CSRF protection #389
Open
CSRF protection #389
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
There was a problem hiding this comment.
Pull request overview
This PR implements CSRF (Cross-Site Request Forgery) protection across the web application by introducing a token-based validation system for all POST requests.
- Adds a new
CSRFTokenclass to generate and validate single-use tokens - Implements CSRF token validation in all POST request handlers across admin and panel pages
- Adds hidden CSRF token inputs to all forms throughout the application
Reviewed changes
Copilot reviewed 18 out of 18 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| resources/lib/CSRFToken.php | New class implementing CSRF token generation, validation, and session management |
| resources/lib/UnityHTTPD.php | Adds helper methods for CSRF token validation and form input generation |
| resources/init.php | Initializes CSRF token session storage on user login |
| resources/autoload.php | Includes CSRFToken class in autoload |
| resources/templates/header.php | Adds CSRF token to "Return to My User" form |
| webroot/panel/pi.php | Adds CSRF validation to POST handler and tokens to user approval/removal forms |
| webroot/panel/new_account.php | Adds CSRF validation and token to account registration form |
| webroot/panel/account.php | Adds CSRF validation and tokens to SSH key, login shell, and account deletion forms |
| webroot/panel/groups.php | Adds CSRF validation and tokens to PI group management forms |
| webroot/panel/modal/new_pi.php | Adds CSRF token to new PI request modal form |
| webroot/panel/modal/new_key.php | Adds CSRF token to SSH key upload modal form |
| webroot/admin/user-mgmt.php | Adds CSRF validation and token to user impersonation form |
| webroot/admin/pi-mgmt.php | Adds CSRF validation and token to PI approval forms |
| webroot/admin/notices.php | Adds CSRF validation and tokens to notice management forms |
| webroot/admin/content.php | Adds CSRF validation and token to page content editing form |
| webroot/admin/ajax/get_group_members.php | Adds CSRF tokens to dynamically generated member management forms |
| test/unit/CSRFTokenTest.php | Comprehensive unit tests for CSRFToken functionality |
| test/phpunit-bootstrap.php | Updates test helper to auto-generate CSRF tokens for test POST requests |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Implements single-use tokens to handle double clicking, cross-site request forgeries, and replay attacks (https://stackoverflow.com/a/4614123/18696276).
Also added TTL mechanism for session messages. Due to the TTL mechanism, if the user lets a page sit open for 30 minutes and then submits a form they will get an error. It may be desirable to store a timestamp for each token and produce a more graceful timeout error for this case.
closes #378