(SubscriptionUsageViewModel subscriptionData)`
`575`	`576`	`{`
`576`	`577`	`this.logger.LogInformation("Home Controller / ManageSubscriptionUsage subscriptionData: {0}", JsonSerializer.Serialize(subscriptionData));`
`@@ -685,6 +686,7 @@ public IActionResult Error()`
`685`	`686`	`/// <param name="subscriptionDetail">The subscription detail.</param>`
`686`	`687`	`/// <returns> IActionResult.</returns>`
`687`	`688`	`[HttpPost]`
	`689`	`+ [ValidateAntiForgeryToken]`
`688`	`690`	`public async Task<IActionResult> ChangeSubscriptionPlan(SubscriptionResult subscriptionDetail)`
`689`	`691`	`{`
`690`	`692`	`this.logger.LogInformation("Home Controller / ChangeSubscriptionPlan subscriptionDetail:{0}", JsonSerializer.Serialize(subscriptionDetail));`
`@@ -757,6 +759,7 @@ public async Task<IActionResult> ChangeSubscriptionPlan(SubscriptionResult subsc`
`757`	`759`	`/// <param name="subscriptionDetail">The subscription detail.</param>`
`758`	`760`	`/// <returns>Changes subscription quantity.</returns>`
`759`	`761`	`[HttpPost]`
	`762`	`+ [ValidateAntiForgeryToken]`
`760`	`763`	`public async Task<IActionResult> ChangeSubscriptionQuantity(SubscriptionResult subscriptionDetail)`
`761`	`764`	`{`
`762`	`765`	`this.logger.LogInformation("Home Controller / ChangeSubscriptionPlan subscriptionDetail:{0}", JsonSerializer.Serialize(subscriptionDetail));`
`@@ -832,6 +835,7 @@ public async Task<IActionResult> ChangeSubscriptionQuantity(SubscriptionResult s`
`832`	`835`	`}`
`833`	`836`
`834`	`837`	`[HttpPost]`
	`838`	`+ [ValidateAntiForgeryToken]`
`835`	`839`	`public IActionResult FetchAllSubscriptions()`
`836`	`840`	`{`
`837`	`841`	`var currentUserId = this.userService.GetUserIdFromEmailAddress(this.CurrentUserEmailAddress);`
Original file line number	Diff line number	Diff line change
`@@ -146,6 +146,7 @@ public IActionResult OfferDetails(Guid offerGuid)`
`146`	`146`	`/// return All subscription.`
`147`	`147`	`/// </returns>`
`148`	`148`	`[HttpPost]`
	`149`	`+ [ValidateAntiForgeryToken]`
`149`	`150`	`public IActionResult OfferDetails(OfferModel offersData)`
`150`	`151`	`{`
`151`	`152`	`this.logger.LogInformation("Offers Controller / OfferDetails: offerGuid {0}", JsonSerializer.Serialize(offersData));`
Original file line number	Diff line number	Diff line change
`@@ -120,6 +120,7 @@ public IActionResult PlanDetails(Guid planGuId)`
`120`	`120`	`/// return All subscription.`
`121`	`121`	`/// </returns>`
`122`	`122`	`[HttpPost]`
	`123`	`+ [ValidateAntiForgeryToken]`
`123`	`124`	`public IActionResult PlanDetails(PlansModel plans)`
`124`	`125`	`{`
`125`	`126`	`this.logger.LogInformation("Plans Controller / PlanDetails: plans {0}", JsonSerializer.Serialize(plans));`